DEV Community

Discussion on: Why wordpress?

Collapse
fmctaggart profile image
Fraser McTaggart Author • Edited on

I appreciate your response. You make many valid points!
Security for the core is great, however I've heard that there are issues with some plugins
and that this would be the main source of a security issue? This is just what I've read however.

At what stage would you not consider Wordpress for a project? Do you feel that Wordpress is the best tool for websites full stop? Would you be able to provide an example of a larger non-trivial site using Wordpress ( not using the REST api )?

Collapse
taufik_nurrohman profile image
Taufik Nurrohman • Edited on

Security for the core is great, however I've heard that there are issues with some plugins and that this would be the main source of a security issue?

Your computer operating system is secure, but the software that you have installed isn’t. The operating system might have it’s own secure and closed API, but the external softwares that depend on the operating system may still be able to use the parent language that is more raw.

WordPress has their own secure and closed API, but every plugin can still be able to use the parent “language” of WordPress, that is PHP.

At what stage would you not consider Wordpress for a project?

IMO, any project that does not contain blog posts.

Thread Thread
fmctaggart profile image
Fraser McTaggart Author

Correct me if I'm wrong, as I haven't created a plugin for wordpress. But plugins can be created and submitted quickly and easily judging by the comments below. They can then be installed easily and without thought, by users that don't know the implications. Perhaps giving plugins unregulated access to server-side code isn't ideal?
The list of vulnerabilities and exploits is pretty extensive for wordpress plugins - surely there must be a better way?

Thread Thread
taufik_nurrohman profile image
Taufik Nurrohman • Edited on

They can then be installed easily and without thought, by users that don't know the implications.

You can install a plugin with syntax error in it and then just get a blank screen.

Perhaps giving plugins unregulated access to server-side code isn't ideal?

It’s your web hosting provider duty.

Surely there must be a better way?

Just keep it up to date, and follow the support forums related to the plugin. Security holes sometimes come from old plugins that are no longer updated (but you don’t know and just install it anyway).

Using official plugins or paid plugins must be better (since you could easily complain about things).

Collapse
philliprichdale profile image
Phillip Richdale

If you know you're application is going to be microservices from the get-go and there is a clean app-model in place and the core technology will not be PHP then not using WP is pretty much a no-brainer.
If you're going to have applications and APIs as a first class citizen in your project and it must scale along multiple dimenions, WP is a bad choice. Especially if you have a team of experts and the PO/Customer knows what he wants and the architecture is properly designed. Using WP in such a scenario would be silly.

However, if time to market is your constraint and you're dealing with a customer who doesn't know what he/she wants, then WP is a very good choice. Prototyping a larger app in WP can be hackish, but time to market is next to none.

WordPress can also make sense as a pure CMS with the application streched out behind it with tons of microservices and some gluecode to handle editing and content distribution. If you have caching and search and all the tiny tidbits seperated out, WP is small enough to still service as a neat editing environment.