Back-end7 minute read

Don't Hate WordPress: 5 Common Biases Debunked

Toptalauthors are vetted experts in their fields and write on topics in which they have demonstrated experience. All of our content is peer reviewed and validated by Toptal experts in the same field.

Today, WordPress covers more than 50 percent of website shares and serves nearly 60 million websites worldwide. Its popularity has resulted in many misconceptions that have grown and spread like a forest fire, and have made people stay away from WordPress.

In this post, Toptal Software Engineer Donald Mudenge explains the five most common WordPress taboos and myths, clarifies them, and offers solutions on how to overcome them.

Toptalauthors are vetted experts in their fields and write on topics in which they have demonstrated experience. All of our content is peer reviewed and validated by Toptal experts in the same field.
Donald Mudenge
Verified Expert in Engineering

As a wordpress developer, Donald’s main focus is understanding project requirements and providing the best solution to the problems.


Carnegie Mellon University

In the early days, people used WordPress only as a blogging tool. However, today WordPress covers more than 50 percent of the market share for CMSs, supporting nearly 60 million websites worldwide.

As a commonly used platform for building websites and other online applications, misconceptions have spread like a forest fire, keeping people away from WordPress.

In this article, I outline and explain the five most common WordPress taboos and myths, clarify them and offer solutions on how to overcome them.

Debunking WordPress Myths

1. WordPress is significantly more likely to be hacked.

Many people believe WordPress is the most easily hacked CMS. While there is some truth to this, it’s not the full story.

For instance, let’s consider Microsoft Windows. Because it’s the most commonly used operating system (OS), it has a significantly higher probability of getting more viruses and Trojan threats than other OSs. But we stick with it because it’s user-friendly. Like Windows, WordPress is the most developer-friendly CMS, so we should stick with it.

Still, we should be aware of its security issues. Here are some preventive measures that you can take to safeguard your WordPress website.

Regularly backup your WordPress site. Infrequent updates make your site more susceptible to hacks. I recommend backing up your site, at the very least, weekly. There are many plugins that help. One such plugin is BackupBuddy, which costs about $80.

While backup plugins can be costly, they are definitely worth it.

Alternatively, there are free plugins, such as Ready! and UpdraftPlus.

Additionally, some hosting providers allow users to download a backup, although they are not usually a specific WordPress solution.

So, if you need to restore a backup created by the hosting provider, you need to know what you are doing. For example, it is possible that you miss taking the database backup, or you don’t know how to restore a backup cleanly. Eventually, you end up hiring a professional WordPress engineer to restore the installation for you.

By using plugins, you can easily take the backups, schedule them, and with only a few clicks, restore them whenever necessary.

Never use admin as your username as it signals an easy path for hackers. Do not worry if you’ve already selected admin as your username during the installation process because you can easily change it.

The simplest way to do this is to create another user, and give her admin permission.

After a successful login with the new username, delete the old one.

If you don’t want to create a new username, you can change admin privileges directly in PHPMyAdmin, but keep in mind, directly editing the database is dangerous because it’s very easy to make a mistake and lose a lot of data.

You may want to consider using a plugin such as Limit Login Attempts as well. This plugin enables you to limit the number of login attempts and also ban an IP after a certain number of failed login attempts.

Next, I strongly recommend using the plugin HideMyWP, to hide the fact that you’re using WordPress completely. HideMyWP hides your login link and also renames the themes and plugins that the website is using. It is a complete security solution in one plugin with all protection a general WordPress needs.

You may want to consider a managed WordPress hosting solution, such as WPEngine or Pantheon. These services take care of security and automatically update WordPress and generate backups for your site. By choosing a managed WordPress solution, you can rest assured your site will be safe, allowing you to focus on managing your site’s content and features.

Should all of these precautions fail, the next step is to limit the number of whitelisted IP addresses that are allowed to visit and access the /wp-admin/ section of your website. Blocking all except the IP address of your computer is the easiest way to do this.

As I already mentioned, this can be achieved by using the HideMyWP plugin. However, don’t forget to turn it off when you go on vacation, or change locations.

Alternatively, if you don’t want to mess with IP addresses, this plugin gives you the option to hide your login page. In the case of brute-force attacks, the hacker will not know the exact URL to target.

2. WordPress is just blogging software.

Back in 2004, WordPress was only a blogging system. Today, WordPress is a highly versatile tool. WordPress is developed using fully-tested programming languages and technologies, PHP and MySQL. Both of which are widely customizable and extendable.

WordPress is not limited to text. It supports images, audio, video, and document files.

For example, the WooCommerce plugin, transforms WordPress into an e-commerce store. And BuddyPress turns WordPress into a social network.

Likewise, there are plugins and themes for everything, including classified listings, membership sites, affiliates, marketplace, e-commerce sites, and more. At the moment, there are more than 40,000 plugins available in the WordPress repository – most of which are free.

Unlike Magento, Moodle, phpBB, and the like, WordPress is not a platform dedicated to a single use case. A lot of stuff can be created with WordPress.

Let’s take a look at another example. Have you tried the Hello Bar application? Do you know its history? It was developed by using WordPress as the core foundation.

Due to its excellent features, many top brands are powering their websites with WordPress.

If you need more convincing, consider the fact that every month 37 million searches are made about WordPress.

The same statistic indicates that, at times, receives more unique visitors than Moreover, WordPress translations are available in more than 40 languages.

3. WordPress professionals are designers.

WordPress has one of the cleanest admin panels among CMSs. However, it is also capable of simultaneously executing multiple database queries, making it extremely powerful.

To be more specific, WordPress has a clean database structure that handles all the processing, and managing it is not a job for solely a front-end guy, or a designer. WordPress requires a professional, logical and experienced developer to extend its functionality, most likely with the help of various plugins available.

Therefore, the work of any WordPress professional is not just a work of an ordinary designer. It requires much more knowledge and programming skills.

4. WordPress isn’t an enterprise solution.

Many people believe that WordPress is not a big enterprise-level solution so prefer to have a custom-built application. However, this is just a myth. Still, it is important to keep in mind that all enterprises should have their databases optimized and properly scaled in order to make the most of its potential.

WordPress is built with high efficiency and transparency in mind and is very much compatible with third-party applications.

My biggest argument for using WordPress as an enterprise solution is that its back-end is easy to use and highly intuitive. Moreover, other CMSs tend to change and redesign their admin panel as part of the major updates. WordPress does not do this, as it always keeps its users in mind.

Furthermore, WordPress has excellent built-in SEO support. I would even argue that WordPress is the most SEO-friendly platform. And as you know, an SEO-optimized site is vital to getting found by search engines.

Most enterprises prefer multi-language sites. WordPress offers multi-sites with multi-languages, making WordPress the best tool for complex websites.

Lastly, it’s important to note that WordPress can be used to develop an intranet for your enterprise.

5. One WordPress requires one database.

A majority of intermediate and even some expert-level WordPress developers believe it is gospel to have one database for each WordPress installation; they find it hard to believe otherwise.

However, you can install any number of WordPress installations with a single database. Some people will think of it as having a free hosting and will use it to its limits.

It’s possible to use one database for unlimited WordPress installations, but only until the database reaches its limit. This wonder can be achieved by editing the database prefix in the wp-config.php file.

Also, it’s possible to share tables with more than one WordPress, for example, when you need to share user access with more than one WordPress.

As noted earlier, WordPress is available with the benefit of multi-sites.

With this feature, you can create as many sites as you like under a single URL, which will act as sub-sites of one URL. They will maintain the same theme, plugins, and hosting account.

Furthermore, each sub-site will have its own administrator, while the main site will have a super administrator, who can access them all. Additionally, a network administrator can administer the network between sites. This WordPress feature is not only convenient, but is also cost effective and affordable.

It may not be as easy to create multi-sites using some other CMS.

Forget the taboos.

The truth is, there’s no reason people should avoid using WordPress. It’s is an awesome application full of possibilities.

As a bonus, there are plenty of online resources available that help in managing WordPress. Even from the financial point of view, having WordPress as a website, e-commerce store, membership portal, forum or other kinds of portal, is affordable with higher standards.

It’s a cost effective venture because it gives access to unlimited interesting designs for a low price. On average, most of the themes cost less than $50, and plugins are mostly around $5.

Everyone has access to this excellent, open-source software that can be used for everything from blogging to managing the content of websites it powers.

Simply follow safety precautions to protect yourself from hackers, and enjoy its features. WordPress is one of the best online applications for any web portal service and CMS.

Hire a Toptal expert on this topic.
Hire Now
Donald Mudenge

Donald Mudenge

Verified Expert in Engineering

Toronto, ON, Canada

Member since October 27, 2016

About the author

As a wordpress developer, Donald’s main focus is understanding project requirements and providing the best solution to the problems.

authors are vetted experts in their fields and write on topics in which they have demonstrated experience. All of our content is peer reviewed and validated by Toptal experts in the same field.


Carnegie Mellon University

World-class articles, delivered weekly.

By entering your email, you are agreeing to our privacy policy.

World-class articles, delivered weekly.

By entering your email, you are agreeing to our privacy policy.

Join the Toptal® community.