WordPress has its pros and cons. Sadly, very often the cons are blown out of proportion. The security aspect is one of those, especially that is improved

Przemysław Hernik

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

WordPress' security reputation is often criticized due to its low barrier of entry and reliance on plugins and themes, which generate most vulnerabilities. Despite this, the core WordPress CMS is relatively secure, and recent years have seen significant improvements in finding and addressing security issues. The market is also evolving, with larger companies investing more in security. Areas that need attention include better visibility for closed plugins and security researchers, and cleaning up some legacy code quirks. Overall, while there is still work to be done, the security landscape for WordPress is improving.

WordPress Security - is it really that bad?

“Also, the Envato premium themes, where authors often “hardcode” some plugins without the possibility of updating, left a huge scar on WordPress reputation” - True 💯

I had a whole long comment written out, ready to click send before I realized you hit pretty much every point I wanted to make (yeah, I was gonna be that guy commenting before I read the article 😂).
The way I see it, the issue comes down to perception and a bit of “let’s dogpile on the big guy” (This is similar to the situation Microsoft found itself in with Windows in the XP era). As you said, most issues come from plugins and/or themes. The community needs a serious push for user education when it comes to adding these things. I’m not sure how best to accomplish this in a way that “Joe User” will get it.

Same goes for PHP. The language is great, it’s just most developers use it poorly.