Silly question right, since something like 25% of all websites in the world are in WordPress? Also, 90% of the work we do is on WordPress.

Don’t get me wrong. There are tons of things that are right with WordPress, and that is why it is our platform of choice. But there are definitely issues, and you should know about them.

This article should really be titled, “What you need to know in order to be an intelligent consumer of WordPress development and hosting and maintenance services.”

I am not exaggerating: Ignorance of the following has led to many unmitigated digital disasters.

Read on.


Problems with WordPress stem almost entirely from the fact that it is a free, Open Source platform. Let me explain. WP is a Content Management System (CMS) — a “website builder”, which is to say, a piece of software that automates large portions of the work of creating a website.

In the bad, old early days, every single piece of a website had to be coded by hand, in what is called “HTML”, the language of websites. For example, a “<b>” tells web browsers that the text that follows is bold.

HTML is still the language of websites but now, making something bold is as easy as clicking a button. The software then translates this into HTML. Multiply that by 10000 and you get the idea of the amount of automation available in WordPress. Want an online store? Install a plugin called “WooCommerce.” Want a membership system? Reservation system? Same deal.

Of course, there is a lot that has to be done to build a website, regardless, as there is a near infinity of choices.

As I started to say, this is an Open Source platform. Meaning no one owns the code, and anyone can contribute to it. There is a rigid and well-worked out system for controlling changes to the core software. But that is only the beginning.


Think about this: There are more websites in WordPress than any other platform, at this time estimated 25% of all websites in the world are in WordPress, and that number is rising. The code used is available to anyone to examine.


Of course there are juicier targets, like banks, which are never going to be in WordPress. But they are well protected and there are tens of millions of WordPress sites. Any smart teenager, sitting in their parents’ basement, in any country with an internet connection, can look for and find WordPress vulnerabilities, then set a bot (automated program) to work, exploring the web for sites vulnerable to their hacking bots.

One consequence: Frequent security updates to WordPress and its “themes” and “plug-ins.” If you aren’t updating your website regularly (at least monthly), you are vulnerable and WILL get hacked sooner or later.

The problem is that sometimes an update will break something. So you really need a professional service to handle the updates for you. Some automated services are supposed to take care of this for you. GoDaddy has “Managed WordPress hosting” which is actually a half-truth. They only do partial updating, leaving you thinking you’ve got it covered when you don’t.

Various security locks such as “SiteLock” and “WordFence” materially help with this problem. In fact, how to protect against hacking is well established. But it has to be done, and done by someone that knows what they are doing.


I mentioned but didn’t explain these. The core WordPress software lets you create a website. What if you want the website to do something?
Adding a contact form, a shopping cart or a membership requires the addition of one or more plug-ins, which are pre-built extensions to WordPress that add functionality.

Due to WordPress’s popularity, there are tens of thousands of plug-ins available. Want a reservation system? A search on the WordPress website (wordpress.org) will turn up hundreds of options.

Anyone can develop a plug-in. So in choosing a plug-in, there are potential issues to sort out. First, does it do what you want? There are, for example, many variations on how reservations systems work, and any given plug-in may or may not suit your needs. This may not be immediately obvious without downloading and trying out the usually available free demo version. Even then, there be questions you can’t answer without actually installing configuring and testing the full version of the plug-in. Most plug-ins are free or inexpensive, but it can be time-consuming.

Just as big an issue is quality. Developers run the full gamut from real pros to amateurs (whose plugins may not work right all the time, or be vulnerable to hackers), to hackers themselves creating plugins to get on your website. The WordPress website has a lot of helpful information on most plugins, including how popular they are, if kept up to date by the developer, and whether the developer responds readily to questions.

A plug-in that works great can become a big problem a year later. If the developer goes out of business and your plug-in no longer works with the latest version of WP? Then maybe you’re stuck with doing a whole bunch of work, replacing the plug-in with another one.


WordPress runs on themes, which are pre-built website skeletons, with a definite look and often built-in functionality. This is one of the great conveniences of WordPress: You can pick a theme and immediately have a website with a desired look and functions. Most themes are inexpensive.

The same issues that apply to plug-ins apply to themes. A theme can be badly built so it will break later or be hard or even impossible to make modifications that you want. We’ve seen a theme built so you could have five icons across the page but couldn’t have six. Themes can be hacked or their developers can go out of business.

This is an area where the WordPress website is not as helpful as with plug-ins. Generally, there is no substitute for the advice or help of someone who knows what they are doing.


Theoretically, WordPress is a do-it-yourself website tool. But there are many pitfalls, as you can see from what I’ve written to this point.

It is an unfortunate fact that many WordPress developers are amateurs and don’t know much of what I’ve said.

Anyone can watch a few videos, build themselves a website using a theme that looks good, and announce to the world that they are a “professional website designer, great websites in eight days for just $399.”

Well, as the Romans used to say, “Caveat Emptor” (“Let the Buyer Beware”).

Don’t get me wrong, nowadays you CAN get a professional website, built faster and cheaper, with WordPress. That is truly its great advantage.

But “Buyer Beware”, it takes a professional to create an actual professional website.

Subscribe to our newsletter