Back when I first got into web development the idea of having your own website was a complex and/or costly affair. HTML websites were hand-coded with the design elements contained in tables and WordPress didn’t even exist.
Following its launch back in 2003, WordPress saw quick growth within the blogging community due to licencing terms with Moveable Type annoying users.
Since then WordPress has grown exponentially to be far more than a blogging platform. 75,000,000 websites are using WordPress right now, and this represents a 27% market share of every website on the internet or around 60% of the websites that employ a content management system.
The reason for its popularity is the huge community developing for it and easy to use modular nature of plugins and themes.
Its popularity and user-friendliness are also its biggest drawback. If you are a hacker, it makes sense to target something you can exploit millions of times over, and this is why both WordPress, its plugins and its Themes are heavily targeted by unscrupulous hackers.
Both the users and third-party developers perpetuate the problem. Users of WordPress are notorious for not updating their website, and less than a 40% of all installations are updated to the latest version. That only takes into account the core WordPress installation too, not all the plugins or the theme you have installed.
Every time you see one of them incremental updates, there is a good chance there are some security updates in their too. It is reasonably rare for WordPress to have a significant issue with its security but popular plugins have been exploited frequently in the past including Revolution Slider and Gravity Forms.
Plugins and themes are a blessing and a curse. Using them, anyone with a tiny amount of skill can develop a good-looking, functional website. The problem is that the more code you add to a website the slower it will run and the more vulnerable it will be.
As much as I love the themes from ThemeForest, they are designed to cater for every users needs, many of them have page builders, templates within the theme itself, e-commerce, and dozens of additional features to suit any possible use. One of the popular themes I personally use has 351 folders and 3520 files in its theme directory. In comparison, TwentyFifteen has 43 files over 4 folders.
So, the premium theme I use is guaranteed to run slower and be more vulnerable than the basic TwentyFifteen. This is all before I add plugins to a site.
This doesn’t mean that WordPress is a bad system to use, but if you are a business, you need to consider your web development strategy a little more. A cheap WordPress developer may be able to deliver something that looks nice and with the right functionality, but often the cost is poor performance and high maintenance. The issues that WordPress faces means there is a growing trend back towards custom application development with some businesses. This obviously costs a lot more but you can have something developed that is 100% tailored to your needs, there is no redundant code slowing things down, you also benefit from security through obscurity, with hackers being less likely to target your system as they don’t know what is running it. While your exposure to hacking won’t be completely eliminated, less code means less code to exploit, and a good developer will employ correct code to mitigate common exploits.