As there are millions of websites using WordPress, they are an obvious target for computer hackers. If a hacker can find a vulnerability in one system, this likely exists on many of the others. Furthermore, as robots (computers that trawl the Internet for a variety of reasons) can determine whether a site is made by WordPress or not; once a vulnerability has been found it can be automatically exploited on every similar website found. Once a website has been hacked, it can be exceptionally difficult to fix.
While it’s true that Wordpress regularly release updates to fix all the security holes, the trouble is with an average of more than one patch a month it can be time-consuming to keep your web site secure. The updates will need to be done by someone technical, which means clients inevitably end up paying for this extra work in the long run.
Plugins are, in essence, a fantastic idea. Each plugin is an extension to WordPress written by a third-party developer. They each add functionality to WordPress that is not in the original system. Unfortunately, as there are so many plugins, written by so many people, many have their own security vulnerabilities and issues. Many plugins are written by hobbyists to do something for their own site, they release the code for free and then forget about it.
This leads nicely to support; as WordPress is open-source, it is free and developed by the ‘community’. This is a good idea and allows such software as WordPress to remain free. However, it does cause an issue with support.
As there is no official development team, and as the client has never paid anyone for the software, there is no phone number to call and no guaranteed way of getting a response. Therefore if a client’s website breaks, perhaps after an update, any errors can be hard to diagnose. The usual process is to use Google to search various support forums, and if no one else has had the same issue, post a ticket to a forum, and hope that someone can help you fix your issue. Even then a client, or web developer, is only likely to receive a pointer in the right direction and will need to do a fair bit of work themselves. This can be difficult for a professional web developer and can prove almost impossible for many web designers who only know how to install and use WordPress.
The thousands of plugins available can do a variety of different tasks, but the time will come when the plugins will not do either what a client wants, or in the way that they want it done. When this happens, you’ve reached the end of WordPress’ capabilities.
Search Engine Optimisation (SEO)
There are lots of SEO plugins for WordPress, and by picking and choosing the correct ones, you can achieve a certain level of optimisation. However, you never have the fine control that you get with a custom website, and therefore, full search engine optimisation is not possible.
The speed of a website affects the SEO as well as the general user experience. As WordPress caters for many different styles of websites and has lots of features that are often unused, the code is very ‘bloated’. This means your server is processing a lot more code than it needs to which means each page is slower and you will reach the limits of your server much quicker.
Errors in websites need not be critical; have you ever seen a website that looks different in Internet Explorer to Firefox, or looks obscured on a mobile phone? Well, this is common across many websites, in particular ones created using software such as WordPress.