August 18, 2022

Why Wordpress is a risk for small businesses

We hop into the first red flags developers omit when selling you Wordpress.

by Thomas, Owner

Wordpress is free and you will get exactly what you pay for.

Wordpress was built for blogs

Let us start at the beginning. In 2003, Wordpress was created as a database to manage blogs. Since then it has powered over 73 million blogs.

Anything additional for a Wordpress site is not meant for it.

Wordpress is slow

Wordpress is a server-side rendered architecture. This means on every single page load, the webpage "builds" itself asking the framework for its settings and querying the database for content.

Check out our blog post on server-side vs. client-side.

Quantity vs quality

Yes, there's a substantial quality vs quantity problem with WP developers. You can get started with a Wordpress site by paying an entry-level developer $20 / hour without them having any knowledge besides the basics of PHP.

Because of Wordpress' barrier of entry being basically non-existent, this has led to a massively overcrowded market of "developers" in the community.

A quick image of Wordpress developer's rates

Plugins on plugins on plugins

Wordpress requires several plugins to even get a site set up with its fundamentals. Now what happens when you want your site to do something specific? You can forget about that. You will require a couple paid plugins here and a couple free plugins that contain vulnerabilities there.


As stated before there is a massive market overcrowded with entry-level developers who are going to miss the most basic security vulnerabilities.

Not even three months before this blog post there were 6,500 Wordpress sites hacked with 5,929 still infected.

Thousands of WordPress Sites Hacked to Redirect Visitors to Scam Sites.

5,929 infected site list.

That was the most recent hack that hit our radar. Of course, there are always going to be vulnerabilities, but in our experience we see more hacks with Wordpress than any other technology out on the web today.

One other notable hack we find hilarious was the twitter rip-off, Parler. Parler was meant to be a social media platform where conspiracy theorists could post whatever they liked. And guess who? Wordpress. This particular breach led to 1,030,523 video posts and metadata getting shared which led to 60,000+ latitude and longitude coordinates of January 6 rioters being exposed.

Parler Was Hacked on WordPress, The Internet’s Biggest Platform. Is Everyone At Risk?.

A constrained website

Now that you have a Wordpress site, what if you would like to do something else with it? For example, now you would like to sell products through it. Because you used Wordpress, you are now constrained to the vulnerability-ridden plugin marketplace to find a cart system plugin, payment processing plugin, a user authentication plugin, etc.

You shot yourself in the foot before you ever started on the web.


Can you tell we do not like Wordpress?

It's like buying a Camry. It's not the fasttest, it doesn't handle all that great, and it's not an off road vehicle. People have tried to make the Camry do all of that. It does not make the Camry a horrible car when it is used wrong. It means that its purpose is not infinite.

We would love to help adapt your Wordpress site into a modern framework! If you are serious about your business, you should not be treated as a simple transaction in these "gotcha developers" pockets.

Let us create something for you that is infinite in purpose.

Get notified when we create.


No spam. Only significant launches of our clients! Exciting stuff.

CTA background image

Let's get started

We’re here to help

Schedule a 1-2-1 meeting with 2 clicks! Let's have a quick chat to see if Kahu Software is right for you.