Not only that. They have the full resources of Condé Nast, yet still a Wordpress that is never hacked. I’m not saying I recommend Wordpress, but they’re making it work one way or another.
1 Like
They probably picked wordpress for the CMS, because they don’t care about the CMS.
2 Likes
Idk, they wrote an article about it at some point though.
Users point at wordpress as bad
Wordpress tells users to update
Users don’t update
“Wordpress is Insecure”
Yall can suck. Wordpress is fine.
2 Likes
The state of the CMS is kind of sad overall really. Compare a modern install of wordpress, or django, or drupal with equivalent software from 10 or 15 years ago and they’ll both do most of the same things.
I think that’s part of why static site generators became popular. In the rush to make things easy for clueless end users the typical CMS has just been thrashing around with no real progress, and some people decided they’d be better off without it.
1 Like
WHO DARE SPEAK OF THE DEVIL
THE ONE WHO NEVER FORGIVES
THE ONE WHO NEVER FORGETS.
WordPress need not burn in hell, but scattered throughout the universe, never to be fully assembled again.
It has brought developers nothing but pain, misery and despair.
It’s not only very (as in, you look at it and it freaks out) prone to failure, literally any basic features like a simple form requires the use of an outdated plugin that may or may not (yes, this is very much a gamble unless you want to have to maintain it yourself, if you can afford that…) get dropped within a year or two of it’s release.
Most people use WordPress to make simple sites. But then they also want plugin-only (unless you revert to non-php stuff, but if you’re using WordPress why are you bothering ?) features like stores, forms, “sliders” (photo galleries but I guess they want their own little word) and “page builders” that allow you to make a page within the blog thingy.
Speaking of:
FUCK WORDPRESS PAGE BUILDERS.
They NEVER work.
They are ALWAYS broken in some dumb way.
If by mistake you happen to change something on accident, lots of them don’t allow for ctrl+z
TL:DR
WordPress in general is a deprecated mess full of security issues and slow as a turtle. You would be better off spending your money with Wix (esp now with their new EditorX site builder, seriously this thing is great) or with something like Ghost or SquareSpace.
Sure, you might not have someone at your disposal to do it, and you might think that spending 4-10 thousand dollars on a WordPress agency-made site is worth it, but guess what. You’ll be spending the next 5 years dumping money into the black hole that is WordPress site maintenance.
Every WP dev I know, even if they are successful after a few years with many clients get stuck because all they have time to do is to work on patches and fixes for the entire mess that breaks every month.
HECK, I advised my old workplace to stay away, they didn’t. and their site’s been up for OVER A YEAR with still bugs in it.
The company responsible for it just keeps sending them bills to pay, and they do. But they never reach the end because of this dumb baseline problem that is using WordPress.
Holy shit the TL:DR is as long as the actual rant.
3 Likes
AAAHHH YOU STILL EXIST
(do not read the above, friendly php person)
1 Like
And to think my college is pushing for people to go in this… I feel shame.
1 Like
I used to do work on Wordpress sites and plugins about 10 years ago when it was still something like v3 or something. It’s relatively easy to get started on and extended. The alternative at that point was Drupal which took a lot more work to get started. When you’re pressed for time to deliver on a tight budget, Wordpress was the better choice.
That said, on a technical level, it had obvious problems. Especially, once you handed over the site to the user and they decide to start adding plugins of their own for SEO and what not, it is almost guaranteed to get infected. The code quality of plugins varies greatly and documentation… suffice to say I had to frequently look into their code to figure some details out. It’s understandable why technical purists would hate Wordpress.
The fundamental problem with Wordpress I think is because it didn’t start out as a CMS. It was a blogging platform which got extended way beyond its original design and possibly beyond the capabilities of the dev team, who may be unwilling to recognize it or unable to refactor/redesign due to the massive inertia in the existing installed base and plugins.
3 Likes
To demonstrate what level of hot trash Wordpress is, I deployed a site with Vuepress instead. It uses Vuejs under the hood, it’s massively lightweight, and out of the box secure since there is no need for a pre-processor to compile or warm up my content. This allows me to cache it at various levels. It’s also SSO friendly.
Content is pretty dead simple since you define your stuff as yaml files and can version control these with git.
I hooked myself up with this on my self-hosted GitLab instance and do an automated deploy when I push changes. I need a new page I just have to edit or make new files and then the rest is fully automated.
Granted this tool is best served for static documentation, however, there is a blog plugin available which I shall explore. Note: the meta tags for this were just left on default for this example.
And here is how I did it.
4 Likes
I don’t think that’s fair at all. How can you ‘feel’ that a page is static? Wordpress generates static pages on the fly, the only difference in the feel is that it’s very slow and laggy. The current thinking is that webpages should be lightning fast which makes Wordpress the slow and dated solution.
Javascript is a client side technology and nothing to do with whether the server is using PHP.
2 Likes
The good things about Wordpress are;
- Very popular
- Loads of plugins to do just about anything
The bad things are;
- Very very slow no matter how powerful the host server
- Sites become very complex
- Difficult to debug
- Have to keep updating everything
- Very expensive support.
The reason is it started out as a simple blogging site and turned into a Heath Robinson Machine.
im really starting to appreciate wordpress.
im on a red teaming adventure and wordpress has consistently been the easiest to compromise.
everything from replacing themes with dial home reverse shells or inserting php cmd’s has been pretty easy.
so perfect for practicing…
is good for hosting your blog? haha!.
lets just say its functional 
3 Likes
Now reading all of this I’m so God damn happy I didn’t pull the trigger on WP when I started my personal website couple years ago. I’m not a webdev, just need good clean and professional website.
Funny thing I work with the guy who is partially teaching webdesign. Obviously he is using Wordpress. His site is getting B/B- on gtmetrix while mine have A+ and all green/95% all the time. It’s even more funny that my site is roughly 3 times bigger on content. We don’t talk to each other.
Learning OG HTML/CSS plus occasional JS and .htaccess really paid off for me in the end. I also considered HUGO/Jekyll, but found them too limiting design-wise.
3 Likes
3 Likes
Risk Based Security and others have observed malicious actors favouring vulnerabilities not with high severity scores, but rather those that can be easily exploited.
yep i always look for the easiest exploit to use to get me on the box. and if that fails then i try the more complex rout.
1 Like
My personal site is using wordpress. I was going to use drupal since I had worked extensively with it in the past, but as mentioned, there is a lot of assembly with Ikea instructions that I did not want to deal with at the time. Wordpress was easier to get up and running, but when it came to securing it, there was a lot of, “Instructions not clear, put shoe on head!?”
I am wanting to redo my site and use static pages since I have alot of stuff drafted but it is such a pane to post on wordpress and make things look good. The visual editor works half the time at best, the code editor freaks out when you do something that is outside of what the theme and WP thinks you should be doing, and honestly, it is just too fiddly for me. Part of that is because of the security as I get between A and A+ scores.
I am going to look into the suggested alternatives and see what we get. I am going to leave WP up for my blog site, but the landing page and the .tech site are definitely moving to something else and them hopefully I will get into the habit of quickly posting ideas and thought pieces.
1 Like
Great, was gonna move my website there only to find this out? Now I hate myself for wasting my day. Should have consulted with some of you guys on this. I guess I better find something better to use. If WordPress is that bad then that’s $48 down the drain for me too (my domain is elsewhere).
EDIT: Got a $46 refund for cancelling but does anyone know where is a better spot for a site builder? The reason why I wanted to move to something like WordPress was because I wanted a way to save time on updating a site since it was quite time consuming to post a static webpage especially with the way I setup the sidebar.
I can tell you first hand that maintaing static HTML pages with features like a sidebar is very non-trivial and time consuming (unless there is a robust webpage designer program I don’t know about). Unless someone knows a better way.
I suppose I was drawn to WordPress and sites like it because truth is, I am bad at web development. I can do C and C++ programs no problem, even GUI programs with QTCreator but I can’t really do HTML and CSS well. At least not good enough to be practical over using WebPress and letting that handle formatting, not to mention a sidebar where I only have to change it once for all pages.
I have 301 redirect from /wp-config.php to state police cyber-crime department website.
Just for fun.
6 Likes