Why WordPress Sucks

There are multiple reasons, but lets tackle a few very quickly and we should say, we've built WordPress sites in the past. And realised there are generally better options. And, we host hundreds of websites both for our clients and, and for clients who run Webdesign/development businesses themselves and we have seen a lurching away from using WordPress on all fronts.


WordPress sites get hacked. A lot. Not even advocates of WordPress would argue with that. But, why do they get hacked? Well, often, the answers come back as "it's popular so it's targeted". That's true, but then, if it was secure, it still wouldn't get hacked. Security through obscurity is not security, it's obscurity. Another reason given is "it's a result of using poorly written plugins/addons/themes". Sadly, because WordPress does almost nothing out of the box, it is necessary to install lots of plugins to get what a CMS would have built in by default. So one is forced to extend the functionality because well, there really isn't very much  built in, other than some basic blogging (oh yeah, that's what it was designed as, doh!). Sadly, it's not just the plugins at fault here, it's the very way WordPress is written to accommodate the plugins that kicks the problem off.

Stefan Esser, the founder of the PHP Security Response Team (WordPress is written in the PHP language), speaks critically of WordPress' security track record, citing problems with the application's architecture that make it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems.

To mitigate this, a whole plethora of, yep, you guessed it, plugins (yay) exist to make WordPress secure. Wow, so it's delivered broken, and then we have to fix it? We know of no other serious web system that relies on security plugins to make it usable.


There is no consideration given to performance in WordPress out of the box. There is no caching either at the server or browser level, no minification, nothing! Add some plugins and you have an HTML header that is at best hilarious to anybody who knows about performance or writing HTML and at worst, time-consuming to troubleshoot, with multiple versions of the same framworks included. Just bad practise. Of course, adding all the plugins to make the system do anything meaningful or even make it secure, presents further impacts on performance. And so, the solution? Yep, you guessed it, more plugins! Plugins to speed it up. You know when your computer slows down and you know it's because you have too many things running....do you think the solution is to install more stuff?

Lack of basic features

It's supposed to be a CMS (although it's not, it's written as a Blogging system which is almost all it does out of the box - there are some plugins to make it more CMSy). There isn't even form functionality built in. Yep, more plugins (and the default plugin that everybody uses is limited at best). There's no built in way to control how WordPress sends email. Yep, more plugins. There isn't a way to manage the same content across pages. Yep, more plugins.

So, overall, we have not seen a single compelling reason to use something that is broken and needs fixing (with added complexity), rather than choosing something that works out of the box. Bear in mind that search engines use speed as a ranking factor and a WordPress site can be an SEO disaster without a great deal of work. And yes, there are companies out their who claim to specialise in making it secure and fast, though of those we've spoken to, we've usually pointed out where/how they've failed to do so. And in any case, why bother? Why not just use something that is fast and secure by design and get an early night? Of the WordPress designers we've spoken to, most have never heard of Google PageSpeed and it shows in their work.

There are hundreds of CMS's out there.  We use the very popular Softaculous auto installer across our webservers, giving users the option to quickly and easily try different systems.  You can check out the list of CMS's here. Note how WordPress is categorised as a Blog, not a CMS.  In the same way one would't use a television to open a tin of bakes beans, why use a blogging system to build a CMS?  Our cPanel web hosting allows you to quickly get going with any of these systems.  Love it or hate it though, we know that people do still want to use WordPress, and so we offer a dedicated WordPress web hosting solution which has the required resources required to run WordPress.

Go back