WordPress is by far the most popular content management system (CMS) in use today.
We’ve built many sites with WordPress (this 2019 website being one of them), and we’ve even built proprietary plugins for the platform; but for many (if not most) use cases, we recommend that our clients stay away from WordPress.
We do so for the following reasons:
1. Poor Security
WordPress is notorious for getting hacked.
Because it’s so popular, it’s a tempting target for hackers. The number of exploits for WordPress boggles the mind. Not only the core code, but also the vast array of plugins all become attack vectors. As a result, keeping WordPress locked down and secure is a nightmare and requires constant vigilance.
2. Minimal Feature Set
WordPress was originally designed as blogging software—and that’s where it really shines. Plugins later came along to give it some content management functionality, but these solutions were always workarounds—attempts to make WordPress do something it was never designed to do.
The better of these CMS-style plugins (Elementor, for example) are essentially completely different CMS’s working inside of WordPress. Using these other embedded CMS’s often incurs ongoing monthly or annual fees.
Additionally, third-party plugins are not always full-featured, so users must combine plugins from different vendors to achieve a given functionality. Use of thirty or more plugins is not uncommon. This can quickly become problematic, as plugins often conflict with one another.
3. Difficult Customization
Customizing a WordPress site, or adding desired features that go beyond the core functionality or the ability of available third-party plugins is difficult and time-consuming. WordPress essentially forces the user into a small box of functionality, and doesn’t give much room for customization.