An ode to WordPress
I dumped WordPress from one of my sites last month and a few people have asked me why. It was a simple choice: the site was compromised to the point where recovery required a reinstall. It was fully patched setup that used strong passwords, hosted on a secured *nix server. A simple, sloppy WordPress coding bug was used to exploit it before a patch was available. This all happened the day before I was set to go on holidays.
Luckily it was my personal comic site and not a client site. I shut the site down, backed up the data, and enjoyed a nice holiday with my family. And I left it for a few weeks after I got back. I had to think about this one.
I have a basic principle where I avoid rewriting software that exists in abundance. Like weblogging software, for example, there are hundreds of tools out there. How can writing my own possibly be a good use of my time? How can it be faster?
It ends up in some cases it’s both faster and worth my time.
I’ve set up a few dozen websites using WordPress, and several dozen using other systems. A simple site takes a few hours to install and theme minimally, and several hours to fill with content and customize (plugins and advanced features/theming). Most theme and plugin systems do the simple things well enough, and the hard things with a certain amount of pain and suffering. Optimizing a site to survive the onslaught of the writhing nematodes takes additional time, as does regular patching and monitoring.
So in a day I put together a simple comic site using CodeIgniter and a few hundred lines of PHP. It includes an admin panel to add and edit comics and site pages. I use Markdown to markup the pages, and a custom plugin to process the comic references. The site can re-render the comics from SVG to PNG, and it provides other basic features like RSS and pingbacks. The theme engine uses … wait for it … plain old PHP, which makes a surprisingly excellent template engine.1
How is that any better?
It isn’t any more secure2, but it is far simpler to work with. Adding features doesn’t require pulling apart a framework to figure out why it’s not working. I just write a bit of SQL and PHP, and I’m done. The editor has a full window edit field and minimal meta-data, and it knows what SVG is (and can do something with it) without climbing through layers of plugin and theme engine documentation.
I have a few static sites that I had been planing to turn into WordPress installs. I’ll think I’ll stick with static pages for now, as they’re easy to update, and they don’t require tuning or constant security monitoring. I’ll stick with WordPress here for now, but I’ll consider something like Blosxom again (or Tumblr) if WordPress fails me again.
So WordPress, I’m breaking up with you. It’s not me, it’s you.
- I’m mocking the web tools that define their own template language from within PHP, which is itself a fine text template language. Most of these template languages are worse than PHP, which is funny in itself. ↩
- Other than the smaller number of code paths, checked parameters, and avoidance of 3rd party plugin code ↩