(no title)
peckrob | 3 years ago
You want a blogging platform? Wordpress is one of the best, hands down. You want a basic CMS that is so dead simple that anyone that can use a word processor can update the website? Wordpress excels at this, because that is what it was designed to do.
But I do think it is a poor solution in a lot of cases where it has been shoehorned into. People keep grafting so much extra, unnecessary crap onto what is still, at it's core, a blogging platform. Often this is done by low-skill, low-paid "consultants" with very little experience in writing maintainable, secure code. Literally all they know how to do is write Wordpress code. I would often end up having to clean up the mess from these folks, who often still write PHP like it's 2007 and they haven't learned better [0].
Wordpress's architecture has, until relatively recently, encouraged this behavior. Their stubborn refusal to move beyond PHP 5 for many years (and continuing to support absolutely ancient versions of PHP 5 at that!) held their entire ecosystem back from writing better, more secure code for a long, long time. And, more broadly, held PHP as a whole back, as they were among its largest players. It was really hard to make the case for hosts to upgrade PHP when Wordpress still supported whatever ancient version of PHP the host was providing. Their internal architecture can be very messy in places and documentation often contradictory about what the "correct" or even preferred way to do something is because there are multiple ways implemented at different times.
I will give them credit: Wordpress itself doesn't have too many gaping security holes anymore. Most of those has been patched. It's the plugins and themes that provide the attack surface now.
The public plugins themselves (and to a lesser extent the themes) are of such widely variable quality that it is difficult to know what to use and trust. You're probably okay with the "official" plugins and most of the widely-installed third party plugins, but you get too far off the beaten path, you find a lot of garbage (and, to be fair, a few gems as well). And any custom plugin I find is immediately suspect for the reasons above. Building a theme? Which of these multiple ways of user customization do you support? All of them? None of them? Or do you just write your own customization further messing up the UX for writers and editors who have little idea how to manage Wordpress beyond the very basics of writing a post.
Oftentimes when I would come into a Wordpress case, there's 30 or so plugins installed, half of which are disabled and you have no idea what is causing the client's problem. It takes a few hours just to untangle the mess, and you can't ask the last "consultant" because they wrote garbage code, threw it over the wall and disappeared. It's the reason I usually don't take Wordpress cases anymore unless it's someone I know or an installation I did, myself, from scratch that hasn't been messed with by anyone else.
Wordpress is a great blogging platform and basic CMS. It's when people start trying to make it do things beyond this that problems start to accrue. I don't hate Wordpress. I hate what people try to do with it.
When Wordpress is your hammer, everything looks like a custom post type.
hyperdimension|3 years ago
Ugh, that just serves to remind me of the unholy, demented shapes I've seen (Fortune 500) companies are able to mangle SharePoint into. Customizability is usually a nice quality in general, but certainly not without any cost.
scrame|3 years ago
nukst|3 years ago
Let me be a SOB for a second and ask for your opinion. I'm interested in freelancing with WordPress, mostly small company websites, would you still recommend it for someone who's just getting in the market?
TIA
peckrob|3 years ago
It's all about what the client needs. The advice I give on this subject these days is that Wordpress is fine to use for a blog or a very basic, low traffic read-only company websites. Think like a small restaurant or something. The two things to be aware of:
1. Somebody has to support it, whether that be you or someone who comes after you. While Wordpress doesn't have as many security issues in and of itself as it used to, it still does have some occasionally and will still need to be patched up to more recent versions. Security vulnerabilities in Wordpress are almost immediately exploited, so the sooner you patch, the better.
2. The minute you start trying to push Wordpress beyond the bounds of being a basic CMS or blogging platform (like adding online ordering, inventory management, etc.) you are better off finding other, better suited options.