From time to time, our clients will bring up WordPress as a possible option for hosting their corporate website or a product site. This is not going to be an article bashing WordPress. WordPress is a good solution for some use cases as reflected by its large and dedicated user base. However, I’ll identify some key factors that can increase risk when using this type of platform. I’ll share some WordPress related information from a production hosting perspective to shed some light on why WordPress might not be the best use case.


  1. The sites we typically develop are for mid-size or larger companies.
  2. These sites handle quite a bit of traffic.
  3. These sites may be scoped to capture and store data that is covered under privacy regulations.

With these items in mind we have to take a good look at security. The hosting architecture you build on can only do so much to protect your application. With architecture security in place you must now consider the security of the software you are using.

While WordPress is used in tons of websites it can also be the largest infected platform. (Figure 1)

Infected Websites Platform Distribution Q1-2016
Privacy security

Figure 2 (Client sites and IP’s have been redacted for privacy/security)


In the end, the most important choices in building a site are deciding what software platform to use, the team supporting that platform, and the services provided by that team. If you choose to use WordPress, proceed with caution. Make sure you evaluate software that is most compatible with your business requirements and take into account the potential dangers. Choose your team wisely.  Consider a professional partner with a long track record of hosting with documentation of their policies and procedures, and make sure they provide an ongoing support solution for updates and security testing.

As always, for more questions on technology services provided by HDMZ or how we can help you make good choices - please get in touch!