These days it seems like you just can't get away from clients who ask for WordPress sites. They have invariably either become accustomed to their current WordPress site or they've heard some of the WordPress "buzz" from some of the designers and (less-skilled) developers out there who sell it as their solution.
But what's wrong with WordPress? Thousands of websites use it! Anything you need, you can just install a plugin and POOF! you have a brand new online store or job board, right in your WordPress site! Not so fast...
These are the kind of things you will often hear from misinformed clients and developers who create WordPress sites. But using Wordpress (and most other open-source third-party systems, i.e. Joomla, Drupal, etc) has fundamental drawbacks to both users and serious developers. We've had potential clients accept a WordPress proposal with another firm, only to discover that it didn't suit their needs and come back to us.
“The source code that powers your website is published publicly on the internet for any ill-intentioned hacker to read and look for exploitations.”
This is the number one drawback. The source code that powers your website is published publicly on the internet for any ill-intentioned hacker to read and look for exploitations. This applies not only to the system itself, but most of the plugins out there. As a matter of fact, WordPress has a page dedicated to users that come across this unfortunate fate. As a company that hosts hundreds of websites, we've seen it happen often enough.
Once you've committed to a WordPress site, you are now strictly confined within the WordPress world. Want to do something with the user system that WordPress wasn't built to do? You can either hack into WordPress core files, which is time-consuming (read "expensive") and precludes you from ever updating WordPress in the future, which adds a HUGE security risk. Like a plugin you see to add a job board to your site, but it doesn't include a feature you'd want? A lot of the time it's more expensive to modify the plugin than to develop a custom plugin like it from scratch. And if you modify the plugin, now you can't update it either (see above, HUGE security risk).
With all that said, it essentially boils down to this: you are completely dependent on the people who are maintaining WordPress and the plugins you install. If they decide to ditch support (e.g they create a new version that isn't backwards compatible, or they just stop maintaining the software all-together), you're in a pickle. If you decide to circumvent the boxes they have built, YOU just jettisoned your compatibility with their support.
“It essentially boils down to this: you are completely dependent on the people who are maintaining WordPress and the plugins you install.”
How could updates possibly be a bad thing? The answer is that in and of themselves, they aren't. In fact, they are necessary with open-source software for security reasons. The problem is that they are probably the number one cause of bugs. You update WordPress or some other plugin, and stuff just breaks. Then you might be stuck with an old version and cannot update (see above, HUGE security risk). Most updates are security patches and sadly, they don't always get applied in a timely manner.
I've read that certain URL pattern configurations in WordPress can require thousands of database queries just to route the application (as in before the system starts doing anything). I think most WordPress users have experience with weird pages that run slow, etc. But the number one issue is their database design. Without getting to technical, it's simply atrocious.
“WordPress has completely abandoned any concept of sounds software design in favor of making it easy for barely technical people to throw together a quick website.”
WordPress has completely abandoned any concept of sound software design in favor of making it easy for barely technical people to throw together a quick website with some form of content management. While this is great for designers and low-skilled developers trying to make a buck, it won't do anything for the custom needs of your business.
Plugins are not just a problem because you get pinned into a third party's software/code. They are also overly touted for being a quick solution to common problems. They are a fine solution if you want what they have exactly as it is out-of-the-box and you are willing to live with any limitations it comes with, now and forever. But as soon as you want to add a feature, it probably would have been a better idea to build something custom for your needs to begin with.
Still not convinced in the value of a proprietary CMS? See our article on Iris, our company's sleek, easy-to-use, and infinitely customizable CMS.