Fuck You, WordPress Plugins

I have been building plugins, modifications, and addons for WordPress and other platforms since 2010 or 2011. I honestly don’t remember any more because my days have been running together since I dropped out of school to get my GED. Each plugin which I have built was custom work for a specific need. Which is perfectly alright for those with their niche markets and websites.

I know, I know, that the title of this article seems hateful, but it’s not. Nor is it going to be click bait, even though a majority of readers are going to think so. I have learned to speak my mind, and this is what comes to my mind when it comes to thinking about plugins and what I have to deal with as a web developer.

I love coding, I can’t even get enough coding done in a single day to meet my personal quota. I know that I spend the majority of my time (maybe around 70% of it) patching and fixing plugins with security flaws and vulnerabilities. I can admit that this actually pays really, really good when it comes to coding.

While on the other side of plugins, I want to code my own for people. I rather be creating something new or a different take on a project. I think I could spend my time coding my own secure plugins and projects over having to patching other people work. This would most likely increase my happiness by ten fold.

Yet, at the same time, I don’t think that people consider security to begin with. In the last year [2015] I have seem coders and programmers still use $_GET over $_POST in forms. This is one of the biggest, and simple security issues which can be solved easily. I just can’t understand why people can’t make that small of a change in their code to solve the vast majority of issues which I see with plugin developers. I am seriously starting to think that they are just that lazy now.

Another important issue is that the WordPress developers are bragging that they have the biggest collection of plugins, addons, themes, this, and that to offer people when they choose the platform. I will admit that is true, yet the part of admitting that is that they lack security, performance, or even scalability at times. The first thing that I was taught was that security should always be first without exceptions. Then performance after that, then finish up with scalability and user experience.

These ideas where ingrain into me when I first started my classes in computer science to the point of that is all I know when I decide to code a small piece of software to a blogging web application. Thanks to other people who code in their free-time to the “professionals”, I am debating what they were taught when it came to online tutorials to their training in classes.

I also outlined why PHP sucks and the issues that revolve around it. Which can relate to this article easily because WordPress uses PHP for it’s choice of language.

WordPress is still Good

WordPress is still a good piece of software if you can run it as vanilla or as little plugins as possible. This will leave any open doors which the plugin system creates locked. A lot of the popular plugins such as JetPack, WP-Cache, and others should be pretty secure. Hell, they would have to be since millions if not hundreds of thousands of sites use them.

WordPress.com, which is the WordPress Team, hosting and managing your blog for you [all you have to do is write and configure some basic settings here and there] has some of the best features and goodies which plugins try to fill the void for. I will admit that I am currently using their hosted version for my own blog. The reasoning being that I just want to write and not manage much of anything outsides of my articles.

If you need a writing experience that allows you some pretty good controls on your articles, then WordPress is what I recommend for writers. If you are worried about security, there is some things you can do to help migrate an attack away from you, but I wouldn’t recommend it for that.

Other Content Management Systems

I have been doing a lot of research in the last few months for a replacement. This research has taken me far and wide when it comes to a blogging platform. I can say there is a lot of choices out there to replace WordPress, but for some reason I jus keep coming back to it. I just don’t know how to explain it.

I think if I gave some of the other platforms a chance, I would honestly go with one of them. Heck, the hosting provided by WordPress.com does more than everything I need for a vanilla experience with a new control panel and several features here and there.

Quality over Quantity

I don’t know about anyone else, but I would rather have a smaller collection of plugins that follow my general idealism over a huge quantity that is just thrown together. This is where I dislike this platform the most. I think if it wasn’t for this issue, a lot of the people who dislike WordPress thanks to it;s security could return.

I know that I could be spending more time developing new plugins and addons for this platform if there was less and less security issues with it. I would love to release several of my plugins which I have coded, yet people will just overlook them for a more popular choice.

If anything, a better ranking system on several factors would benefit everyone greater. Or setup a team to audit the plugins before they are added to their database. Drupal has a really good method and documentation for plugins, so they could pull somethings out of their playbook when it came to them.

Final Thoughts

I know that I don’t have all of the answers or even close to a strategy to fix any of these issues. Yet it is still important to talk about them as we head into the future with websites and web development. WordPress may die off in the future or still be around, yet I do worry about the cybersecurity of web applications. That is the first line of defense against hacking into a web server.

Show your support

Clapping shows how much you appreciated Traven’s story.