I agree WP is awesome, but it's popularity creates a lot of troubles and opportunities for hackers.
I did have a simple personal blog on WordPress, not a big deal, just a few posts to let my mates online know what I'm up to. I had it indexed by Google, but never me neither anyone else spread a word of it. Nobody would be interested anyways ^^ I even been checking if I had any links indexed in MajesticSEO - null.
WordPress was always up-to-date, as well as all the plugins. Neither I used any third party add-ons nor I had installed any new plugins, just one or two that were with the clean install of WP. Obviously I had a strong password to the backend as well as to the MySQL DB.
After a few weeks of putting it up I had tons and tons of spammy comments being posted to my blog by some internet spiders. After 3 months it got hacked by some Pakistan hacking group (don't remember it's name to be honest). It gotten down and I never plan on putting it back up, especially on WP.
Summarizing - I do still think it's a powerful piece of software, however I would never agree it's more stable or secure than an application developed by all them crazy, mvc-or-any-other-java-or-ruby-or-anything-else-programming-pattern-posessed developers (as you call them) on top of ie. Zend Framework...
WordPress is popular, because it's easy and straight to the point. You would never need to know in-depth PHP to have a simple website built on WP. It's as good as it gets while talking about a simple or even a bit more advanced company website, personal blog, articles site or something similar. Saw even shops put on WordPress - it's all fine, acceptable and still grows WP's popularity. Great job on the developers, would harm myself if I lied WordPress is not worth it. However, being simple, to the point, so big and sooo popular encourages people to look for bugs and break it, unfortunately. Would be the same case with Zend, Cohana, Symfony or any other framework out there if it was that popular. I do believe though that if an app was build well on top of any of the above, it would be more complex and more difficult to break than a pure WordPress itself.
All in all, following well-designed, thought-through and based on experience of thousends of top developers and contributors patterns from other languages gives you a tough surface to build on. Everything depends on what you're looking for and what approach you're gonna have ;) Don't say you won't agree ;>
I understand what you're saying about the popularity. I don't underestimate it, BUT nowadays, in the internet, popularity is volatile ;)
Manuel Lemos - 2013-08-12 03:04:50 - In reply to message 1 from Rad Paluszak
Yes, that is a consequence of Wordpress popularity.
It's like cars versus planes. Cars are more popular, less expensive, more adequate for simple trips, but are also more likely to get involved in accidents. Less people travel by planes as trips are more expensive, impose travel time overhead that is not adequate for small trips, but have less accidents.
On the good side, Wordpress is also target of security audits done by more professionals.
Anyway, this article was not about what would be the best solution for all cases. Personally I do not even use Wordpress. I prefer to have better control over my applications code. But that imposes a development cost in terms at least of time to develop.
That is why I also mentioned that in some cases it is better to not rely on Wordpress, nor even on third party frameworks.