Ask HN: Why are we still using WordPress?

4 points by eykrehbein ↗ HN
Wordpress was first released 20 years ago. It powers 43% of the internet. But I think we can all agree that it's neither the most complete nor the flashiest piece of software. It's not headless like many of its modern rivals, but it does come with themes. It runs on PHP, which is no longer the hottest language around.

So why has no competitor been able to match the size or reach of Wordpress till now?

7 comments

[ 3.0 ms ] story [ 30.6 ms ] thread
[flagged]
Dont forget endless attack vectors from adoption of plugins!
I completely agree that WordPress has a huge attack surface. Plugins and crappy themes are mostly to blame, but it appears that small criminal busonneses exist to do username/password guessing and brute forcing, and there's a dazzling amount and variety of PHP malware.

Yet you hear nothing of this. Infosec people, corporate and government, seem to focus almost exclusively on Windows and APTs. Seems like there's a giant blind spot that engulfs WordPress security. Why?

You don't need the latest shit. It just works and does what's needed. Also it can be used headless. It's still here because it's not flashy or hot.