WordPress has a bad reputation
This popular content management system powers more than 32% of the web, according to its makers. This means that developers have built about 600 million WordPress-based websites so far. The second place is taken by Joomla, which only powers 3% of all sites, and the bronze medal goes to Drupal. So, if WordPress is so widespread, it must be really good, right?
Nothing could be further away from truth! Due to its popularity, WordPress is the most hacked CMS in the world. According to a recent Wordfence report, a few hackers have used 399 different IPs to attack 1,415,330 websites in less than 24 hours! And the bad news is that many of these targeted attacks are often successful, with cross-site scripting hacking attempts being the most effective.
WordPress is an open source CMS, which means that lots of people take care of this project. So, WordPress itself is updated regularly, and its themes and plugins get frequent updates as well. That is a great thing in theory, but these updates will often break sites that work, making them vulnerable to cyber attacks.
Truth be told, WordPress would be much more secure if people took the time to update it regularly. But since new updates are pushed every week or so, very few of us find the time to install the new patches.
Improper WordPress installation are another serious issue. Most people keep the default 'admin' user name and choose a weak password, which can be broken within minutes by any script kiddie who uses a dictionary-based attack.
Then, there are many plugins that may conflict with other plugins. And if you don't back up your site before installing or upgrading a plugin, you risk ruining it for good!
Unwanted blog comments are another widespread issue. Many spammers use tools that automate comment posting, with the goal of giving their sites a boost in the search engines. So, you may end up having hundreds of unwanted comments which include links that point to fishy sites within hours!
Often, WordPress' themes look great on desktops, but look terrible on mobile devices. And poorly coded plugins can quickly turn your website visitors' experience into a nightmare.
If you aren't a web designer, you will have a hard time trying to craft a gorgeous looking site. Sure, there are various online marketplaces which sell great themes at affordable prices, but you will need to hire a designer if you need to extend their functionality. It is true that some plugins may add missing features to your site, but each new plugin will slow down the website.
WordPress is a slow CMS. Just add a decent looking theme to it along with a few plugins, and you'll quickly get page loading times that exceed 2-3 seconds. There is a simple explanation for this: the CMS makes use of a huge database and isn't able to optimize the images properly. Heavy themes and poor hosting are two other factors which prevent WordPress from reaching its potential.
Finally, this CMS can't handle large amounts of traffic out of the box. If you plan to create a huge e-commerce store, you will need to use custom PHP code, so you'll need to hire a programmer sooner or later.
WordPress is an easy to use CMS, and it will work fine for people who want to build small-scale web projects and are willing to spend their time applying weekly patches. People like me will always want to use more secure platforms, creating fully functional sites that are much safer because they use the HTML/CSS combo, for example.
However, if you prefer to use WordPress, you can use the services that are provided by a company which offers managed WordPress hosting. They'll take care of all the updates, create daily backups of your site, and more. You will have to pay $50...$100 per month for hosting, though.