limitations of wordpress

The WordPress core is made with 4 main programming languages: HTML, CSS, Javascript, and PHP. With those programming languages alone you can create anything you can dream of, anything from your simple bakery website to a comprehensive e-commerce platform like Amazon.

WordPress being open-source, technically anything is possible to make with WordPress. However, there are some scenarios where WordPress can be limited:

  1. The developers developing the website
  2. The complexity of what your building
  3. Security
  4. PHP
  5. Speed

The developers developing the website

WordPress is made of 3 main parts:

  • The Core
  • Themes
  • Plugins

Generally speaking, WordPress gets its popularity because just those 3 main parts make it very easy to set up any website you can think of relatively easily without having to code everything yourself.

With the theme you can customize how your website looks and feels, with plugins you can add in more functionality and customizations otherwise not available in your theme, and finally, the WordPress core is the framework that themes and plugins are built on.

When a developer is making a WordPress website. sometimes the theme or plugins don’t quite offer exactly what they’re looking for. In situations like these, they usually take it into their own hands and code in what’s needed.

It’s moments where developers build upon plugins and themes that really do make WordPress have limitless possibilities, but without the coding knowledge, you are limited by the themes and plugins offered to you.

So, WordPress can be limited if you don’t know your way around code. It’s common to install a plugin to fix your problem, which leads us into our next limitation.

The complexity of what your building causing too many plugin problems

When a good WordPress developer is trying to add more functionality to the website, they try to do it with as little additional plugins as possible.

The more plugins you install the more maintenance, security vulnerabilities, ways for something to go wrong, and speed drops your website will have. So a developer tries to keep them to a minimum to make a better performing and easy to maintain the website.

When you add up these negative repercussions of having a bunch of plugins installed, your website ends up becoming a nightmare to work on. Anyone plugin can break during an update and cause a reaction that affects the whole website, sometimes even taking it down completely. Some plugins can even conflict with each other and cause the WordPress backend to break and become unusable.

As a web developer myself, I have worked on websites that have this issue. I’ve had to make changes to a website with 46 plugins active and installed. And sure enough, a nightmare. Random things would just stop working in the backend like the pages search bar, or the collapse buttons for page options and there would be PHP errors showing everywhere in the backend.

Big websites like,, or even would be nightmares if made on WordPress because of the amount of functionality those sites have.

The websites would be:

  • Insecure because of the use of many different plugins to get the desired functionality
  • Slow because all the plugins it would be loading in
  • Prone to breaking because of the amount of code running from all the different plugins

So if the website your building has that much functionality and moving parts, it can really push WordPress to its limits.

There is an argument to say that someone could just code the functionality themselves probably solving all the above issues while still being on the WordPress platform, but at the end of the day if you’re using WordPress odds are you’re going to be utilizing plugins to make development faster.

WordPress CAN be insecure

Security is something I was debating to label as a limitation of WordPress, as the common consensus about it is wrong.

When comparing the security of a WordPress website vs a hand-coded HTML website, the hand-coded website will always win simply because the WordPress has a login system and the hand-coded one doesn’t.

However this doesn’t mean WordPress is necessarily insecure, because it is very secure. WordPress gets a bad reputation of being insecure because you’ll hear things like “X number of WordPress sites hacked in X year” when in reality, 99% of hacks are due to 1) Outdated plugins or 2) Bad/weak account logins.

The limitation comes in with cause #1, the plugins. Because of this, it would infer the bigger the WordPress website – the more risk it has to be hacked, Which is true.

All the time hacks are proven to be originated by certain plugins. As of recently, a vulnerability in File Manager was responsible for millions of sites being targeted.

It is also true that if your website is WordPress, you don’t HAVE to do every piece of functionality with plugins – but if not, why use wordpress in the first place? Plugins are ½ of the use of WordPress!

PHP and more PHP!

Another limitation of WordPress is that mostly everything is in PHP. If you want to make a plugin, PHP. If you want to make a theme, PHP. If you want to edit the WordPress core, PHP.

Yes, everything is surrounded by HTML, CSS, and Javascript but PHP is the programming language the foundation of WordPress is built on.

A Lot of other popular websites utilize alot more programming languages for making websites like:

  • C
  • C++
  • Python
  • Perl
  • C#
  • Java

Speed and Size

WordPress is big. WordPress 5.5.1 is 47.7 MB in size, and the core itself is 30.8 MB alone. With all those files, comes loading. With all that loading, comes a slower website.

A WordPress website can easily get excellent speed results speed tools like Googles Speed Insights Tool, but a static HTML website can and is more likely to be faster.

Additionally, those files all add up in server space as well. From my experience with web development, the average WordPress site is 0.5 GB – 3 GB in size, which can be more than your hosting allows.


Contrary to what this post suggests, WordPress isn’t really limited in any way if what you’re creating isn’t Twitter or Amazon. WordPress is a framework built on basic programming languages that already can be used to make anything you want, so you can theoretically do anything your programming skills allow.

However, if you cherry-pick and highlight some flaws of WordPress, one could call them limitations in certain scenarios.