Content Management Systems or CMS packages, such as WordPress™, Joomla™, and Drupal™, are usually an option with every hosting provider. These are still along the same lines as a DIY web builder. However, a CMS package is much more robust in what you can do with them including eCommerce.
easy to use
large variety of styles
helper plug in's
almost zero support
must learn some code
must supply all content
good themes cost extra
plug-ins cost extra
eCommerce means PCI costs
must update package often
$50 - $200
DIY per month including hosting
$2,000 - $15,000
contracting a CMS designer
+ monthly maintenance of
about $150 a month
Plug-In's consist of helper code for items such as calendars, sign-up forms, image rotators, translation, social links etc. Some are free but most will cost in the $10 to $300 dollar range depending on what you want. Lastly, plug-ins must constantly be updated as well as the CMS package its self.
If you are planning on doing eCommerce through your site keep in mind that eCommerce hosting can cost a good deal more than basic hosting. Also, you will have be PCI compliant in your site as well as with your host. This involves:
SSL Cert (TLS v1.2 -v3) - $180 per year
PCI SAQ Audit - $5k - $10K per year*
Intrusion Testing and Scanning*
opening a merchant account
*This might be offered with your merchant account at a flat fee per month.
^Minimum coverage is $1 Million.
PCI is a requirement for anyone doing eCommerce regardless if it is a DIY, Agency, or a Freelance site. PCI rules and regulations must be met.
Content Management Systems are insanely insecure. There are guides on how to patch servers, fix code, and plug-ins that can help secure your site to some extent. However, because the CMS is just a framework and relies on 3rd party plug-ins, many times these plug-ins by pass or break the security of the site. For someone wanting to do eCommerce this is a nightmare.
NOTE: As of today, Aug. 18, 2019 there are 378+* known exploits for the major CMS packages on the market. Any number of them can give unfettered site access to an attacker.
*this number generated from polling security bulletins from various security and CMS intrusion tracking websites.