Why we don't use WordPress - and what we build instead
WordPress powers 43% of the web. We still don't use it. Here's why - and what modern frameworks like Next.js do better for performance, security, and long-term reliability.
Every week a potential client asks us: "Can you build it in WordPress?" The short answer is: we could, but we won't. Here's the long answer.
WordPress began as a blogging platform in 2003. Over two decades it has been patched, extended, and stretched far beyond its original purpose. Today it powers everything from personal blogs to enterprise e-commerce - and that ubiquity comes at a real cost to the businesses relying on it.
The performance problem
A fresh WordPress install does not load slowly. A real-world WordPress site does. Themes load CSS for features you will never use. Plugins add JavaScript that fires on pages where it does nothing. The database-driven architecture means every page request requires multiple server round-trips. Getting good Lighthouse scores on WordPress means fighting the platform constantly, not working with it.
Modern frameworks like Next.js allow us to build platforms that are fast by design: static generation, edge delivery, and component-level code splitting. Not patching speed onto a system that was never built for it.
The security problem
WordPress is the most-attacked CMS on the web - not because it is uniquely insecure, but because its market dominance makes it the most valuable target. The real vulnerability is the plugin ecosystem. Most WordPress sites run dozens of third-party plugins, each maintained by different developers with different standards, each a potential entry point. When a plugin used by two million sites has a vulnerability, all two million sites are exposed simultaneously.
Security is not an add-on. It is an architectural decision.A custom codebase has exactly the dependencies it needs and no others. The attack surface is minimal by design.
You do not own your stack
When you build on WordPress, you are building on someone else's code. When a core version changes, your site may break. When a plugin is abandoned, you are stuck. When the theme you built on gets deprecated, your design's foundation is gone. You have built your business on shifting ground you do not control.
A custom-built website belongs entirely to you. The codebase, the architecture, the design system - none of it depends on a third party's continued goodwill.
Is it more expensive?
Yes, upfront. No, long-term. A custom site costs more to build - but significantly less to maintain, secure, and scale. Performance is better from day one, which means better conversion. The total cost of ownership over three to five years is typically comparable to - or lower than - a properly maintained WordPress site when you account for developer time spent fighting the platform.
Read more on this in our piece on the real cost of templates.
When WordPress might be right
We are not dogmatic about this. If you are running a personal blog with light traffic and you are comfortable maintaining it yourself - WordPress is probably fine. If your team already knows the WordPress admin interface and your content requirements are simple - that is a legitimate reason to consider it.
But if you are building a business website, an e-commerce store, or a web application that needs to perform, scale, and stay secure - a custom build is almost always the correct answer. The question is not which CMS to choose. The question is whether you need a CMS at all.