This is probably not an original thought but Wordpress is awful.
I think its a relatively well-designed CMS that is really good at letting people make websites without too much thought or programming knowledge. But I have a number of major problems with Wordpress.
The plugin and theme engine in WP allows for any arbitrary third-party code to be executed on your website (potentially on your server/PC). This is a giant, glaring hole in the security model, that Automattic has kind of taken steps to counteract. For example, using Wordpress.org’s hosting features for your site 1) is more secure and 2) you don’t have to manage your own server but then your site and content are trapped and held hostage by Wordpress.
Storing Configuration in the Database
Most websites and web apps these days are two things, a bunch of files (code. and a database. This generally makes collaboration between developers easy because the code files can be checked into a version control system like git and Github, and easy shared. The database is more complicated.
Take a Ruby on Rails application, for example. Two developers are working together and all the code is checked into Github. The way RoR is architected ensures that the data in the database is arbitrary and volatile. It doesn’t matter what is in the database, really. As long as the schema is consistent, it doesn’t matter if a user has one email or another. Rails solves this by including scripts and functions to take a saved state of the structure of a database and recreating it. Then there are seed files that can load data.
Wordpress is different. Wordpress stores site-wide settings in the database. Flip an option in the settings view or update a page, and that information is stored in the database. So two developers can’t just collaborate on a WP site together because the configuration changes are saved to the database. So you can’t just pass the schema back and forth between developers because you would be missing crucial configuration changes. Infuriating.
Single Table content structure
All of the actual content on a site are stored in one database table. This is idiotic to anyone who has taken a 101 course on database design.
The people who developer Wordpress themes and plugins are committed to twisting and changing Wordpress to do whatever they want it to with a disregard for what WP is inherently weak or strong. This leads to tedious and unmaintainable Frankenstein monsters of websites.
This was mostly prompted by having to work on way too many Wordpress sites at my day job.