You probably already know that Wordpress is a blogging platform. It offers the user thousands of templates to design their own blog and is so user friendly that any tech illiterate could use it (maybe not, but it's very easy to use). But that's where it should end, it's a blogging platform for a reason, it was never designed to be a CMS (content management system) or to be utilized for anything other than blogging.
Wordpress "so called developers" that build Wordpress websites know very little about the coding of websites, (code is the framework that developers write to basically tell a website what to do, it's very complicated and it's requires a high skill set). Wordpress developers basically choose a theme (probably picked by thousands of other so called developers) that is the basic design for the website and use plugins to add functionality. But what happens when you need to change or update something on your website?
Many don’t think they have to worry about the server the site is on, but it couldn’t be more false. If a hacker successfully hacks one WP website out of the often 100s on these companies servers, that back door access will bypass 90% of your "secured/locked down" WP site sharing web space. Inevitably it's going to cost you to repair hacked damage.
Plugin Credibility. Everyone who uses WP, ends up using plugins, right? They save a lot of money on development, yes, but here's the problem: the developer behind that plugin. How do you know that developers credibility? Is he a hacker? You don't know. The likelihood is low but you don't know if the plugin was built to function as advertise and then secretly logs and email your admin credentials upon login.
Most plugins are free, you're not at all skeptical someone spent a ton of time and hard work to build a plugin you can utilize to make money off of it?
Plugin Compatibility. Let’s say the developer’s reputable – that doesn’t’ mean the plugin is. Many plugins often cause problems as a result of not being coded to the 9’s and affecting other plugins/components of WordPress. Many build plugins by doing the minimum it takes to get that function to work. When done right, a developer goes far beyond that and makes sure it is 100% compatible and that other plugins/programming won’t break the website!
Maintenance Heavy. WordPress constantly has to be updated. Both the core platform and all of the plugins. The reasons vary from vulnerabilities found and compatibility fixes to new features of the plugin. If you don’t stay up to date, your website can become more and more vulnerable to hacks.
Let’s face it, you can download WordPress for free at WordPress.com. You know who else can? Every single hacker on the planet. What this means for you is that when one hacker finds a way to hack it, he’s going to create a script that tries to hack every WordPress instance out there. It doesn’t take long for hackers to find vulnerabilities and that’s one of the many reasons WP constantly comes out with new updates that are a lot more essential of an update than they make it out to be.