WordPress is a great CMS for managing blogs or simple websites, something which is indicated by the numbers: WordPress controls 63.5% of the CMS market, and 43.2% of all websites run on WordPress.

There is no doubt that the platform is both popular and user-friendly, but when you take a closer look at which sites run on WordPress and which sites don’t, an interesting question emerges: Few of the world’s largest brands and organizations resort to WordPress as a main CMS. Let's see why.

1. Security issues

The most serious weakness in WordPress is security, and the chief culprits in this matter are the plugins. Plugins in WordPress are optional extra functions that don’t ship with the core package, and you can find and download them through the platform itself or on the web.

The main problems with WordPress plugins are that they can be made by basically anyone—which pose a risk in terms of quality and safety—they can slow down your site’s performance if they are too many, and multiple plugins with conflicting sets of codes can disrupt each other and your digital experiences.

Also, as WordPress usage is so widespread, there are lots of malware, viruses, and malicious methods directed explicitly towards WordPress architecture. According to a 2019 report by Sucuri, WordPress sites account for 94% of CMS infections.

Other examples of security issues in WordPress is a critical plugin bug that leaves 320,000 sites open to attack, a plugin bug letting hackers wipe up to 200,000 sites, a plugin bug locking admins out of websites, and instances where popular plugins have gotten their Github users hacked—with the next launch full of viruses.

DOWNLOAD FREE REPORT: Enonic vs. WordPress »

2. Low flexibility for developers

WordPress is chiefly meant for non-technical people, which is part of the story of why it’s so great and popular for regular folks, local businesses, and small organizations.

But what the platform provides out of the box, it lacks in terms of flexibility for back-end developers. Every medium to large-scale brand or organization has several specific needs that must be fulfilled by a complex digital system, either if it’s CRM integration, e-commerce solutions, logistics, B2B, or localization issues,.

Moreover, developers don’t code in the WordPress platform itself, but in plain PHP and in the databases. This low level form of coding makes code maintenance harder, and forces the developers to work more from scratch. This might be one of the reasons why WordPress is rated “most dreaded” by 67% of the developers in the annual Stack Overflow Developer Survey.

Confidence is key: Why companies trust Enonic »

3. Low flexibility for content authoring

The core in WordPress is small, as the original and current main function of the CMS is to be used for blogging. Together with the blogging platform you get an enormous eco system of themes and plugins, and you must manage a giant amount of plugins to build complex sites, which is a security issue as we mentioned earlier.

WordPress is a great match if there is a fitting theme and plugins for your purposes, but if there isn’t a perfectly fitting theme and group of plugins, you have to pull up your sleeves and code. And most casual WordPress users can’t code.

Another feature that WordPress is missing are content type definitions. There are basically two content types—page and post—and you can’t define or tailor your own content types without plugins or coding.

But to be fair: While visual page building was restricted to external plugins like Cornerstone in the past, the release of version 5.0 in December 2018 saw the introduction of the built-in block based editor Gutenberg. Also, search engine optimization have traditionally been handled by external plugins like Yoast SEO, but WordPress is slowly adding more built-in flexibility also in this field.

In order to summarize the lack of flexibility in WordPress: To get enough functionality, which you typically find in enterprise CMSs, you most likely need plugins.

How it should be done: How to use Enonic XP for effective content management »

4. Frequent maintenance

Maintaining a fresh and healthy CMS is important for effective use of your time and for delivering fast performing digital experiences for your visitors and customers.

We have already talked about how plugins can bog down your platform if they get too numerous or start to impose conflicting codes, but another aspect is the frequent and untimely maintenance that accompanies a mighty host of plugins.

Plugins need to be updated regularly, as the codes often include weaknesses and bugs, which malicious forces know to take an advantage of. As a plugin update can potentially break your website, and if you run a website where uptime is paramount, you need someone with insights into—you guessed it—code. Updating one plugin might also trigger the need to update a range of other plugins

The release of WordPress version 5.5 in August 2020 introduced auto-updates to plugins and themes, but the same core issue remains: the changes in the different plugins are not necessarily mutually compatible with each other nor the site.

5. Scalability issues

Scalability is the ability of a system to grow while maintaining smooth performance and sensible operations. In terms of scalability, WordPress supports multisite, although through a complicated process for developers. Further, the programming language behind it—PHP—can indeed scale.

However, WordPress is built around a relational database, and not around a search engine like Elasticsearch. This means that you need a separate search engine to do site search, product search, facet search, and so on—something which scale with difficulty.

Neither does WordPress support clustering in an easy way without involving complex technicalities and seasoned developers. A clustered deployment enables you to distribute load across servers (also known as nodes) and at the same time increase resilience. If one node fails, the rest of the cluster will still be running and keep your services available.

Responsive content management - no longer a nightmare »

6. Expensive vendor support

Vendor support for WordPress can be quite expensive. If you don’t want to handle hosting and support by third parties via the open-source WordPress.org, you can opt in for the commercial WordPress.com.

While the standard pricing plan starts cheaply enough at $25 monthly for small businesses, the price for WordPress.com VIP for larger organizations range from whooping $5,000 to $25,000 a month. As mentioned, you can get support from third party agencies, but the prices and quality differs as much in this field as there are number of plugins.

7. Editing and roles management

To run an editorial site with roles and control over publishing access is important to any self-respecting organization, but out of the box in WordPress even users below editors can publish pages and posts. This can be mitigated by the use of plugins, but you know what we think of plugins.

When an increasing amount of people work in a single WordPress instance in terms of access rights and roles, the platform itself doesn’t offer great editorial mechanisms natively. Too many cooks spoil the broth, and in WordPress the built-in role management doesn’t allow you to create custom roles or to easily see what existing roles have access to do.

Also, reusing elements is not present in native WordPress. To be able to save and reuse a custom element, e.g. a button, a section of text, or anything else you will use often across your site, is a vital part of an effective management of your time. But, yet again, there are plugins to fix the issue.

Learn more: 6 ways Enonic XP can help your company generate revenue »

8. Limited image handling

While WordPress does contain basic image editing, like rotating, flipping, and a form of cropping, it doesn’t feature zoom-and-pan cropping or focal points—the latter which is a feature that allows you to choose what portion of an image to show in any aspect ratio of the image on your digital experiences. This is increasingly important when content and images are reused for multiple devices and channels.

And finally, there is a lack of deep metadata editing, like camera EXIF and GPS info, which can be handy on some types of sites.

How Enonic simplifies your everyday image problems »

9. Slow performance

According to a CMS benchmark by Yottaa, WordPress is clearly the mainstream CMS with the slowest performance. Yottaa explains why WordPress is so slow by pointing out that the platform has more JavaScript code than its competitors, thus bogging the performance.

This fact is further accentuated by the influx of suboptimally coded plugins and widgets. The alleged remedy to slow WordPress sites? According to WPBeginner, one of the main ingredients is even more plugins.

Also, as mentioned earlier, WordPress does not have a close connection between its database and search, because it’s not built around a search engine like other CMSs might be.

10. Lack of control

To be fair, WordPress is open-source. This means you can see what is developed, what is planned, and the documentation of every feature and function of the platform.

But, with so many plugins the performance and security is in peril. The sheer amount of documentation accompanying all the different plugins and themes you might end up with will deliver just the opposite result: a severe lack of control.

The inherent presentation of your site hierarchy further builds up a feeling of lacking control. There is no tree structure in the content admin—and the separate (!) overviews of pages, posts, portfolios, and whatever else of custom content types your plugins deliver, are shown in cluttered lists with dashes to emphasize where in the hierarchy a given element belongs.

Lastly, a word on menus in WordPress: You create a menu in a separate location in the CMS. When you then proceed to create new pages and have not chosen that new pages are to be automatically added to the menu, you must navigate to the menu creator and add the new page to the menu. Twice the work for the same result.

11. Doesn’t promote professional development

As WordPress is mainly directed towards non-technical people, the platform doesn’t promote professional web development or understanding of the process. The standard procedure in WordPress is to edit directly in the production environment, as opposed to the professional method with other, safer deployment environments. If there is a mistake in one or more of the newly embedded codes in your “prod,” it can end up breaking your website and cause embarrassing downtime.

While running a WordPress server is easy, it is quite cumbersome to run an identical setup on a test server and locally. WordPress hard codes URLs to each server several places in the database, and you therefore have to run a search and replace in the database to make a WordPress instance to run locally. After this you must manually add changes one by one.

Furthermore, in WordPress there is no continuous development or automatic testing out of the box. A CMS should have these functions in order to assess quality and to mitigate risks.

Find out more: 5 reasons to choose Enonic as your CMS »

12. Legacy support encourages outdated systems

You might think that WordPress’ support of the legacy systems of thousands of users is great service and a good thing, but this also poses both a security risk and a waste of time. WordPress supports very old versions of PHP (but they have enforced some updates lately), partly because so many websites run on it and partly because PHP isn’t WordPress’ own platform.

As WordPress doesn’t constitute its own platform, they can’t just upgrade to the latest and best version of PHP without a lot of work. Developers have to wrestle with old codes in these instances, making it an inefficient means to keep on developing and progressing. Also, on account of these factors, WordPress doesn’t use modern PHP techniques in many places, which can be troublesome.

Bottom-line: Why you should choose something other than WordPress

WordPress is primarily a blogging tool and can work perfectly for private persons or small organizations, or if your solution isn’t business critical. However, as soon as you need digital experiences that are more complex or something that isn’t included in your standard theme, you need additional themes and plugins, and you need a partner that’s an expert in WP to ensure you’re not the next scamming site in line due to a virus infection.

In addition to these factors, you probably need a lot of custom coding to get what you want of your digital experiences. When you need developers to code so much anyway, why not choose a CMS that can be more customized from bottom-up, and where there already are many advanced functions natively?


Male physician sitting with a patient in doctor's office.

First published 19 December 2018, updated 23 September 2020.

Related blog posts

Get some more insights 🤓

Get started with Enonic! 🚀