Pain Points of Web Development with WordPress

(medium.com)

60 points | by prostoalex 1654 days ago

11 comments

  • jawngee 1652 days ago
    This article is mostly nonsense.

    I've found there are various gradations of WordPress developer and the "pro" guys are a very competent and very pragmatic bunch.

    - Most "pro" guys limit the number of plugins they use.

    - They use ansible or similar for provisioning and deployment.

    - They use sane theme frameworks like sage, timber or stem.

    - They know how to do caching without using clunky caching plugins

    - They try to adhere to 12-factor where possible

    - They do their own devops

    I mainly consider myself an iOS/Cocoa developer but I do my fair share of web development including WordPress. I even sell a pretty technical WordPress plugin (https://mediacloud.press). I don't recommend or choose WordPress because it's a great platform, but because it can be a solid pragmatic choice considering all things like time and budget and client experience.

    But for the average joe, it sure provides plenty of ways to shoot yourself in the face. That said, what other options exist for them if Wix isn't enough?

    • gk1 1652 days ago
      Article rings true for every WP instance I've seen and managed.

      No doubt there are pros who do it the way you described, but what percent of WP installations do you think are managed by people like that?

      There are many developers more skilled than "average joe" but below the level you describe, and they have plenty of other options: https://headlesscms.org

    • 4mpm3 1652 days ago
      Just chiming in to say this article isn't saying "WordPress is terrible because ..." but "watch out for these traps that are all-too-easy to fall into."
    • ignoramous 1652 days ago
      The article might sound non-sense (to you, a power-user?), but most people do require a simple to setup and use software, too. That's how usually things are. Photoshop was great, but then came along Sketch and Figma. Lotus was great, then came along Word and Docs; but there's market for plain-text editors like notepad++ / cot-editor, too.

      The other day I saw a ms-excel to webpage builder shared on news.yc voted to the front-page, there's also a google-sheets to app builder that did YC last year... I wonder if there's a market for notepad / word / docs to webpages, too? This article makes it seem like there might be one.

      • WhiteOwlLion 1652 days ago
        If GitHub Wiki could get image pasting like issues, or GitLab Wiki could make it your own domain name, something simple like the wiki could be really useful for non-techy crowd that wants a simple web presence where they can insert/update/delete content.
        • ignoramous 1652 days ago
          Posterous was genuis: Blog posts over emails. Its primary competition, tumblr, grew big with super easy sharing mechanics. Notion.so now with its Swiss army knife of products, esp with wiki-like semantics, has taken off as not only an Evernote alternative but for documentation, as well. And there's of course, Netlify that turns GitHub repos to websites; plus tilda.cc and the like are growing, too. This area (low-code websites) is ripe with budding upstarts.

          I personally use https://1mb.site for simple pages, but it still isn't easy to use.

    • calibas 1652 days ago
      The article isn't nonsense, it's just written for the kind of person who isn't comfortable writing their own plugins.
    • bookofjoe 1651 days ago
      I'm an average joe (literally) and I've been using TypePad for my blog since 2004. From what I read, I may be their only customer.
    • burnte 1652 days ago
      Agreed. Plugins make it flexible and extensible, and if you use too many of them you're an idiot. Attack surface is a problem everything has, so that's not even valid, and considering you can only use the plugins you need, WP has a smaller attack surface. Live changes? I'm sorry, it's Wordpress's fault you don't have a dev environment?

      Themes, yes, that's valid, they can be constraining. So is buying the wrong type of automobile. Deal with it.

      • viraptor 1651 days ago
        Dev environment for WordPress is really hard to achieve. Or more precisely, testing changes on one deployment and then pushing them to another instance without wiping all the other state.
        • burnte 1651 days ago
          As someone who has been developing for WP for over ten years, no, it's not difficult at all. It's just a very minor about of planning, and working with a process.
          • viraptor 1651 days ago
            I believe the point in the article was about changes to the website itself. So what's the process here? Let's say you want to move some boxes around on the site, while another person writes a new post. You've got the change in dev and a new post queued in production - how do you merge that? Custom, partial db sync?
            • burnte 1651 days ago
              Theme changes don't affect the content DB. You'd make your change in dev, verify it, then change the prod theme without worrying about content.

              Wordpress is PHP (and html/css/js/etc)and SQL. WP does not inherently do staging, so you set up a dev environment. You sync content from prod to dev, make code tests on dev, then copy them to prod. It's not hard.

              • viraptor 1651 days ago
                No, I get it, but that's not what I meant. I meant changes to page layout/design which is in the db.
                • burnte 1651 days ago
                  Unless you have people making multiple layout changes at the same time you shouldn't have collisions. It's 2019, you don't need to lock an entire DB to make changes to tables. You can sync those changes while content changes are being made if you so choose.
    • rob-olmos 1652 days ago
      Do you have a certain process or library to version control a WP code base/database? TIA
  • earthboundkid 1652 days ago
    Issue 3 (all changes are live) is the core proposition of WP. If you're non-technical, it's great: you click some buttons in a GUI and your website changes. If you're technical, it's hell. Trying to develop without git is like write a novel without the backspace key.
    • thismyrealone 1652 days ago
      I never really had issues with the immediate changes in WordPress, but that was also before I had a professional job and was dealing with WordPress as more than just a hobby or pet website. It's fairly nerve wracking sometimes just to update plugins or test out minor appearance tweaks. I should probably look into building an actual staging environment like the article suggests.
    • 4mpm3 1652 days ago
      They do have change tracking and scheduled posting (essentially staging) for content, though. But if you're actually building the site, they assume you either don't care or are going to manage the process is some other way of your own devising.
      • earthboundkid 1652 days ago
        "They assume" is probably too much credit IMO. It was the mid-2000s, no one knew what they were doing, least of all the WP core team (the security holes show that), so they made a product with a design that no longer make sense, but it's hard to evolve away from.
  • badrequest 1652 days ago
    > For example, imagine you build the plainest possible website, with static content. Do you want WordPress to run PHP on the web server every time someone visits a page? Of course not. But unless you install a caching plugin, that’s the situation you’re in.

    Or, and maybe I'm being crazy here: don't use Wordpress if all you need is a static site?

    • tomcooks 1652 days ago
      Cue in Concerned Client #382716: "but then how do we update the website independently"
      • earthboundkid 1652 days ago
        NetlifyCMS :-)
        • tomcooks 1647 days ago
          Needs server side is, most Concerned Clients have a cpanel shitsite with PHP and mysql
    • billars 1652 days ago
      caching is not about loading a static version of your website, you could cache parts of the page and/or regenerate whole pages if content changes; diverging from the intent of the post you could also talk about caching php objects in some persistent way etc.. none of which is covered by out of vanilla wp even if the core exposes an object caching api https://codex.wordpress.org/Class_Reference/WP_Object_Cache.
    • 4mpm3 1652 days ago
      This means "even if your WordPress site is as simple as you can imagine, there's still PHP running to make it happen"
  • amiga-workbench 1652 days ago
    The content migration situation between a development environment, staging and production is just silly.

    I've written database diffing and bulk replace tools just to make this simpler and I still have ways to go before it becomes anywhere near sane.

    I honestly think WordPress has cognitohazardous effects on developers, after enough exposure you start normalising the most insane development practises.

  • onion2k 1652 days ago
    WordPress is ace if you stick to what WordPress does well. As soon as you start trying to push it to be something else (ecommerce, surveys, complex custom data stuff) things get hard to manage quickly.
    • josefresco 1652 days ago
      Ecommerce is very mature and stable thanks to WooCommerce, which is now owned by Automattic. Granted, most implementations include customizations that make maintenance and bug fixing a headache, but that isn't the fault of WP or WC, it's the fault of the developers who hack away without documentation or regard for maintainability.
      • badrequest 1652 days ago
        WooCommerce significantly slows down Wordpress such that I have a hard time describing it as mature or stable. Take, for instance, the latest Kinsta benchmarks which show a plain Wordpress installation running PHP 7.3 going from ~250 RPS [1] to under 70 [2] after installing the latest WooCommerce.

        [1]: https://kinsta.com/wp-content/uploads/2018/12/wordpress-5.0-... [2]: https://kinsta.com/wp-content/uploads/2018/12/wordpress-5.0-...

        • josefresco 1652 days ago
          The more nightmare WP/WC implementations I have to deal with the further it pushes me to recommend something like Shopify. Only if the client needs extensive customizations do I recommend WP/WC, and only if they agree to regular maintenance.

          Falling 2, or even 1 release behind makes maintenance a nightmare.

          I also explain to people that even though WP and WC are free, and very easy to install/setup, you're essentially running your own ecommerce software platform, and are on the hook for maintenance and any problems (security/scaling etc.) whereas hosted platforms like Shopify take a lot of that off your plate.

          • badrequest 1652 days ago
            I worked for a Wordpress host I won't name, and I can tell you that 99% of our installs that had WooCommerce installed also had zero products for sale. The install base is huge, but the number of people meaningfully using the software is a small minority of that huge value.
          • CM30 1652 days ago
            My experience with WooCommerce is that it's probably the best of a poor bunch if you need a somewhat customised ecommerce site but don't have the funds/resources/expertise to build one on something like Magento.

            Because as questionable as it may be resources wise, well it compares pretty well to the likes of OpenCart or OS Commerce, and significantly better than other WordPress shop plugins I've seen in the past (like Shopp). At least you can take your WordPress development knowledge and apply it to templates/plugins, have some decent documentation lying around to fall back on, and don't have plugin developers trying to nickle and dime you for every little thing.

            There's probably a market in there somewhere, if someone wanted to actually create a decent ecommerce system that doesn't require a ton of resources, doesn't rely on another system to function and whose community actually knows what the hell they're doing.

        • victor106 1652 days ago
          WooCommerce sounds like a good concept (built on top of WP) but its a terrible platform. You can't scale and you need to be more than a pro to use it effectively.

          I've seen many customers struggle with it and move to Hybris or Magento.

          • badrequest 1652 days ago
            Having to choose between WooCommerce and Magento is like asking which leg you'd like to be burned off.
            • victor106 1652 days ago
              I agree a 100%. Magento used to be not so bad but after the Adobe acquisition its tended to be terrible in terms of implementation and pricing.

              Hybris has a very good comprehensive and stable and extendable ecommerce solution. The only downside is its from SAP and not open source, which might not be bad for a medium sized to big ecommerce shop.

      • pavel_lishin 1652 days ago
        > Ecommerce is very mature and stable thanks to WooCommerce

        Unless you have a very large set of products, in which case Wordpress grinds to a halt.

        Unless, of course, you find the magic plugins that don't update product counts on every update... or figure out how to hook into the system and override it myself.

        I meant to write up a blog post about this, but honestly, once the problem was solved, I had very little interest into peeling up that particular bandage to poke around underneath.

      • mgkimsal 1652 days ago
        > it's the fault of the developers who hack away without documentation or regard for maintainability.

        but... that seems to be any WP tool that is popular. Many of the WP ecosystem stuff I've seen is popular precisely because it's not maintainable.

      • onion2k 1652 days ago
        No doubt that's the reason, but WordPress doesn't make it hard to write plugins badly, so it's not exactly helping.
  • pavel_lishin 1652 days ago
    We had a Wordpress site at work, and ended up working around the staging issue by paying Pantheon for hosting. You can actually use git to manage code changes, and propagate changes to an intermediate staging environment before pushing to production; they also offer pretty simple tools to copy the database into staging from production as well.

    All in all, it downgraded the Wordpress development experience from a hell to a heck. It was still unpleasant, and we still had a lot of pain points, but it did solve problem #3. (Although, I do have some other issues with Pantheon as well, but they're largely orthogonal to Wordpress proper.)

  • cuu508 1652 days ago
    > 2. The expanded attack surface

    I'm a fan and a customer of https://www.hardypress.com/ –– they run Wordpress in a sandboxed environment, and have a "publish" function that exports a static site.

    Of course that limits what you can build – for example, you would need to use 3rd party services for blog comments and for contact forms – but for many use cases that's OK.

    There is also the "Simply Static" Wordpress plugin that can export a static site.

    • petra 1652 days ago
      Hardypress looks very interesting.

      How fast is the exporting , for a big site(thousands of pages)?

      • cuu508 1652 days ago
        I don't know – I've only used it with small sites, a few dozen of pages or so. For those the export (from pushing the button to seeing the changes live, served by CDN) takes 30-60 seconds.
  • CM30 1652 days ago
    This article seems to be more WordPress install/customisation pain points rather than development ones. For example, while plugin conflicts are definitely a thing, they're usually not that big of a deal for longtime WordPress developers, since they'll custom code as much as they can and stick with tried and tested plugins for the rest. So they generally won't have to worry about multiple plugins doing the same thing.

    Nor will the attack surface issue to be as much of an issue for similar reasons.

    Similarly, most longtime devs will code their own WordPress themes for every project (or use a framework they developed themselves), and have things like local versions of sites as everyday procedure.

    This isn't a large company and WordPress guru thing. It's an 'anyone who's worked with WordPress on a more technical level for more than a year or so' thing. Web development and marketing agencies do this, freelancers do this, startups do this and individuals running their own sites often do this too.

    Hell, it's what I do for all my own projects.

    So yeah, it's not really about pain points developing with WordPress. It's about pain points from people installing WordPress + themes and plugins who aren't skilled at developing for the system yet, or who are mostly non technical and relying on premade resources.

  • josefresco 1652 days ago
    Caching and "staging" problems are solved with proper "managed" hosting. Genesis is a great framework but often times I fund under-qualified web people use it only because they read a "best practices" article, and have no idea how to properly use, or more importantly maintain it. For us (who inherit these sites) it's just another dependency.
  • flywithdolp 1654 days ago
    https://news.ycombinator.com/item?id=20998288

    Someone submitted article about Wordpress alternatives like an hour ago

    For me the only issue with Wordpress is the security problems

    Using wordfence atm

    • josefresco 1652 days ago
      Security and performance is why we moved our WordPress clients to WPEngine about 5 years ago. If you can't move web hosts, Wordfence, WP Cerber and of course Sucuri make sense.
      • x0x0 1652 days ago
        We've declined to play and are using static html plus a headless CRM.

        It's a little clunkier but I can ignore the endless CVEs wordpress generates.

      • petra 1652 days ago
        I work in a small business , and we have a lot of security issues with wordpress.

        So I'm looking for a solution.

        Did WPEngine solved all of your security issues ?

        What kind of expertise does it require , how does the process of using it looks ?

        • winternett 1652 days ago
          Drupal has worked for me for many years, the modules are usually all free to use and to modify... There are very specific ways of doing things to ensure updates can happen without flaws, it has quite a learning curve, but the security benefits outweigh all of that.

          Drupal's abstraction layer is what keeps it secure. You also can restrict permissions granularity, and it's core functionality does most of what you need to create a simple site.

          Administration menus don't change with themes chosen (unless you specify it to). If you have a high traffic site, you can simply use cloud flare, or system caching, or pay for higher tier services like Akamai.

          I'm not an evangelist for Drupal though, it's not meant to fit every case, so I'll just leave it at that.

        • josefresco 1652 days ago
          > Did WPEngine solved all of your security issues ?

          No. Because I'm paranoid and have been hacked before, I still apply additional "hardening" to WordPress. We use various plugins, and Cloudflare to further enhance our client's security.

          However hosting with WPE had allowed me to sleep at night, whereas previously I was constantly worried about performance and security of our VPS/dedicated boxes. I'm not a server admin, and if more webmasters were honest with themselves they'd admit that too. WPEngine takes care of running the infrastructure and I can focus on design and building great websites.

          The reason I still host and advocate for WPE is the quality support. It is by far the best hosting support I've ever worked with. I have other beefs with WPEngine (for another time) but am happy to continue working with them - never going back to a "VPS" model.

        • dgb23 1652 days ago
          WP Security issues come from many things, including:

          * non-validated user input from ad-hoc code * not being up to date * plugins not being up to date * plugins not being understood, malicious code (eval, header manipulation and so on) * unsanitized output (wp offers sanitization for common types but you have to use it explicitly) * code being accessible that shouldn't be * users (clients) having too many capabilities

        • kd3 1652 days ago
          Could you elaborate on security issues you encountered?
  • brightball 1652 days ago
    I wonder if the author has tried TypeRocket? The WP devs I know who use it tell me that it improves things so much it should just be the default.

    https://typerocket.com/

    • kevindees 1652 days ago
      WordPress is in a weird place right now as the PHP community has matured into MVC+ for some time now... WordPress core... not so much. Tools like TypeRocket are a must-have to seasoned WP devs.

      But, if something like TypeRocket was added into WP core, I believe, the plugin ecosystem of WP would greatly improve moving forward.

      These frameworks not only add MVC into WP but they also provide a common interface to create plugins. These common interfaces can be a simple as input fields with model binding but also extends to interactive HTML tables with model binding and OOP and autoloading and dependency injection and IOC and so much more.

      I get that WP is trying to move toward JS and Guten-Blocks at the moment but the neglect of MVC and adding a common interface causes me to wonder what WP is really trying to do.

      It seems like an easy win to add something like TypeRocket to WP core. And, the benefits: a proper layer of security built into forms, unified design athstetic in the WP admin, plugin interoperability, huge reduction in code bloat and plugin hell, and the list continues.