GatsbyJS announces the 2021 Gatsby Agency of the Year: Read Announcement


Why WordPress is Responsible for 83% of Hacked CMS-Based Websites

WordPress is the most popular content management system for individual contributors and even well-established organizations. Although it's free, many kinks hold teams back from building an intuitive website experience.

Date IconMar 4th, 20224 minutes

Eric Izazaga

Marketing Coordinator

Why WordPress is Responsible for 83% of Hacked CMS-Based Websites - Blog Post

What is WordPress?

WordPress is a monolithic CMS used for building websites. It is a versatile content management system written in PHP that uses a MySQL database.

Due to its usability and flexibility, WordPress is considered the most popular monolithic content management system that allows users to control the front and back ends of an application in one place.

Who is WordPress for?

WordPress is for users who want a simple experience. By this, we mean a simple publishing experience, fast ease of adoption, and a no-code prerequisite.

It's no surprise that WordPress is now powering 39.5% of all websites in 2021. The software is free and flexible enough for users and organizations to leverage their out-of-the-box tools like WordPress plugins, themes, and developer community.

Who uses WordPress?

WordPress is used by some of the world's largest and most famous companies, celebrities, and brands. WordPress currently shares more than forty percent of the total Internet, including some of the largest brands worldwide.

Here are some of the most notable major brands that use WordPress.

  • Spotify Newsroom

  • Playstation blog

  • TechCrunch

  • Wired

  • Sony

What is WordPress known for?

WordPress is the most popular open source Content Management System (CMS). WordPress is the only site builder and content management system a user can download for free and begin using.

Because it's free and easy to use, users and organizations can get by with the platform's customization tools. In addition to its ease of use, users don't necessarily need to be tech-savvy to be successful with the platform.

Teams who have no web design experience can rely on WordPress themes and templates to get started. However, for a more customized blog or website, teams will need to rely on the plugin capabilities offered by the platform.

Another selling point is the ability to handle both the frontend and backend of a website in one single place. This is possible because coding knowledge is not required to build, manage, and update applications hosted in WordPress.

Types of Websites that You Can Build with WordPress

WordPress users deploy the open-source platform to build just about anything. That's what makes it the most popular software for websites. The most popular web applications include:

  • A blogging site

  • A company site

  • An online eCommerce store

  • A membership site

  • A site to sell online courses

What are the website limitations of using WordPress?

WordPress users undergo a tradeoff. WordPress may be a simple platform to use, but websites cannot be transformed or customized to an organization's liking.

In other words, users are stuck with the out-of-box tools offered by the platform. WordPress users run into blockers when they wish to transform their web applications.


WordPress users can't use robust third-party tools like a headless CMS that could transform the performance of a website using plugins and UI extensions.

WordPress websites are also prone to technical issues and require constant maintenance. This leads organizations to pay for maintenance costs and outsource a development team to maintain the website.

In addition to the lack of extensibility and increase in maintenance costs, WordPress raises compatibility issues. Users are required to continuously address these compatibility issues with frequent software updates—that's no fun!

But there's more.

Coincidentally, the most commonly hacked CMS-based websites are built on WordPress, with 83% of hacked websites hosted on WordPress. I wish I was making this up.

The most common WordPress security issues include brute force attacks, cross-site scripting, file inclusion exploits, SQL injection, and malware. Poorly written, insecure, or outdated code is one of the most common ways attackers can exploit your WordPress website.

The average WordPress instance gets overwhelmed with spam comments, and you’ll need to regularly clean them from the backend of your WordPress instance. And sometimes, they even slip through to the comments section on your website, which can get embarrassing.

Why WordPress Can’t Keep Up with the Demands of High-Growth Organizations

WordPress just can’t keep up with the demands of high-growth organizations.

Teams who want to be flexible and scale at speed need a web stack that can keep up—WordPress isn't the one.

High-performing organizations generally require a fully custom website. To make more extensive changes to the website design, coding knowledge, and better yet, development is required.

As an organization grows, its website must grow with them.

The tools offered by WordPress limits teams that are in growth mode. Even if a team were to hire a web development team, their developer skillsets and techniques would be limited.

Overall, WordPress is a slow platform. Things like large images, loads of words on a page, and unreliable hosting can impact a website's speed. These small kinks will affect any SEO efforts that your team has in place.

To drive it all home, WordPress falls short in many areas. This includes multi-channel marketing efforts. WordPress cannot support multiple digital channels at once.

To learn more about an omnichannel marketing strategy, see how a headless CMS solution maintains multiple digital channels at once—WordPress can never.

The Monolithic Content Management System We Do Recommend

Yes—WordPress is free and everyone uses it. However, there is another all-in-one solution that we recommend over the most popular CMS.

HubSpot CMS Hub

HubSpot's CMS Hub is a web content management system built on HubSpot's CRM platform.

The CRM platform provides a unified view of your customers, allowing marketers and developers to meet the latest expectations and create experiences that help them grow their business.

Easily create and manage website pages that are personalized for different visitors and optimized for devices and conversions.

The Headless CMS We Recommend

Headless CMS is a pure backend content management system that allows you to access content via APIs for viewing on any device, without an integrated frontend or presentation layer. This separates content management from presenting that content.

This gives you more control over the user experience by "separating" the front end from managing content on the back end.


Contentful is a headless CMS that helps editors manage and deliver content in mobile or web applications. Contentful allows editors to collaborate interactively on content in an easy-to-use editing interface, and developers can use content in the programming language and template framework of their choice.


DatoCMS is a cloud-based headless CMS designed to work with static websites, mobile apps, and server-side applications of any kind. Freelancers, agencies, and startups use DatoCMS to allow non-technical clients and team members to manage the content of their digital products within a web-based CMS.

Parting Thoughts

WordPress is the perfect solution for users and organizations who are just getting started with their websites. Eventually, WordPress will become more strenuous to use, costing teams in performance, costs, and ultimately, an intuitive website experience.

If your website is currently running on WordPress and you're interested in learning about the headless CMS migration process, download our free implementation checklist and guide to a successful headless migration.


Webstacks Product Teams

Webstacks provides world-class product teams to help high-growth technology companies streamline their web operations, boost revenue, and substantially elevate the their web presence.

Get started