Why do you give non-devs the ability to upgrade PHP plugins and edit theme syntax, shouldn't that be the site admin handling?
Why are you not using staging to test?
These don't seem like WP problems :/
For better or worse, part of the appeal of Wordpress is ease of use for non-developers to update their website. Most small businesses definitely don’t employ a dedicated site admin/developer - if they had to they wouldn’t bother with a website. In fact, it looks like that’s the way things are going - pushing small businesses into walled gardens like FB, Insta, Wix, etc. And I don’t blame them, that’s probably the right decision for most businesses.
"part of the appeal of Wordpress is ease of use for non-developers to update their website."
Seems like in every HN thread regarding Wordpress this is brought up, but later the thread fills up with horror stories of sites being melted down when non-technical users are left to manage these Wordpress sites. Just my two cents, but that supposed benefit of Wordpress seems more like wishful thinking.
Until some random violation gets the page suspended or removed. Had this happen a couple of times, latest was a result of changing over from Facebook Ad manager to Meta Ad manager (or whatever they call it) which triggered the suspicious activity, give us your Govt ID busllshit.
Probably because in many cases the assumption is that the dev and main editor are the same person?
It's not a great assumption anymore (since many WordPress installs are now set up by agencies and dev teams for non technical clients), but it's likely a holdover from the days when most people installing it were also the main designer, developer, content writer, etc (read, bloggers).
Why can a "theme" editor edit application code? Why do I need a developer in order to change what it looks like? Why is plug-in code not sandboxed? These are WordPress problems.
At the end of the day, if you tell me that WordPress is an application framework, that themes are code and plugins are dependencies, then okay -- devs own it and there's code reviews and staging environments and deployments and migrations and all the rest.
But if you tell me it's a CMS so marketing people can have a blog, I just ... thought it would be simpler.
> Why can a "theme" editor edit application code? Why do I need a developer in order to change what it looks like?
Because CSS, because HTML tags are rendered server side and that H1 should be a H2 or that tailwind div soup is funky, or the company team member pages needs ACF to keep tracks of member profiles because editing the page by hand takes too much time,etc.. webdev :/
The other option is things like Elementor or Divi which aim to give content team the ability to modify layouts (and even links to dynamic elements in db) but it's a whole another mess (but it wouldn't be your, yeah !).
Someone at WP is aware of it though, hence all the work on gutenberg and front-side editing (FSE) which ultimately should turn WP into a complete headless CMS.
> Why is plug-in code not sandboxed? These are WordPress problems.
Definitely ! Wait until you have a plugin breaking wp-cli so you can't deactivate it... rm wp-content/plugins/foobar-plugin -rf to the rescue.
> At the end of the day, if you tell me that WordPress is an application framework, that themes are code and plugins are dependencies, then okay -- devs own it and there's code reviews and staging environments and deployments and migrations and all the rest.
> But if you tell me it's a CMS so marketing people can have a blog, I just ... thought it would be simpler.
Yeah, if marketing just wanted a blog and no forms to collect resumes, polls etc. I'd have given them a ghost or a very reduced/amputated WP and signed binding agreements that no plugins or themes would ever be installed on it.
bottled_poe|3 years ago
gnz11|3 years ago
Seems like in every HN thread regarding Wordpress this is brought up, but later the thread fills up with horror stories of sites being melted down when non-technical users are left to manage these Wordpress sites. Just my two cents, but that supposed benefit of Wordpress seems more like wishful thinking.
dazc|3 years ago
Sorry Facebook, you can go and... you know what!
CM30|3 years ago
It's not a great assumption anymore (since many WordPress installs are now set up by agencies and dev teams for non technical clients), but it's likely a holdover from the days when most people installing it were also the main designer, developer, content writer, etc (read, bloggers).
montroser|3 years ago
At the end of the day, if you tell me that WordPress is an application framework, that themes are code and plugins are dependencies, then okay -- devs own it and there's code reviews and staging environments and deployments and migrations and all the rest.
But if you tell me it's a CMS so marketing people can have a blog, I just ... thought it would be simpler.
johnchristopher|3 years ago
Because CSS, because HTML tags are rendered server side and that H1 should be a H2 or that tailwind div soup is funky, or the company team member pages needs ACF to keep tracks of member profiles because editing the page by hand takes too much time,etc.. webdev :/
The other option is things like Elementor or Divi which aim to give content team the ability to modify layouts (and even links to dynamic elements in db) but it's a whole another mess (but it wouldn't be your, yeah !).
Someone at WP is aware of it though, hence all the work on gutenberg and front-side editing (FSE) which ultimately should turn WP into a complete headless CMS.
> Why is plug-in code not sandboxed? These are WordPress problems.
Definitely ! Wait until you have a plugin breaking wp-cli so you can't deactivate it... rm wp-content/plugins/foobar-plugin -rf to the rescue.
> At the end of the day, if you tell me that WordPress is an application framework, that themes are code and plugins are dependencies, then okay -- devs own it and there's code reviews and staging environments and deployments and migrations and all the rest.
> But if you tell me it's a CMS so marketing people can have a blog, I just ... thought it would be simpler.
Yeah, if marketing just wanted a blog and no forms to collect resumes, polls etc. I'd have given them a ghost or a very reduced/amputated WP and signed binding agreements that no plugins or themes would ever be installed on it.