I've worked at several major companies thus far in my career; and, at each of those companies, I've had to use an in-house Content Management System (CMS) to create and modify digital content. For a long time, I couldn't understand why those companies would choose to allocate time, resources, and ultimately money to create a customized CMS in spite of having functionally equivalent, open source solutions readily available in the marketplace. What was their rationale for doing so, I often wondered? Was their businesses so unique that an off-the-shelf CMS simply wouldn't cut it; were the security risks associated with an open source CMS too great of a burden to bear; or, was it because the software engineer(s) in charge at the time simply wanted to showcase their PHP, Java, Python, etc. programming skills by building yet another CMS from scratch. Well, in the years since I first pondered that question, I've come to realize that the answer is often the latter reason.
Don't get me wrong, there are legitimate security concerns with open source or off-the-shelf products. However, I've found that most of those concerns can be easily mitigated with sensible access controls and regular vulnerability patching policies. What's more, I've found that leveraging a dedicated open source community or third-party vendor whose sole focus is a given product often produces a more secure product than anything else a "regular" company could build on their own. The same can be said for bug fixes and new feature development from open source or off-the-shelf products -- be it a CMS, Project Management Software (PMS), or Application Performance Management (APM) solution.
And yet, many companies continue to go down the "let's build it ourselves" path instead of choosing to use open source ones. Such a decision, in my experience, usually ends up being bad for the vast majority of companies. In fact, I've yet to encounter a situation in which it's made sense for a company to build their own CMS from scratch. To be clear, I'm not saying that it can never make sense to build one's own CMS; just that it rarely does! Thus it should be the default position of most companies to simply buy or use an open source CMS whenever possible.
Having said that, a common refrain I still hear is that a particular business' operations are too unique to use an off-the-shelf product like a CMS. I think that line of argument is laughable! The truth be told, there's nothing particularly unique about the way company "A" creates and publishes its content from that of company "B". Rather, a company's true value proposition is in its proprietary product line(s) and not its digital content and/or User Experiences (UX).
But let's say I've managed to convince you, which CMS do you choose? Well, there are so many out there, i.e. WordPress, Drupal, Joomla, dotCMS, Crafter CMS, etc. My recommendation, in a word, is to use WordPress. Why? Because WordPress has been around for close to two decades; it's chock-full of features, plugins, and themes; and, it powers close to half the web, including such companies as Facebook, Etsy, BBC America, MTV News, and The New Yorker - just to name a few. What's more, WordPress' security notification and self-patching systems are best-in-class and a breeze to use. So, do yourself and your company a favor and choose WordPress; it's very unlikely that you'll never regret the decision. Or, if WordPress isn't your cup of tea, then just choose some other random CMS -- just don't build yet another one yourself.