In the early days, people used WordPress only as a blogging tool. However, today WordPress covers more than 50 percent of the market share for CMSs, supporting nearly 60 million websites worldwide.

As a commonly used platform for building websites and other online applications, misconceptions have spread like a forest fire, keeping people away from WordPress.

In this article, I outline and explain the five most common WordPress taboos and myths, clarify them and offer solutions on how to overcome them.

Debunking WordPress Myths

1. WordPress is significantly more likely to be hacked.

Many people believe WordPress is the most easily hacked CMS. While there is some truth to this, it’s not the full story.

For instance, let’s consider Microsoft Windows. Because it’s the most commonly used operating system (OS), it has a significantly higher probability of getting more viruses and Trojan threats than other OSs. But we stick with it because it’s user-friendly. Like Windows, WordPress is the most developer-friendly CMS, so we should stick with it.

Still, we should be aware of its security issues. Here are some preventive measures that you can take to safeguard your WordPress website.

Regularly backup your WordPress site. Infrequent updates make your site more susceptible to hacks. I recommend backing up your site, at the very least, weekly. There are many plugins that help. One such plugin is BackupBuddy, which costs about $80.

While backup plugins can be costly, they are definitely worth it.

Alternatively, there are free plugins, such as Ready! and UpdraftPlus.

Additionally, some hosting providers allow users to download a backup, although they are not usually a specific WordPress solution.

So, if you need to restore a backup created by the hosting provider, you need to know what you are doing. For example, it is possible that you miss taking the database backup, or you don’t know how to restore a backup cleanly. Eventually, you end up hiring a professional WordPress engineer to restore the installation for you.

By using plugins, you can easily take the backups, schedule them, and with only a few clicks, restore them whenever necessary.

Never use admin as your username as it signals an easy path for hackers. Do not worry if you’ve already selected admin as your username during the installation process because you can easily change it.

The simplest way to do this is to create another user, and give her admin permission.

After a successful login with the new username, delete the old one.

If you don’t want to create a new username, you can change admin privileges directly in PHPMyAdmin, but keep in mind, directly editing the database is dangerous because it’s very easy to make a mistake and lose a lot of data.

You may want to consider using a plugin such as Limit Login Attempts as well. This plugin enables you to limit the number of login attempts and also ban an IP after a certain number of failed login attempts.

Next, I strongly recommend using the plugin HideMyWP, to hide the fact that you’re using WordPress completely. HideMyWP hides your login link and also renames the themes and plugins that the website is using. It is a complete security solution in one plugin with all protection a general WordPress needs.

You may want to consider a managed WordPress hosting solution, such as WPEngine or Pantheon. These services take care of security and automatically update WordPress and generate backups for your site. By choosing a managed WordPress solution, you can rest assured your site will be safe, allowing you to focus on managing your site’s content and features.

Should all of these precautions fail, the next step is to limit the number of whitelisted IP addresses that are allowed to visit and access the /wp-admin/ section of your website. Blocking all except the IP address of your computer is the easiest way to do this.

As I already mentioned, this can be achieved by using the HideMyWP plugin. However, don’t forget to turn it off when you go on vacation, or change locations.

Alternatively, if you don’t want to mess with IP addresses, this plugin gives you the option to hide your login page. In the case of brute-force attacks, the hacker will not know the exact URL to target.

2. WordPress is just blogging software.

Back in 2004, WordPress was only a blogging system. Today, WordPress is a highly versatile tool. WordPress is developed using fully-tested programming languages and technologies, PHP and MySQL. Both of which are widely customizable and extendable.

WordPress is not limited to text. It supports images, audio, video, and document files.

For example, the WooCommerce plugin, transforms WordPress into an eCommerce store. And BuddyPress turns WordPress into a social network.

Likewise, there are plugins and themes for everything, including classified listings, membership sites, affiliates, marketplace, eCommerce sites, and more. At the moment, there are more than 40,000 plugins available in the WordPress repository – most of which are free.

Unlike Magento, Moodle, phpBB, and the like, WordPress is not a platform dedicated to a single use case. A lot of stuff can be created with WordPress.

Let’s take a look at another example. Have you tried the Hello Bar application? Do you know its history? It was developed by using WordPress as the core foundation.

Due to its excellent features, many top brands are powering their websites with WordPress.

If you need more convincing, consider the fact that every month 37 million searches are made about WordPress.

The same statistic indicates that, at times, receives more unique visitors than Moreover, WordPress translations are available in more than 40 languages.

3. WordPress professionals are designers.

WordPress has one of the cleanest admin panels among CMSs. However, it is also capable of simultaneously executing multiple database queries, making it extremely powerful.

To be more specific, WordPress has a clean database structure that handles all the processing, and managing it is not a job for solely a front-end guy, or a designer. WordPress requires a professional, logical and experienced developer to extend its functionality, most likely with the help of various plugins available.

Therefore, the work of any WordPress professional is not just a work of an ordinary designer. It requires much more knowledge and programming skills.

4. WordPress isn’t an enterprise solution.

Many people believe that WordPress is not a big enterprise-level solution so prefer to have a custom-built application. However, this is just a myth. Still, it is important to keep in mind that all enterprises should have their databases optimized and properly scaled in order to make the most of its potential.

WordPress is built with high efficiency and transparency in mind and is very much compatible with third-party applications.

My biggest argument for using WordPress as an enterprise solution is that its back-end is easy to use and highly intuitive. Moreover, other CMSs tend to change and redesign their admin panel as part of the major updates. WordPress does not do this, as it always keeps its users in mind.

Furthermore, WordPress has excellent built-in SEO support. I would even argue that WordPress is the most SEO-friendly platform. And as you know, an SEO-optimized site is vital to getting found by search engines.

Most enterprises prefer multi-language sites. WordPress offers multi-sites with multi-languages, making WordPress the best tool for complex websites.

Lastly, it’s important to note that WordPress can be used to develop an intranet for your enterprise.

5. One WordPress requires one database.

A majority of intermediate and even some expert-level WordPress developers believe it is gospel to have one database for each WordPress installation; they find it hard to believe otherwise.

However, you can install any number of WordPress installations with a single database. Some people will think of it as having a free hosting and will use it to its limits.

It’s possible to use one database for unlimited WordPress installations, but only until the database reaches its limit. This wonder can be achieved by editing the database prefix in the wp-config.php file.

Also, it’s possible to share tables with more than one WordPress, for example, when you need to share user access with more than one WordPress.

As noted earlier, WordPress is available with the benefit of multi-sites.

With this feature, you can create as many sites as you like under a single URL, which will act as sub-sites of one URL. They will maintain the same theme, plugins, and hosting account.

Furthermore, each sub-site will have its own administrator, while the main site will have a super administrator, who can access them all. Additionally, a network administrator can administer the network between sites. This WordPress feature is not only convenient, but is also cost effective and affordable.

It may not be as easy to create multi-sites using some other CMS.

Forget the taboos.

The truth is, there’s no reason people should avoid using WordPress. It’s is an awesome application full of possibilities.

As a bonus, there are plenty of online resources available that help in managing WordPress. Even from the financial point of view, having WordPress as a website, eCommerce store, membership portal, forum or other kinds of portal, is affordable with higher standards.

It’s a cost effective venture because it gives access to unlimited interesting designs for a low price. On average, most of the themes cost less than $50, and plugins are mostly around $5.

Everyone has access to this excellent, open-source software that can be used for everything from blogging to managing the content of websites it powers.

Simply follow safety precautions to protect yourself from hackers, and enjoy its features. WordPress is one of the best online applications for any web portal service and CMS.

About the author

Donald Mudenge, Canada
member since October 11, 2016
Donald is more concerned in succeeding on a project with a perfect understanding of the requirements rather than just completing the tasks. For any uncertainty in project requirements, he guides and makes suggestions to clients and does not hesitate to go the extra mile. He works on a project as if it's his very own. He likes his work to truly prove to be a beauty (beautifully written, clean code) with brains (a smart and useful end-product). [click to continue...]
Hiring? Meet the Top 10 Freelance WordPress Developers for Hire in April 2019


Arguing that WordPress isn't that hackable, or that you need full time security management through wpengine, kind of proves the point. WordPress and dynamic site generation in general is a worst practice today. Static site generation layered with dynamic client features is the new best practice. The only way to "hack" my site is to hack S3 or Disqus. If I needed more dynamic features I'd create a simple API with a limited attack surface. WordPress is basically impossible to secure. And I don't want to spend $100/month or more for wpengine to keep my site mostly safe when I get better security for a few dollars a month.
Lee Peterson
| WordPress is basically impossible to secure. If you're going to argue semantics, then you should say the entire web is basically impossible to secure. Nothing is 100% secure, just as you've pointed out by saying AWS and Disqus would need to be hacked to gain access to a statically-generated site/app. But, yeah, if you review WP trac, you'll notice nearly every prior release contains security vulnerabilities.
Donald Jackson
Using WordPress these days for any serious professional purpose is a really tough choice. Yes it is easy with a massive plugin & theme eco-system but the legacy code and technical debt in the project I feel it will always be prone to security issues or at the very least be the cause of many a sleepless night for those in charge of defending it.
It's not semantics. When is the last time you read about an S3 hack?
Pablo Barría Urenda
"The truth is, there’s no reason people should avoid using WordPress." Other than PHP you mean? None of these debunked Biases really begins the address the reason I wouldn't consider WordPress for a project, PHP being the main one. The language was made to fill a specific niche that has since been filled better by other languages and tools, it is notoriously pidgeonholed as a web server language (whereas python, ruby, javascript, java, etc all can serve multiple purposes, from scientific computing to front end to application programming), it is a patchwork of programming concepts and, as far as I know, to this date it is still very tightly coupled to the html template generation paradigm under which it was born. Add to that the fact that WordPress is still a customizable CMS and not a general purpose framework. You have to consider that, while a plugin may be readily available for your purposes, if it isn't, you'll probably have to work against the grain and include a lot of legacy code you may not wind up using. WordPress is 13 years old and, while its use cases are still valid today, they are loosing ground to other paradigms. A ready-made solution for the Web 2.0 is just not going to cut it in a forward looking project on 2016. Sure, for the right job, WordPress might have all you need. As long as the requirements don't change, and that your team likes working with PHP. In any other case, I'd recommend evaluating how hard it will be to build the exact functionality you need using a proven framework, before commiting to WP. Of course, I have a personal dislike for PHP, and it is based on my limited experience with it, but I have never felt I'd be rewarded for giving the language a chance for a big project. I'm not an expert, and if you love PHP, more power to you. But WordPress and PHP are inseparable, and I don't think I'm alone in disliking the language itself and considering it a major reason not to choose WordPress. Feel free to debunk me if you think I'm completely off the mark.
Donald Mudenge
But right set of tools and precautions you can definitely save yourself
Donald Mudenge
Nothing is 100% secured over the internet. and it is just a recommendation to host with wpengine, in case you cannot take the precautions yourself.
Donald Mudenge
You must try for a few projects and you can see the ease.
Shaheryar Malik
Thank you for clarifying a lot of things.
Lee Peterson
Aug 2014, Feb 2016, May 2016, Really, though, you can't say any software is 100% secure. And it's not WordPress that's vulnerable, as the author has pointed out. It's the technologies which make up WordPress and the developers who create themes and plugins for WordPress which are the root of the issue.
Lee Peterson
I must say that I agree with you on these points. PHP has been pieced together from one thing to create another set of things. It is getting better as it ages, though. And, yes, any capable developer/firm possessing the wherewithal to create enterprise, high-performance web software will certainly choose Python, Ruby, Node, Haskell, etc. but only if budget permits. Being a 12-year WordPress developer myself, I know all too well the sh*tshow sitting behind the scenes, the intricacies that leave you scratching your head, the spaghetti code left over from the fact that WordPress was originally a blogging platform with a single content type which was then added onto to create something bigger before it was refactored with a long-term strategy in place. I hate that part with a passion. For me, though, it's the community of developers behind WordPress that keep me involved day-to-day. It's like no other community that I've been involved with, from Drupal to Joomla to ExpressionEngine to Magento. Have you looked into the budding WordPress REST API? Sure, PHP still runs the show. But it really is promising and what's keeping me around while it goes through the typical #WPDrama. The thought of stripping away that ugly admin interface (yes, it's still one of the best CMS interfaces available), pairing it all with React or Angular... that's what's keeping me with it, knowing I'll have full control over all aspects before long, using the core principles in place today.
Who wants to "take precautions" *ever*, risking the need of an emergency site repair, and requiring endless maintenance, when S3 is practically free, close to 100% secure, effectively infinitely scalable, and probably 99.9% or better uptime?
None of those work if you use best practices with regard to keys and 2FA. S3 itself isn't vulnerable. More to the point, basically all of those attacks would also be effective against a WordPress site, so by eliminating the WordPress security holes, you're strictly better off.
Sebastiaan Stok
Using Wordpress as a benchmark for the current PHP ecosystem? Give me a break, php has come along way since the PHP 4 age and things have improved greatly. EDITING. STUPID KEYBOARD.
I think there are 2 main benefits in choosing WP: 1) it still has a great user friendly admin-editor interface with tons of plugins that enhance its capabilities; so it's ; 2) plehora of themes and templates for all kinds of web projects - from portfolio or news list to web-shop catalogue. So if you're asked for a editor-friendly CMS based website with average budget no special design needed - you can setup WP project within and hour - including buying and setting up theme and editor tooling. You won't need to spend lots of time explaining how things work in admin UI to the customer - it's really well organised there. Later yes, you as an IT guy should spend some time to cover the back (backup, security, etc) but still website up and running within 1 working day that's only with WP.
Pablo Barría Urenda
Just two clarifications: I did not say PHP was good for nothing, I said it was good only for the server. And by good I mean capable. Of course the language isn't useless. It had a tremendous rise in popularity at some point and a lot of projects still depend on it, of course it is still being maintained and improved. However, as a new developer, looking to pick up a language, I wouldn't choose PHP unless it was tightly coupled with a project I need to work on. PS: there's more to Ruby than the web (my point exactly) and more to Ruby on the web than Rails. JavaScript does support classes now (sadly) but not supporting them was not a bug, it was a feature. JavaScript was also the first functional programming language to go mainstream, and if you stuck to best practices you could have a highly expressive scheme like language. Finally, C is designed to work close to the metal, of course you can break things with it. Also, it is 40 years old technology and we're finally getting around to having better languages in that niche (Rust). Again, compared to those languages, my impression is that PHP's edge was ease of setup and out of the box template generation. Now those edges are obsolete. Doesn't make the language bad, but it does make it aggressively unremarkable in my humble opinion.
OB Dev
If more problems is a direct cause of having a high user base why isn't Linux have issues like that?
Wordpress includes a lot of messy code, and I don't know of any professional developer who'd actually enjoy working with it. But yeah - it has no competition when it comes to the number of plugins. It doesn't make it any better, it just makes it the only choice in some situations.
"The truth is, there’s no reason people should avoid using WordPress." My god man, you must be delusional. Wordpress codebase is absolute shit, and most plugins are the same and frequently even worse. The performance is terrible, and using plugins to help fix that is not a solution, it's a disgusting workaround that shouldn't even be needed in the first place. Only an uneducated idiot or someone who knows nothing else but Wordpress would use it. Speaking as a web developer with 6 years of professional experience on many kinds of sites, including a couple Wordpress ones (not my choice, btw). It has certainly gotten better in the last few years, but even then it is still bad.
^THIS This is the true problem. Anytime you do anything more than just the basics it just has to be done with your own hacks laid upon WP's hacks because of how hacky the codebase is...which of course leads to your hacks breaking nearly every new release of WordPress, which you HAVE to update to because WordPress gets hacked so often that most hosts won't even allow an old version of WP to be running on their servers. Go ahead people: develop WP themes for all your clients...then watch as your profits diminish over time because you spend more and more time maintaining past clients instead of doing work for new ones. WP is the most maintenance intensive way to build a website that I've ever dealt with.
Petros Diveris
Erm.. have you looked at he codebase of wordpress? Are you familiar with technologies like MVC, Laravel, asset mangers, composer, closures? Have you tried to run Wordpress of a database other than mysql?
Kristan Smith
English is a terribly inconsistent language with grammar and pronunciation that make no sense. Yet here we are all using it.
I am a WordPress developer myself and have plugins and themes in the repository while WordPress is the king among CMS's the inherent massive scale of its user base has meant it is carrying way too much bloat. Premium themes and plugins are marketed as ready made solution but the performance and maintenance becomes nightmarish quickly. If you are into web development then you should start from PWA's that is the future not giant CMS's
I got my already programmed blank ATM card to withdraw a maximum of $10,000 daily for 30 days. I am so happy about this because i got mine last week and I have used it to get $150,000. Mr PAUL is giving out the card just to help the poor and needy though it is illegal but it is something nice and she is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card. get yours from her. Just send her an email on [email protected]
Alec Kinnear
You are making a very good case for prototyping in WordPress. Or even starting a service in WordPress. But once you are up and running the security and maintenance overload are ridiculous. We did create a plugin to <a href="">cut down on the never ending WP updates and breakage</a> (security updates only, hiding the constant push to update Core). But even that's a bandaid. Besides the security risk, WordPress in high traffic environments is has very high server requirements at load which caching can't fix (logged in users for instance). In the end what you save in early development costs you pay back in long term maintenance.
Alex Raven
Most websites are hacked not because Wordprese's security is bad but because FTP passwords are stolen with trojans or other ways (brute force simple passwords, social engineering ways, etc). If your passwords are strong, and you have installed a good security plugin, such as Wordfence with proper settings to protect from brute force, you have almost nothing to fear.
and What about the myth of Wordpress is less functional when operating in Windows Server ? Is a Myth too ? I'm thinking to test this, I like Windows Server, IIS, ASP.NET/Core, C# and PHP ... And PHP seems like great on Windows Server ... I need to really to test this ... I heard about people using and seeing nothing less but enjoying combination ... Do u have some information about this ? Thy regards :)
comments powered by Disqus
Free email updates
Get the latest content first.
No spam. Just great articles & insights.
Free email updates
Get the latest content first.
Thank you for subscribing!
Check your inbox to confirm subscription. You'll start receiving posts after you confirm.
Trending articles
Relevant Technologies
About the author
Donald Mudenge
Wordpress Developer
Donald is more concerned in succeeding on a project with a perfect understanding of the requirements rather than just completing the tasks. For any uncertainty in project requirements, he guides and makes suggestions to clients and does not hesitate to go the extra mile. He works on a project as if it's his very own. He likes his work to truly prove to be a beauty (beautifully written, clean code) with brains (a smart and useful end-product).