WordPress Performance in 2026: The Data

This is a data report. Every claim is sourced. The data comes from Google's Chrome User Experience Report (CrUX), the HTTP Archive's Web Almanac 2024 (which tested 16.9 million websites), Patchstack's security research, and W3Techs market data. Where we ran our own tests, the methodology is described.

WordPress powers more of the web than any other platform. That makes its performance data consequential for hundreds of millions of sites and the businesses that depend on them.

The core performance data

The most comprehensive public dataset on CMS performance comes from two sources: Google's Chrome User Experience Report (CrUX), which captures real-world performance from Chrome users, and the HTTP Archive Web Almanac, which runs Lighthouse lab tests on millions of pages.

They tell the same story from different angles.

Core Web Vitals pass rates (mobile, June 2025)

Core Web Vitals are Google's three user-experience metrics: Largest Contentful Paint (loading speed), Interaction to Next Paint (responsiveness), and Cumulative Layout Shift (visual stability). A site must pass all three to earn a "good" rating.

Source: CrUX Technology Report, Search Engine Journal CMS rankings

The global CWV pass rate across all origins was 51% as of June 2024 (HTTP Archive). WordPress sits below that line. Every other major CMS platform is above it.

Lighthouse performance scores (mobile)

Lighthouse is Google's lab testing tool. It simulates a mid-tier mobile phone on a slow 4G connection and generates a performance score from 0 to 100. These are median scores across millions of sites tested by the HTTP Archive in June 2024.

Source: HTTP Archive Web Almanac 2024, CMS Chapter, Figure 12.11

A Lighthouse score of 38 falls in the "Poor" category (0-49). For context, Google considers 50-89 "Needs Improvement" and 90-100 "Good."

WordPress did improve from 33 in 2023 to 38 in 2024. That is genuine progress, driven by the WordPress Performance Team's work on fetchpriority attributes, script loading strategies, and AVIF image support. But the absolute number remains low, and other platforms improved too.

Breaking down the Core Web Vitals

Each CWV metric tells a different part of the story. Here is how WordPress performs on each, based on HTTP Archive data (June 2024):

Largest Contentful Paint (LCP): Only 40% of WordPress sites achieve "good" LCP on mobile (under 2.5 seconds), up from 28% in 2023. The global pass rate is 63.4%. Squarespace improved from 33% to 60% in the same period. Duda sits at 73%.

LCP measures how fast the main content appears. It is the hardest of the three CWV to optimise because it depends on server response time, resource load order, and render-blocking assets. On WordPress, all three tend to be problems.

Interaction to Next Paint (INP): WordPress improved from 69% to 82%, which is a genuine success. INP replaced First Input Delay as a Core Web Vital in March 2024, and many predicted WordPress would struggle with it. The WordPress Performance Team's optimisations, particularly around reducing main-thread JavaScript work, paid off here.

For comparison, Wix improved from 50% to 85%, and Duda from 89% to 95%.

Cumulative Layout Shift (CLS): WordPress performs reasonably well here, with most sites passing. CLS measures visual stability, and WordPress's relatively stable server-rendered layouts help. Page builders can undermine this with late-loading fonts, popups, and dynamic content, but the baseline is acceptable.

Why WordPress is slow: the technical breakdown

The data shows WordPress underperforms. The question is why. The answer is not one thing. It is the compounding effect of five architectural choices.

1. Page weight

A WordPress page ships more bytes than it needs to. Here is what the median WordPress page sends to a mobile browser:

Source: HTTP Archive Web Almanac 2024, CMS Chapter, Figures 12.19-12.25

WordPress's total page weight (2,047 KB) is not the worst. Squarespace sends 3,015 KB, and Wix sends 2,215 KB. But look at the composition. WordPress sends 725 KB of images (compared to Wix's 152 KB, which uses aggressive compression and lazy loading at the platform level). WordPress sends 118 KB of CSS (compared to Wix's 5 KB, which inlines everything).

The problem is not that WordPress is universally worse at everything. It is that WordPress does not enforce optimisations at the platform level. Image compression, CSS inlining, JavaScript deferral, and lazy loading are all available via plugins, but they are optional. On Wix and Shopify, they are built into the platform. Every site gets them automatically.

2. The plugin tax

The WordPress plugin ecosystem has over 61,000 plugins in the official directory alone. This is simultaneously WordPress's greatest strength and its primary performance liability.

A typical business WordPress site runs 10 to 30 plugins. Each plugin can add its own JavaScript, CSS, database queries, and HTTP requests. Many load their assets on every page, even pages where they are not used.

The WordPress Plugins Team reviewed 12,713 plugins in 2025, a 40.6% increase over 2024. Of those, 59,137 issues were identified during review. The ecosystem is growing faster than quality control can scale.

Consider a common small business WordPress stack:

• SEO plugin (Yoast or RankMath)
• Security plugin (Wordfence or Sucuri)
• Caching plugin (WP Rocket or LiteSpeed Cache)
• Form plugin (Contact Form 7 or WPForms)
• Page builder (Elementor, Divi, or WPBakery)
• Backup plugin
• Image optimisation plugin
• Analytics plugin
• Cookie consent plugin
• Social media plugin

That is 10 plugins performing functions that are either built into modern frameworks or handled at the hosting/CDN layer. Each adds overhead. Each requires updates. Each is a potential conflict point with every other plugin.

One practitioner on r/webdev documented reducing their plugin count and seeing load times drop from 10 seconds to 2 seconds, with MySQL queries per page view dropping from 2,332 to 107. That is not an unusual ratio.

3. Page builders: the performance multiplier

This is the single biggest factor dragging down WordPress performance numbers, and it is worth examining in detail.

28% of WordPress sites use Elementor. Another 20.8% use WooCommerce. 9.4% use WPBakery. These are not small segments. Elementor alone accounts for roughly 10% of all websites on the internet.

The performance impact is documented. One developer analysed 67 websites built with Elementor and Divi and published the following comparison:

Source: ProBlogInsights analysis

3,247 DOM nodes versus 892. That is 3.6x more HTML for the browser to parse, lay out, and paint. 347 KB of unused CSS that the browser downloads, parses, and then ignores. 11 render-blocking JavaScript files versus 2.

Remkus de Vries, a long-time WordPress contributor, wrote in March 2026:

“

Page builders do not just output heavier pages. They encourage workflows that compound the problem over time. Performance degrades not only because of what the builder is, but because of what the builder enables.

”

The CrUX data confirms this at scale. WordPress sites without a page builder pass CWV at a meaningfully higher rate than those with one. WordPress + Elementor's 26.99% pass rate is almost half of WordPress's overall 43.44%.

This creates a structural problem. The page builders that make WordPress accessible to non-developers are the same tools that make WordPress sites slow. The easier WordPress is to use, the worse it tends to perform.

4. Server-side rendering overhead

WordPress generates pages dynamically using PHP on every request (unless caching is configured). When a visitor loads a WordPress page, the server must:

1. Receive the request
2. Bootstrap the WordPress PHP environment
3. Query the MySQL database
4. Execute template PHP code
5. Assemble the HTML response
6. Send it to the browser

This produces Time to First Byte (TTFB) latency that static-site generators and server-side rendering frameworks avoid entirely. A Next.js site using static generation serves pre-built HTML from a CDN edge node. The server work happened at build time, not at request time.

The wordpress.org developer site itself demonstrates this. When we tested it, the origin-level CrUX data showed a "Slow" overall rating, with FCP p75 of 3,171ms and TTFB p75 of 1,295ms. The individual page scored a Lighthouse performance of 87, but the origin data (which captures how the site performs across all pages for real users) tells a different story.

This matters more than people realise. On shared hosting (where the majority of WordPress sites live), the server is handling requests for multiple sites simultaneously. During traffic spikes, PHP processing compounds. One practitioner on Reddit documented their WooCommerce site on shared hosting taking 8-15 seconds to load with only 25-35 daily visitors, because the shared server could not keep up with PHP processing even at minimal load.

5. The hosting lottery

WordPress performance is unusually dependent on hosting quality. A well-configured WordPress site on WP Engine or Cloudways with Redis caching, a CDN, and PHP 8.3 will dramatically outperform the same site on GoDaddy shared hosting.

This is unique to WordPress. When you build on Wix, Squarespace, or Shopify, hosting is part of the platform. Every site gets the same infrastructure. When you build on WordPress, the hosting decision is separate, and it is one of the most consequential decisions for performance.

The Reddit research we conducted found that hosting was the single most discussed factor in WordPress performance problems. GoDaddy, InMotion, and even WP Engine received complaints about TTFB. One site owner documented 10-12 second load times and 2-5 second TTFB on GoDaddy shared hosting despite having optimised images, enabled caching, and used a CDN. The diagnosis: server-neighbour overload on shared infrastructure.

The WordPress ecosystem response to this is typically "just use better hosting." That is technically correct but misses the point. When the default experience for most WordPress sites is poor performance, the aggregate data reflects that reality. The CrUX data does not filter by hosting provider.

The security dimension

Performance is not the only maintenance burden WordPress creates. The security surface area deserves examination.

Patchstack's State of WordPress Security in 2026 report found:

• 11,334 new vulnerabilities were discovered in the WordPress ecosystem in 2025
• That is a 42% increase over 2024
• 91% of vulnerabilities were found in plugins
• 9% in themes
• Only 6 vulnerabilities were found in WordPress core itself
• 1,966 (17%) had high severity scores
• 4,124 (36%) represented an actual threat requiring action

WordPress core is secure. This is important to acknowledge. The WordPress core team maintains a well-audited codebase with a strong security track record. The problem is that almost no WordPress site runs on core alone. The average business site has 10-30 plugins, each representing an independent codebase maintained by an independent developer.

Sucuri's monthly vulnerability roundups consistently list vulnerabilities in plugins with millions of installations. In January 2026 alone: All in One SEO (3M+ installs, broken access control), BuddyPress (100K+ installs, arbitrary code execution), and WP-Members (50K+ installs, sensitive data exposure).

The most exploited vulnerabilities of 2025, according to Patchstack, included LiteSpeed Cache (unauthenticated stored XSS), WooCommerce Payments (unauthenticated privilege escalation), and SureTriggers (authorization bypass). These are not obscure plugins. They are core infrastructure that millions of sites depend on.

This connects to performance in a non-obvious way: security plugins (Wordfence, Sucuri, iThemes Security) are themselves performance-heavy. They run file integrity scanning, brute-force protection, and firewall rules on every request. These are necessary because the plugin ecosystem creates the attack surface that requires defending against. It is a circular dependency.

Market context: is WordPress declining?

WordPress's market position provides important context for interpreting the performance data.

Source: W3Techs Historical Overview, WPZOOM analysis

Growth stopped in 2022. The 42.6% figure in March 2026 is the first meaningful decline. The HTTP Archive Web Almanac 2024 describes this as WordPress shifting "from a focus on expansion to one on stabilisation," which is a polite way of saying the platform has reached saturation.

Meanwhile, the competitors are growing. Between October 2024 and October 2025, Wix grew 32.6%, Squarespace rose 9.7%, and Shopify climbed 4.6%. These are SaaS platforms with integrated hosting, automatic optimisation, and no plugin maintenance. They are growing precisely in the segments where WordPress's complexity is a liability: small businesses and non-technical site owners.

The CMS market share data also reveals that WordPress's CMS share (among sites using a CMS) dropped from 65.2% at its 2022 peak to 59.9% in March 2026. That is a loss of 5.3 percentage points in four years. Not a collapse, but a consistent downward trend.

What WordPress does well

This report would be dishonest if it did not acknowledge WordPress's strengths. The performance data is one dimension of a complex picture.

Flexibility. No other CMS can match WordPress's range. A blog, a corporate site, an ecommerce store, a membership platform, a learning management system, a social network, a job board. WordPress can be all of these. That flexibility has real value.

Ecosystem scale. Over 61,000 plugins, 13,000+ free themes, and a community that contributed over 58,000 plugin reviews in 2025. The WordPress economy supports hundreds of thousands of developers, designers, and agencies worldwide.

Open source ownership. You own your WordPress installation. You can host it anywhere, modify it however you want, and no company can take it away from you. This matters, especially for businesses that have been burned by platform lock-in.

Content editing. The Gutenberg block editor, while controversial in the WordPress community, provides a content editing experience that is familiar and accessible to non-technical users. For businesses that need multiple people editing content regularly, this is a genuine advantage over code-first frameworks.

Improving trajectory. The Core Web Vitals pass rate went from 28% in 2023 to 43.44% in 2025. The INP pass rate jumped from 69% to 82%. The WordPress Performance Team is doing real work. The median mobile page weight dropped from roughly 2,300 KB in 2022 to 2,047 KB in 2024. These are meaningful improvements.

The question is not whether WordPress is good or bad. It is whether it is the right tool for a specific job, given the performance trade-offs.

WordPress vs modern frameworks: real test data

The aggregate CrUX and HTTP Archive data compares WordPress against other CMS platforms. But the more relevant comparison for a business choosing a technology stack is WordPress versus modern JavaScript frameworks.

We tested a set of sites using Google's PageSpeed Insights API, which provides both Lighthouse lab scores and CrUX real-user data. These are point-in-time measurements (February 2026) and individual sites can vary significantly from platform averages.

WordPress ecosystem sites (mobile)

These are sites built and maintained by WordPress's own ecosystem companies. WP Engine is a $400M+ hosting company whose entire business is WordPress performance. Yoast is the most popular WordPress SEO plugin. WooCommerce powers 20.8% of all WordPress sites.

The developer.wordpress.org individual page scored well (87), but the origin-level CrUX data, which aggregates performance across all pages for real users, tells a different story: "Slow" with FCP p75 of 3,171ms and TTFB p75 of 1,295ms. This gap between individual page scores and site-wide real-user experience is a recurring pattern with WordPress.

The total cost of WordPress performance

Beyond the raw speed metrics, WordPress performance imposes hidden costs that accumulate over the life of a site.

Optimisation plugins. A WordPress site typically needs at least three plugins just to achieve acceptable performance: a caching plugin ($49-$299/year for WP Rocket or premium alternatives), an image optimisation plugin ($59-$199/year for ShortPixel or Imagify), and a CDN integration. Modern frameworks ship with image optimisation, code splitting, and static asset caching built in. These are not features. They are how the framework works.

Managed WordPress hosting. Because WordPress performance depends heavily on hosting, businesses that care about speed end up on managed WordPress hosts. WP Engine starts at A$42/month (A$504/year). Kinsta starts at $35 USD/month. Cloudways starts at $11/month. A Next.js site deploys for free on Vercel's hobby tier, and a professional plan is $20/month for a team. The hosting premium for WordPress is a direct tax on its architectural choices.

Maintenance time. Every plugin update is a potential compatibility break. A site with 20 plugins that each update monthly creates 240 update events per year, each requiring testing. Security patches add urgency: when a plugin with 10 million installations gets an XSS vulnerability, you need to update within hours, not weeks.

Performance regression. WordPress sites tend to slow down over time as content accumulates, plugins are added, and the database grows. A site that scored 65 on Lighthouse at launch may score 35 two years later without active performance management. Static-site frameworks do not have this decay pattern because pages are pre-built and the build process catches regressions.

One WordPress developer on r/webdev described rebuilding an Elementor-based homepage using the native block editor: "LCP improved from 4.1s to 1.3s, a 68% improvement with zero design compromise." The performance was always available. It was the page builder that was eating it.

The Australian context

Australia's internet infrastructure adds a layer to the WordPress performance story that global data does not capture.

Australian users are geographically distant from most hosting infrastructure. WordPress sites hosted in the US (which is common for cheap shared hosts) add 150-250ms of latency per round trip compared to sites hosted in Sydney or Singapore. A WordPress page that makes 15-20 server requests (typical for a plugin-heavy site) compounds this latency across every request.

For Australian businesses targeting Australian customers, hosting location matters more than it does in the US or Europe, where data centres are closer to users. A static site served from a CDN edge node in Sydney eliminates this latency entirely, because the content is cached at the point closest to the user.

The Australian web design market is also overwhelmingly WordPress. Nearly every agency competitor we have analysed, from Lift Legal to Practice and Pixels to Legalsites to SFB Media, builds on WordPress with Elementor, Divi, or WPBakery. This means the competitive bar for web design performance in most Australian industries is set by WordPress. A business that invests in a modern framework is competing against the median WordPress score of 38 on Lighthouse. That is not a high bar to clear.

The business impact of WordPress performance

Performance data only matters if it connects to business outcomes.

A Deloitte study commissioned by Google analysed 37 brand websites and over 30 million user sessions. A 0.1-second improvement in load time increased retail conversions by 8.4% and lead generation conversions by 8.3%.

Portent analysed 100 million page views and found that B2B sites loading in 1 second convert at 3x the rate of sites loading in 5 seconds.

Google's own data shows 53% of mobile visitors abandon a site that takes more than 3 seconds to load.

With a median Lighthouse mobile score of 38, the typical WordPress site is well into territory where these penalties apply. A score of 38 typically corresponds to load times of 4-8 seconds on mobile, depending on device and connection speed.

For businesses running Google Ads, this is particularly costly. You are paying per click to send visitors to a site where a significant percentage bounce before the page finishes loading. A faster site does not just improve organic SEO. It improves the return on every dollar spent driving traffic.

What the data tells us about the right choice

The data does not say "never use WordPress." It says:

If you are building a content-heavy site with multiple editors, complex taxonomies, and hundreds of pages of content that changes daily, WordPress's content management capabilities justify the performance trade-offs. Use a lightweight theme (GeneratePress, Astra, or Kadence), avoid page builders, use a quality host, and you can achieve acceptable performance.

If you are building a business website for a professional services firm, a small business, or a local business, the trade-offs are harder to justify. These sites are 5-15 pages, updated rarely, and depend on organic search and Google Ads for leads. Performance directly affects revenue. Modern frameworks like Next.js, Astro, or Remix deliver near-perfect Lighthouse scores without any optimisation effort because the architecture is inherently performant.

If you are on WordPress with a page builder and failing Core Web Vitals, the data is clear: you are in the bottom third of web performance. A site rebuild on a modern framework will produce measurable improvement in load times, search visibility, and conversion rates.

If your WordPress site is already well-optimised (passing CWV, scoring 70+ on Lighthouse, using a clean theme), switching platforms for performance alone is not necessary. Focus on content, SEO, and business development instead.

Methodology notes

The data in this report comes from the following sources:

• CrUX data captures real-world performance from Chrome users who have opted in to data sharing. It reflects actual user experience across diverse devices and network conditions. We referenced both the CrUX Technology Report and the HTTP Archive WordPress CrUX dashboard.
• HTTP Archive Web Almanac 2024 tested 16.9 million websites using Lighthouse in June 2024. Lab tests simulate a Moto G Power on a throttled 4G connection.
• Patchstack is the leading WordPress vulnerability intelligence provider, managing vulnerability reporting for over 1,000 WordPress plugin vendors including Elementor and WP Rocket.
• W3Techs scans the top 10 million websites to estimate technology market share. Their data is the industry standard for CMS market share tracking.
• Our own PageSpeed Insights tests used Google's PageSpeed Insights API, which combines Lighthouse lab data with CrUX field data. These are point-in-time measurements and can vary between runs.

How Much Does a Website Cost in Australia?

Real pricing data from 15+ Australian agencies. Includes three-year total cost of ownership for WordPress vs modern frameworks.

Read more

Sources

• HTTP Archive Web Almanac 2024: CMS Chapter - Median Lighthouse scores, CWV pass rates, page weight breakdowns, resource analysis across all major CMS platforms. 16.9M websites tested.
• CrUX Technology Report - Google's Chrome User Experience Report filtered by technology. Real-world CWV data from opted-in Chrome users.
• Search Engine Journal: 2025 CMS CWV Rankings - Analysis of June 2025 CrUX data by CMS platform including Elementor breakdown.
• Patchstack: State of WordPress Security in 2026 - 11,334 vulnerabilities in 2025, severity breakdown, most exploited vulnerabilities.
• Sucuri Vulnerability Roundups - Monthly WordPress ecosystem vulnerability disclosures with affected install counts.
• W3Techs: CMS Market Share Trends - Historical CMS market share data, updated monthly.
• WPZOOM: WordPress Statistics March 2026 - Analysis of W3Techs data with historical market share table.
• Stan Ventures: CMS Market Share Report 2025 - Year-over-year growth rates for Wix, Squarespace, Shopify.
• WordPress Plugins Team: 2025 Year in Review - 12,713 plugins reviewed, 59,137 issues identified, 5,415 approved.
• WPMonitor: Plugin Statistics - 61,169 total plugins in the WordPress.org directory.
• Pantheon: WordPress Statistics - WordPress overview including theme and plugin ecosystem data.
• Global Media Insight: WordPress Statistics 2025 - WordPress subcategory usage: Elementor 28%, WooCommerce 20.8%, WPBakery 9.4%.
• ProBlogInsights: Lightweight WordPress Stack - DOM node comparison across page builders (67 sites analysed).
• Remkus de Vries: WordPress Page Builders and Performance - Technical analysis of page builder overhead from a WordPress core contributor.
• Horde Marketing: Why Page Builders Hurt WordPress Performance - Technical breakdown of page builder performance impact on CWV.
• Deloitte/Google: Milliseconds Make Millions - 0.1s improvement = 8.4% more retail conversions. 37 brands, 30M+ sessions.
• Google/SOASTA: Mobile Speed Benchmarks - 53% mobile abandonment at 3+ seconds.
• Portent: Site Speed and Revenue - 100M+ page views analysed for speed/conversion correlation.
• HTTP Archive Web Almanac 2024: Performance Chapter - Global CWV benchmarks, TBT analysis, fetchpriority adoption.