I really don't see how Wordpress is a valid argument here. We run several business systems in PHP serving hundreds of thousands of users. Last time I used Wordpress was over 10 years ago for my personal blog. Haven't used it for anything else. PHP is great for us, regardless of how Wordpress performs.

I was primarily responding to the OP that used WordPress as an example of how easily you can add plugins (third-party PHP code). I see that as an anti-pattern, because it encourages non-developers to add PHP code into the system, much of it poorly written and insecure (or not performant).

But that plugin system also is one of WordPress' greatest assets. And you can add PHP code to any part of a "theme" too. If you turned off the ability for themes and plugins to be "added live" then I don't think WordPress would be nearly as successful as it has become.

Wordpress is written in PHP.

Wordpress is not PHP.

Did I say that? Please don't twist my words. I was responding to the OP who was talking about the WordPress plugin system, which allows just about anyone to add third-party PHP code into the system. And those plugins have access to everything in the WordPress stack (and the file system for that user).

And I think you can definitely argue that a low barrier to entry means that it gives beginners a lot of power they don't quite understand.

Which is why I think most people steer towards common web frameworks, because not many people can know all the ways you can create security issues.

Then you get into the complexities of various common web frameworks (Zend, etc) and you have to really wonder if the original OPs argument about simplicity and ease-of-use are worth that trade-off from using something else.

Again, those frameworks are written in php. They are not php.

You're trying to apply the problems of a framework/app to a language itself.