WordPress Vanilla vs Composer vs Bedrock - which wins?

This blog post is based on the Upsun live stream with Greg Qualls, Director of Product Marketing, and Paul Gilzow, Developer Advocate at Upsun.

WordPress powers over 40% of the web, but not all WordPress installations are created equal. Whether you're a solo developer, managing an agency, or overseeing hundreds of sites, the way you install and manage WordPress can make or break your workflow.

In a recent live stream discussion, we dived deep into three popular WordPress installation methods: Vanilla, Composer-based, and Bedrock. Each approach has its merits, but which one should you choose? Let's break down the showdown.

Vanilla WordPress

The traditional install. Vanilla WordPress is what most people think of when they hear "WordPress installation." This approach has been in use since WordPress was introduced and remains the most common method today.

It follows a straightforward process: you download the ZIP file from wordpress.org, extract it to your server directory, and run through the famous five-minute installation. Next, install plugins and themes through the WordPress admin dashboard, and updates happen with a simple click from within WordPress itself. If you're working with version control, you typically commit all the WordPress core files to your repository and push them to your hosting environment.

The good:

• Familiar territory: Most WordPress developers know this approach inside and out
• Backward compatibility: Works with virtually any hosting setup
• Simplicity: No additional tools or knowledge required
• Wide support: Plenty of tutorials and community help available.

The challenges:

• Version control nightmares: Committing WordPress core files to your repository creates bloated repos.
• Update anxiety: Remember the white screen of death? Manual updates can break sites.
• Developer collaboration: Hard to ensure everyone has the same plugin versions
• Security concerns: Direct file access can be risky in production

As Paul Gilzow noted from his university days managing 200+ WordPress sites: "I fought Composer for six months because I was so used to vanilla, but I finally realized there just wasn't going to be a way to accomplish all the goals I needed with that traditional setup."

Composer-based WordPress: the package manager revolution

Composer brings modern dependency management to WordPress, which fundamentally changes how we think about WordPress installations. Rather than treating WordPress as a single application with add-ons, Composer treats everything, including WordPress core itself, as a package.

The process begins by creating a composer.json file that defines WordPress core, plugins, and themes as dependencies, along with specific version numbers. Running composer install downloads all these dependencies into organized directories. Importantly, only your custom code and configuration files are committed to version control; the actual WordPress files are downloaded fresh each time. Updates are made by changing version numbers in your JSON file and running composer update, rather than clicking buttons in the WordPress admin.

The good:

• Clean repositories: Only your custom code and configuration files get committed
• Reproducible builds: Anyone can recreate your exact setup with one command
• Easy rollbacks: Change a version number instead of reversing commits
• Fleet management: Perfect for agencies or organizations with multiple sites
• Zero-downtime updates: Code updates happen during deployment, not on live sites
• Auditing capabilities: See exactly what versions you're running across all sites

The challenges:

• Third-party dependency: Relies on community-maintained packages
• Learning curve: Requires understanding package management concepts
• Less official support: WordPress.org won't help with composer issues

Bedrock: the modern architecture approach

Bedrock, created by Roots, takes composer-based WordPress and adds a full 12-factor app methodology.

Bedrock, created by Roots, takes composer-based WordPress and adds a full 12-factor app methodology. This approach doesn't just modernize how you install WordPress; it modernizes your entire perspective on WordPress applications.

Built on top of composer-based WordPress, but adds its own rules about how things should be organized. Think of it like a strict filing system; everything has its proper place. Instead of hardcoding settings, such as database passwords, directly into your files, Bedrock retrieves this information from the server environment. This means you can move your site between different servers without needing to change any code.

The good:

• 12-factor compliance: Follows modern cloud application best practices.
• Security enhancements: Built-in bcrypt password hashing and other improvements.
• Must-use plugin support: Automatically handles this WordPress quirk.
• Official support: Actual documentation and community support from Roots.
• Laravel-friendly: Great for developers coming from a Laravel background.

The challenges:

• Third-party dependency: Like Composer, you're relying on Roots to maintain their packages.
• Opinionated structure: Bedrock has specific ways of doing things; if those don't mesh with your needs, you'll likely encounter conflicts with the framework.
• Additional complexity: More concepts to learn beyond just the composer.
• Vendor lock-in: Dependent on Roots maintaining the project.
• Regulatory concerns: As Paul noted from his university experience, some organizations have issues with proprietary solutions.
• Overkill for simple sites: All the 12-factor benefits may be unnecessary for basic WordPress sites.

The verdict

It's not about winning, it's about fit for purpose. After weighing the pros and cons, we agree: there's no universal winner. Like choosing between a hammer drill, an impact driver, and a regular screwdriver, the best tool depends on the specific job at hand.

Choose Vanilla if:

• You're working solo on simple sites
• Your hosting doesn't support modern deployment practices
• You need maximum compatibility with existing workflows
• You're just getting started with WordPress

Choose Composer if:

• You're managing multiple WordPress sites
• You work with other developers and need consistency
• You want modern development practices without too much complexity
• You're using cloud hosting platforms that support Git-based deployment

Choose Bedrock if:

• You're building complex, scalable applications
• Your team values modern development methodologies
• You need the security and organizational benefits of 12-factor apps
• You're willing to learn a more opinionated workflow

Real-world recommendations

From Paul's experience managing hundreds of university websites: "Composer really does make management of a fleet of sites much, much easier. You can audit what plugins are running across all your sites, update them consistently, and avoid the 'it works on my computer' problems."

For most developers and agencies, composer-based WordPress hits the spot. It provides the modern tooling benefits without the complexity overhead of Bedrock, while still being approachable for developers familiar with vanilla WordPress.

The future of WordPress development

As WordPress continues to evolve, adding GraphQL support, improving the block editor, and moving toward more headless capabilities, the development toolchain is becoming increasingly important.

As the web development world embraces package managers, containerization, and modern deployment practices, vanilla WordPress installations may become the exception rather than the rule. But for now, WordPress's strength lies in its flexibility to accommodate all these approaches.

Getting started

Ready to modernize your WordPress workflow? Here are some next steps:

• Try composer-based WordPress with a simple project to see how package management feels
• Explore Upsun or similar platforms that provide templates for all three approaches
• Consider your team's needs - are you managing one site or one hundred?
• Think about your hosting environment - does it support modern deployment practices?

The WordPress showdown is not about declaring a single winner. It's about understanding your options and choosing the approach that makes your development life easier, more secure, and more scalable.

Useful links

• https://upsun.com/blog/bedrock-wordpress-development
• https://upsun.com/blog/modern-wordpress-development-workflow