Discussion on "Why I don't use WordPress"

Francesco Boffa · 2017-07-02T18:22:41.557Z

I've developed a few WordPress sites. The actual number of WordPress websites I've put online and managed for a while is probably around 20. All the time that I had no choice but working with it, I felt that something was wrong, but I didn't really k...

WordPress is an excellent Publishing Platform, with widespread industry usage in the Media Industry. It's intended to be easy to use for Authors and Editors and extremely extensible for Developers. And with the REST API things got even better.

The community is friendly and welcoming for Developers and End-users, and they make things extremely easy for both.

I know you're post is based on your own experience, but you can actually (and should) follow best engineering practices when developing for WP.

We're currently developing a Publishing Platform where the Authoring takes part on WordPress, the delivering and publishing goes thru a pipeline of with Kinesis, lots of Lambdas and Elasticsearch and the frontend gets server-side rendered thru a NodeJS + VueJS application.

All three stacks (WP, Lambda-based and NodeJS+Front) follow the same engineering process: Code is under source control, changes get automatically tested, then it gets peer-reviewed, once approved is auto-deployed (CI/CD) to a staging environment, where all the containers are spawned from environment vars + code checkout + thirdparty services. If all goes well, it will eventually make a release.

We don't have to do anything different for WP than we do for Node, Go or the part of the stack that is deployed to AWS FaaS. WordPress is just another codebase to us. We follow all the good engineering practices that you would do for a highly-scalable application on WP that if it was a highly-scalable RoR App.

Remember that most of the quality attributes of your software (like scalability, availability, reliability...) depend on your architecture, not your framework.

As others mentioned you should have definitely dig into the repos for the contributing members of the WordPress community like 10 up, human made, bocoup, roots and automattic of course. Root's post about WP as a 12-factor app is a good place to start (and look at the date).

They all show some impressive engineering skills with WordPress as their base.

At the end, WP is just another tool in your belt.

PS: Before joining this project I didn't like WP. I understand now why it's so widely used. It's because authors and editors are familiar with it. It offers a great workflow for them and they are used to it.

So it's all about the User eX__perience, not the Developer eX__perience. Is up to you to define the latter.

I feel this post is somewhat misguided. Any framework or bespoke code is only as good as the developer who made it, and installed it.

Recommending somebody use Ruby rather than PHP because you dislike one CMS is a bit extreme.

SFTP is completely fine. I doubt many if any are still using plain FTP. Most sites will be updated automatically with SVN or GIT though - no reason why updates to WordPress should be different from any other code base.

It's important to remember that a fresh install is designed to be easy for beginners. A professional obviously has to make some changes, such as pretty URLs. The reason why this defaults to ids is because some hosts don't allow changes to Apache with .htaccess - enabling it by default can lead to server errors.

It's completely normal for any Framework to have the basics and require plugins / components. Suggesting that this means WordPress alone is poor because of it is not constructive.

Yes you should install caching and security plugins. Yes hiding file extensions and server architecture is a good thing - by hiding these things you make it less likely to be a target for hacking. A good WordPress blog doesn't look like a WordPress blog at all when you look at the source code. Having these things exposed by default is standard, not incomplete.

I do want to remind everyone that web development is a professional career - if you're complaining about the tools not being good enough in their default state then who are you complaining to? Yes, WordPress is a good solution for blogs and simple CMSs. No, it's not brilliant at everything.

In response to " learn how to write a proper website instead " I wholeheartedly agree - learn how to make a full, accessible, responsive, optimised, secure website. From scratch. No frameworks. Regardless of whether or not you use frameworks in your day to day development, being technically able to write the framework yourself will make you a much, much better developer.

Learning the basics of Jekyll takes 1 hour, and it's a one way ticket!

Hosting a static website is free with Firebase (SSL included).

Adding an online editor on top of Jekyll (that will commit the changes in the repo) is also possible with a third-party SaaS.

And it's 100% secure... because it's static.

I have been using WordPress for past 4 years. I do agree you, lots of plugins come without test cases and that opens up security issues.

but I disagree about WordPress core didn't unit tested. they do also they encourage plugin / theme authors to follow the same

make.wordpress.org/core/handbook/testing/automate…

The plugins makes you life easier, we cannot write code each and every functionalities. there are 70k+ plugins from the 1 min staging to incremental backups.

there a plug-in called versionPress its a VCS for WP and also you can do continues deployment with app.buddy.

Most of the WP people use FTP agreed but that's a option, WordPress supports FTPS, and SFTP also.

There are lots people contributing for WP. make.wordpress.org/chat all security issues patches immediately and plugins/themes will be intimated about issues and if they don't release the patch then that will be removed from the repo.

And it doesn't require any coding knowledge to have your own blog, Need to backup, stage, clone, put maintenance mode, VCS, easy theme customization....? There are plugins for everything.

You take any software it has some disadvantages, that doesn't mean that we SHOULD NOT USE them.

27% sites are running on WordPress.

This might be a good opportunity to link to 10up's Engineering Best Practices, a collection of advice & tools for writing secure, performant code for WordPress. I think there's a WordPress hosting best practices doc in the works, which will probably be coming out later this year.

The teams I work with build highly scalable WordPress sites for some pretty big clients. Your last paragraph touches on the core of the issue: by adapting version control, CI/CD servers, and so on, a lot of what makes WordPress such a powerful tool for beginners goes out the door. But, the WordPress core team pays a lot of attention to user experience, and it provides a friendly back-end for managing content. If anyone's used WordPress to post pictures of their cat or run a mommy blog, they can post to their corporate site, too. That's pretty amazing.

I don't want to pick apart the individual points of your post. There's a lot I disagree with, but that's only because I have years of experience building & hosting enterprise WordPress sites. And I don't think the community does enough to spread this essential knowledge. Our documentation, our conferences…so many things are geared toward absolute beginners. I'm giving a talk on Functional Programming for WordPress developers at WordCamp Boston this month. I'm kind of curious how many people are going to show up.

But I do want to address two details:

If you're managing your own server(s), don't use something like W3TC. WordPress has built-in support for something called an Object Cache, which stores query results, "transients", and other data in an in-memory store. We prefer memcached because it's mature, using Zack Tollman & 10up's plugin. On some sites we use a Redis object cache plugin because a particular host might prefer it or have the daemon running because of another site. For full-page caching, you want Batcache which stores pages in memcached. These plugins are more lightweight and better maintained than the mainsteam caching plugins, plus they let you use a shared cache server so multiple web heads can take advantage of the work the rest of the servers have already done.

Likewise, if you have multiple servers…well, first all your code should be managed in a VCS like Git, and that includes plugins & themes. Add define('DISALLOW_FILE_EDIT', true); to your wp-config.php so nobody thinks they can just install a plugin when they want to. Second, either put your wp-content/uploads directory on a shared resource (NFS or S3) so files are available to all the servers, or synchronize the files across all the servers with Unison. There's no excuse for your WordPress install's files to be different between servers for more than a few seconds.

I don't agree with your statement that "if you are professional enough to do so, you will have run away from it long time ago". WordPress is the foundation of most of the things we build. I'm seeing more & more projects from our team and others using React with WordPress's REST API. And you could argue that bolting on things like memcached, Elasticsearch, nginx microcaching and so on is just covering up the platform's weaknesses. But it also allows us to leverage its strengths as we produce modern experiences.

Thanks for the reply.

I don't disagree at all with what you said. As I said in the post, the greatest strength of WordPress is it's extensibility.

This extensibility means that you can plug in anything that crosses your mind. There's a Redis plugin that solved slow page loads across multiple servers? That is awesome.

There's no point in my post where I criticise WordPress per se. What I am really criticising is the common workflow of too many WP developers (and of WordPress development itself - looking at the absence of tests) which really reminds me of an obscure past.

Yes, you can potentially do anything on WordPress with the right amount of plugins and good expertise.

Expertise that would be better used in a first-person developed solution.

You have very valid points. I use wordpress for my own blog just because I frankly don't care about most of that because I'm literally just trying to throw up my research which doesn't require much and I do like the plugin support and ease-of-use for what I do. This seems to be a common sentiment in the InfoSec community as most every other researcher I know has an equally ugly, POS website. But people still go there because it's the only way to get that info. In fact, to be honest, I think in the InfoSec world if you do have a hip, modern, flashy website like a lot of sites in other spaces, you're actually looked down upon.

I know what I just said is a web dev's nightmare but that's reality for me; I already spend far too much time screwing with x86-64 assembly, studying operating systems, writing Python scripts, and etc.... To sit down and really think out my site right now. Am I proud of that? No. But the site works for what I need it to and looks decent compared to some of the others out there in my space. Would I have this attitude if I were a web dev? Of course not. The critical aspects of what my job entails (not web dev at all), I don't have this attitude at all and in fact I am extremely careful about what I put out there both in terms of my code and my written works. I just thought I'd drop a line and explain an audience that WP may still be decent for... Those who only want "decent!"

That all said, you make fantastic points and generally universal ones as well. No "one-size-fits-all" solution is ever the best-in-class in any area and I also realize that many folks that this article is geared towards are unlike me and probably trying to use Wordpress to run stores, full-blown websites, and other non-blog things. They also probably have products and rely on their website to sell them, unlike I do. So therefore, I would recommend your suggestions to those people and businesses.

Thanks for the Ghost rec, though I have not seen it in action yet. Frankly, I think I'm going to go with jekyllrb.com if I ever leave Wordpress.

I can se your point of just needing a place to throw stuff at to make them public and it's very valid.

My point is not on what are you doing with WP, but on _how. _Most of the development workflow in a WP website is broken or based on 90s practices.

It can still be a nice board for your researches, but if you plan on having a website whose objective is being a proper website, it's better to look elsewhere.

Also, for your particular use case, Jekyll is absolutely great!

P.s. I once was into OSs too. I used to write my own OS from scratch (no Linux fork here), and those where the best years of my development life. Then reality called and told me that I wouldn't find a job in X86-64 assembly for ring 0 applications and I switched to Webdev. And now I love them both!

Francesco Boffa That's really cool. Yeah, I don't think full-time assembly dev is really needed much anymore... However, fulltime C or C++ is of course still a thing, and several of those guys do custom assembly routines, for example, Mike Acton, Lead Game Engine Programmer from Insomniac Games does. The other path that gets you into assembly now adays where you can make a living is reverse-engineering, which is what I chose. The thinking of RE is definitely different from forward dev, but that's why I create ASM programs in my downtime or as part of my C utilities for work, so that I can think like a forward programmer as well.

Discussion

Why I don't use WordPress

Responses(8)

Recent in Forum

Search Hashnode

Why I don't use WordPress

Responses(8)

Recent in Forum