PROS AND CONS
It is estimated that over 40% of the world’s websites are created in and served up for your viewing pleasure by the ubiquitous WordPress content management system (CMS). And why not? It’s open source and all major web hosting companies offer managed WordPress hosting packages. WordPress, along with other CMSes such as Drupal or Joomla, relies on a back-end database tied to the web server via a complex collection of PHP scripts that dynamically generate the HTML and JavaScript code that is sent to your web browser when you visit a page. This contrasts with static web pages, where an HTTP web server simply reads code stored on a hard disk and delivers it to your web browser via a network, which is where the internet started as Tim Berners-Lee’s brainchild.
Dynamic code generation has its advantages, but it also comes at a price – requiring more CPU power and disk I/O than is needed for a web server to serve up a static page due to the requirement for the database operations and connecting code. That database connection and connecting code also greatly increase the attack surface for hackers, and introduces extra security risks. Anyone peering at their public website logs will spot multiple automated attempts to connect to WordPress admin pages, whether they actually use WordPress or not, and that’s before you start worrying about insecure or vulnerable plugins used to extend the functionality of the CMS. One of our own low-traffic websites managed to attract nearly 300 such attempts over the last 30 days.