We think WordPress is pretty good, but it has some drawbacks that make us regard it more as a second choice CMS than a primary one.
Another problem that crops up is that a you use plugin requires a particular version of one of these frameworks and another needs a different version, leading to a conflict.
- Large amount of buggy / poorly made Plugins - To be honest, I used to go through about 4 plugins before finding one that works without causing crashes. Add to this finding a plugin that actually does everything you need it to.
- Backend Usability- WordPress was designed for blogs, when used for these it is reasonably easy to use, but once you start making a more complex site, using it becomes very difficult for an end-user that is not experienced in WordPress. There can be multiple different sections to the backoffice which visible pages may reside and we have had a lot of customers in the past request custom modifications to the backoffice to make it more usable.
- Most hacked CMS - Given the first point, it really isn't surprising to find that WordPress is the most hacked CMS (2017 report, sucuri.net, https://sucuri.net/reports/2017-hacked-website-report). According to VentureBeat, in 2018 WordPress runs about 30% of all websites and is at about 60% usage in websites with a CMS. The hacked report mentioned earlier puts WordPress at 83% of all CMS sites detected as being infected by malware. So the percentage of sites being infected is far higher than their market share. Now we need to bear in mind that as WordPress is so popular, and has many known holes it is more likely to be attacked. This is the same reason that PC's have the majority of virus infections, because they make up about 75% of computers and are targeted more often.
- Temptation to use pre-built templates - a lot of website design companies do not actually design the layout of a website, or the specific theme, but instead use downloadable templates, this can lead to a certain amount of sameness among websites. These templates may or may not be updated regularly for security patches.