This post started out being titled Why Wordpress Sucks. As I wrote it, I decided it was a little rough and not 100 percent accurate. Wordpress doesn't actually suck, but for the way most would want to use it, it is not the best solution for their web development needs.
The promise of Wordpress is ease of development. Choose a template, add some plugins and your content and you're set. What most usually don't realize is Wordpress was not built for full website production. Wordpress is a blogging platform. Everything about Wordpress was developed around it being a blog platform and everything done to it to make it do something else (i.e. building a full website) is adding more and more bulk over the blogging system.
There is no question that working with a CMS (content management system) makes editing websites easier for users who want to build a site themselves. (As an aside, when I develop sites, I usually give people an option for me to build a way for them to edit their own sites. With all the sites I've developed, only a handful really want this capability and of those, only a few actually ever use it.) Most CMS systems have a drag and drop functionality, on page editing and easy design elements to integrate into a page. Since most people know how to use tools like Microsoft Word, this functionality makes it easy to edit information on a site.
Wordpress, however, is limited in what you can do. As a developer, I want to make sure the solution fits the content the client is wanting to display, not the other way around. While there are tens of thousands of plugins out there that can do pretty much anything, a developer would have to continue to add plugin on top of plugins to do things I could do in a few lines of code.
Where people start to get into trouble is not understanding the hidden costs of theme updates or plugins that need to be purchased upgrades to keep your site working, or the ongoing cost of hosting a solution because moving it to a new web provider is hard and/or expensive.
Additionally, it's no secret that Wordpress is the most hacked into CMS out there. According to sucuri.net, via zdnet, ninety (90) percent of CMS sites hacked in 2018 were Wordpress sites, mostly because of issues with themes, missing updates or plugins that are out-of-date or corrupt from the start.
One reason is that Wordpress is open source software, which means anyone who wants to see how it works, can. The code making the backend of the software work is available to download and see things about. Bugs and issues with the code are made public as they are found and (potentially) fixed. This allows anyone with knowledge to exploit sites or plugins not updated to the current version.
Further, since most people download plugins without checking who has developed them, they potentially unknowingly introduce code into their sites from developers who may not have the website owner's best interest in mind, opening up further security risks for the sites.
So why can't the code automatically be kept up-to-date?
Seems like a reasonable thought, but consider there is one (set of) developers creating the Wordpress software, tens of thousands of developers creating plugins and millions of people attempting to break sites. While it may seem like a good idea to just let everything auto-update (a feature that has been recently added to Wordpress for the base configuration), there are other factors to consider.
What if the updated Wordpress code can't run on the server space it's hosted on? What if an out-of-date plugin doesn't work with some new code in the main Wordpress site? What if one plugin update breaks another plugin? Any of these cases (all and more of which I've seen) cost downtime for the website and additional cost and frustration for the website owner.
What are the other options?
There are endless do-it-yourself systems that are not Wordpress, but they are limited. Sites like Wix or SquareSpace give people the ability to create their own sites in their format. There are limited templates, however, and the monthly costs will add up quickly. They are great for people who have some knowledge of how websites work and who don't want to work with a developer. There have been times where I've referred people to them either because they don't want a custom site or they (think) they want full control over everything.
I don't develop in Wordpress and don't use unless I have to. I do have clients who use and I do support it. In those cases where I host it, it's hosted on a server by itself, away from everything else. This adds extra cost to me, but in the long run, isolating code I can't fully control so it can't put into danger the other sites I host.
All my development is custom (custom doesn't necessarily mean expensive). Visiting my client page will give links to examples of sites I've built. Some have CMS backends, some do not (but could).
Wordpress is a good platform and does some things really well, if you keep up on it and update the sites, it's not horrible. It's just not something I would want to use to create a site.