In trending news: An easy-to-exploit vulnerability in a popular WordPress plugin has triggered an internet-wide hacking spree.
Why You Should Avoid WordPress
Once in a while I use Wordpress. But its my last choice.
WordPress as an overall option is very insecure once you start using it seriously. Core WordPress itself is a fairly good CMS, provided that you update it regularly.
It’s often useful, however, to extend the functionality of WordPress by means of plugins. This is where the issues start.
Wordpress Plugin Dangers
But when you start adding plugins, these dangers arise:
Very quickly, the logic needed to deploy a single page adds up when you add plugins. At the time of this writing, a bare WordPress installation takes 31 megabytes to serve (before images).
After plugins are added, the “robust” “state-of-the-art” “solve-all-your-website-needs” plugins are added, that number goes up very quickly to 100s of megabytes needed to serve a page. Sometimes gigs. That’s kind of silly.
Jimmy is a coder. He just learned how to code in the last 6 months. Now he’s making a plugin. He deploys it on WordPress and it gets accepted into the WordPress plugin repo. People are now using Jimmy’s plugin. Jimmy is excited. He does an update that worked on his localhost, then deploys the updates. 50 of 100 sites take the update, and 30 sites crash. It didn’t hurt Jimmy though. He’ll handle it after his day-job.
This is a common story with WordPress plugins…bad coding. Even if they do not facilitate a break-in, they can (and often do) crash your site. Thank’s Jimmy. I enjoyed being your guinea-pig while you learn to code.
Sadly, the much bigger, more ambitious projects (such as the one linked above) can cause pandemic-level hackathons against millions of sites once a vulnerability is discovered.
And that really hurts the web. –> :( <– sad face.
It often happens that a simple “Upgrade Wordpress” action can crash your site. After the initial shock that the white-screen-of-death brings, you recover and hunt down the source of the issue.
The issue was this: An innocent plugin that was previously compatible is no longer such. And now you must manually log into your server to deal with the issue, if you can. You might not be able too. You might not know how. :o
Its Time to Move On
There are times when Wordpress is a good option. But it’s had it’s day. There are so many good web technologies out there you can safely abandon Wordpress. You owe it to yourself. You owe it to the betterment of humanity.
Think of the feeling of joy you will get when you witness your first fast page-load!
Author Leo Blanchette