28.2% of all websites use Wordpress and the platform has a whopping 59.1% share of the content management systems market according to W3Techs.com. That’s a pretty huge market dominance and whilst Wordpress is obviously a well-known and popular choice, does that mean it is the right choice for your business?

In this article we will be taking a brief look at how Wordpress began, some of the significant issues with the platform and consider alternative CMS solutions that might be suitable for businesses who want a flexible, open source solution that is less prone to security attacks. In addition, we recommend some key questions to ask when evaluating a new CMS.

How did Wordpress begin?

Wordpress was created back in 2003 by two developers Matt Mullenweg and Mike Little. They were inspired to create a new blogging solution when the existing software they were using was discontinued. In 2004, Wordpress 1.2 was released which incorporated the Plug-in architecture allowing the development community to write and share their own plug-ins and extend the functionality of the platform.

Over the following years, regular major updates (named after famous jazz musicians) were released to improve the functionality and usability of the growing platform. A Theme system, new admin dashboard and user interface were examples of key improvements that helped to position Wordpress as a popular content management system (CMS).

With its ease of use and ever-evolving functionality, Wordpress has been adopted as the CMS of choice by businesses of all sizes, many of whom use it for more than just the blogging platform for which it was originally designed.

Issues with Wordpress

Wordpress has suffered from significant security issues over the last 10 years. A study in May 2007 revealed that 98% of Wordpress blogs were exploitable because they were running unsupported and out of date versions of the software.

Whilst the concept of enabling open source plugins is a great way to extend the software functionality, in June 2013 it was found that some of the 50 most downloaded Wordpress plugins were vulnerable to web attacks (1). A separate inspection of the top-10 e-commerce plugins showed that seven of them were vulnerable (2).

In March 2015, it was reported by security and SEO experts that the popular SEO plugin Yoast, used by more that 14 million users worldwide, had a vulnerability which hackers could exploit (3).

Whilst Wordpress continually do their best to react and respond to vulnerabilities, in February 2017 an estimated 1.5 million Wordpress blogs were hacked. It was suggested that 20 hacker groups were involved in defacing the sites and even tried to take over some sites to use them as a proxy for their malware (4).

Wordfence reports on the number of Wordpress attacks that take place each month. In April 2017 alone there were over 17.6m attacks on the most vulnerable Wordpress themes5. Wordfence state there are over 85,000 Wordpress attacks occurring every minute (5). Wordpress originally set out as a blogging platform and whilst the inconvenience of having a blog hacked would be a real pain, now that the platform allows sites to store consumers’ personal data and make payment transactions, a security breach could have devastating consequences for both the companies and consumers involved.

What are the alternatives to Wordpress?

There are a variety of different CMS systems available, other open-source, off-the shelf platforms include Joomla!, Drupal and Silverstripe. Closed-source or proprietary systems, where the software company permits usage of the CMS under conditions set out in a licence agreement in return for a fee, include Kentico and Sitecore. Our CMS comparison can give some insight into the pros and cons of each type of option.

Another solution, ideal for more complex websites, is to use an open-source PHP framework such as Symfony. This approach allows developers to create a bespoke website by combining generic pre-built components with custom development work. The benefits of using a framework is the development cycle will be quicker than building everything from scratch, this is due to the availability of the pre-built, tried and tested elements, however the functionality is tailored to the needs of the business. Having a tailored CMS will help with better adoption, improved usability and more control.

So, should your business really be using Wordpress?

Wordpress provides an ideal platform for bloggers who are happy to accept the potential security risks. However, if your website needs to hold sensitive data, you should consider one of the many other solutions available that could be more suitable for the needs of your business. Just because others are using Wordpress doesn’t mean that it is the best solution for your business. To help you evaluate other CMS products, we have collated a list of questions that you might find useful.

Questions to ask when evaluating a CMS

• What are the costs?
• Are there annual fees, one-off costs, periodic costs?
• How complex does my website need to be?
• How much tailoring is required?
• Will the CMS support responsive interfaces?
• With which other internal systems must the CMS integrate e.g. email, CRM etc?
• Who provides support for the CMS?
• Is it user friendly?
• How easy would it be to change to a different supplier?
• How future focused is it?
• How secure is the platform?


Are you planning a new website or digital project?

Download our ‘must-have’ ebook which includes everything you need to know when planning your new user-centric, results-driven website.

Download the free ebook ‘Creating a user-centric website – How to set your website budget’ 

The free e-book includes:

  • The best way to scope your web project
  • Essentials to include in your web budget and why
  • How to increase conversion with UX research and insights
  • How to create user journeys for website success
  • 10 questions you must ask when considering a new CMS
  • Key testing techniques to optimise conversion
  • 8 vital questions to ask when selecting a digital agency
  • How to allocate your web budget
  • Reasons to disclose your web budget to your digital agency.
  • Plus, top tips on how to save time and money when creating a new user-centric website

Request Ebook


1. https://en.wikipedia.org/wiki/WordPress
2. http://www.crn.com/news/security/240156883/popular-wordpress-e-commerce-plugins-riddled-with-security-flaws.htm
3. http://searchengineland.com/yoast-wordpress-seo-plugin-vulnerable-to-hackers-216656
4. http://www.bbc.co.uk/news/technology-38930428
5. https://www.wordfence.com/blog/2017/05/april-2017-wordpress-attack-report/
6. https://www.wordfence.com/
Blog Index