WordPress was created in 2003 as a fork of the news/blog editor B2/Cafelog. The latter was written in PHP and used the MySQL database as data storage. The use of databases simplified searching and made theming of content much easier. With the help of the integrated advanced content editor (TinyMCE) anyone could start sharing their thoughts online, without needing to know anything about web development.
Although WordPress started as an blogging tool, it received many new features over the years: capability extension with plugins (2004), static pages (2005), URL structure customization (2007) and custom post type integration (2010). These addons allowed WordPress to become an universal Content Management System, which can be almost limitlessly extended with plugins or custom code. It allows developers to create Company websites, Information web portals, E-commerce sites, Landing pages or even Forums (look at some examples), and on top of that it can still be used as a simple blogging tool.
WordPress’s fast growth (it’s now used in more than a quarter of all websites) makes it a popular target for hackers. In one of our previous blog posts we have shown that WordPress is a safe CMS, which is regularly updated, but users often won’t install the updates. Intrusions are also made possible by out of date/unofficial plugins and themes, adding source code from untrusted sources, weak passwords and/or wrong server settings.
A common misconception about closed source CMS’s being more secure than open source CMS’s, comes from the idea that security through obscurity can prevent successful attacks. The closed source developers also often conceal problems and security vulnerabilities from the public and silently patch their systems. This gives an illusion that everything is running smoothly, but in reality the backend can be a mess. The openness of WordPress code enables the community to contribute reports about discovered vulnerabilities and Automattic encourages this by providing bug bounties. In conclusion, security is not really an issue, and the situation keeps improving.
The web is full of people asking »Why is WordPress so slow?«, which is not an indication of the true CMS performance, as the speedup is extremely simple to achieve. A lot can be done by selecting the right type and size of images, better templates, plugin reduction and automatic static page caching. The latter reduces PHP processing time and load on the MySQL server, which in turn significantly improves page display times. One of the key reasons for poor performance are also poorly chosen hosting plans. Shared hosts with limited resources are especially problematic, as they suffer heavily when the concurrent user count goes up.
This claim is in complete contrast with the WordPress philosophy and it’s not even remotely true. WordPress is built for the majority, which wants to publish their thoughts on the web, without needing to dive into the world of source code. The interface is thus simple and intuitive, with carefully chosen default settings. Visual customization can be done via a visual preview and published only after you are satisfied with the results. The WordPress installation process is really simple and takes only a few minutes. Theme/plugin installation is available with a click, and the same goes for updates (which are even partially automatic).
We hope, that we have dispelled some of the greatest doubts about using WordPress. This popular CMS can compete with any closed or open source solution when used the right way, and thus there is no reason to not consider it for your next project.