Quick judgments and strong opinions have unfortunately become part of the community.
Having spent the last 2-3 months working excessively on WordPress development, I would like to say a word about the excellent isolation of code with blocks ("Gutenberg"). As standalone plugins or in combination with Advanced Custom Fields, these allow for perfect, modular websites and development flows (design system), where even the HTML is 100% in your own hands. I can recommend everyone to understand and learn WordPress properly.
– no relation or connection to WordPress.
WordPress is a great blogging CMS.
The fact that people use it for something else is what create strong opinions.
Example : woo commerce.
Products ? In the WP_POST db. Orders ? In the WP_POST db.
And in every post about WP it says that using WP_POST for storing your data is good practice.
Well I don't think it is (but it's only my opinion. A strong one).
And the problem is that a LOT of plugins and themes are like that.
No longer true, at least for new installations: https://woocommerce.com/document/high-performance-order-stor...
Ok, sorry for this example. I last worked on one about a year and a half ago.
FYI, WooCommerce added the ability to store orders in a separate database table.
Do you mean table(s)?
Perhaps you mean 'table'?
I think most peoples judgments have been formed over 21 years. WordPress initially gained a reputation for being a fast and easy way to setup a website, then gained a reputation for being a security nightmare.
Maybe its not anymore but people are right to be sceptical. I sure do see a lot of CVEs in the weekly update I check - maybe they're all low risk, or relate to rarely used plugins.
I think the root of bad reputation was due to various plugins and their usage pattern:
lots of non-tech users heard that they can use plugins X Y Z for fun and profit, so they started to use them, but no one told them that managing dependencies requires some skill or at least discipline; that the fact some 3rd party pluggable software exists doesn't automatically mean it's good, viable, maintainable and safe; and that things in IT don't work by means of cargo cult, copy-pasting without underdstanding and by crossing fingers. So, there was a fallacy: these people believed (and many believe until this day) that they can remain being non-tech users while maintaining their wordpress-with-plugins installation, but it's impossible; one needs to become tech-aware in the process.
I am not sure what WP community did to dissolve this fallacy; maybe they did something. maybe didn't.
Personally (and this is just based on my gut feeling), I don’t think WP core is more insecure than other CMSes.
The real problem is the plugin ecosystem, which is not impossible to navigate for the disciplined, but at times bears resemblances to the Wild West.
So, what ends up happening is:
1. Cheap ’experts’ install every plugin under the sun.
2. One of these plugins inevitably gets pwned.
3. Headline: ‘WordPress backdoored’.
What's the best skeleton theme to build your own theme on in 2024, that supports Full site editing, Gutenberg etc?
After a decade away from WP I wanted to set up a new site. The default 2024 theme doesn't meet my needs, and I couldn't find a modern skeleton theme where I could add in Tailwind and build what I wanted. I've used https://roots.io/sage/ previously but they're moving further and further away from the WP way of doing things.
Edit: or instead of a skeleton theme, a good free FSE theme to build on?
https://fullsiteediting.com/themes/ has a list, including one or two skeletons.
I am tempted by Anders Norén's Björk, which is also FSE:
https://andersnoren.se/teman/bjork-wordpress-theme/
I think I did most of my learning with Carolina's own Jace theme.
(FWIW I have always thought the roots.io stuff is a mistake, conceptually.)
I made this - it's not free, but it's FSE and Tailwind: https://sinukoduleheabi.ee/blocks/
Can you recommend some of the better ways to understand and learn it properly?
(Worked with it extensively 2009-2011, including authoring/modifying plugins, but never felt like I really understood it, only vaguely understood/appreciated it)
Not parent but:
https://fullsiteediting.com will help you.
It's a great project.
I'm doing what you're proposing literally right now.
I have a fascinating error 500 on production because somehow, somewhere, today Gutenberg and ACF w/Blocks are having a disagreement on parsing the content of a nested media field. Which could be ranging from "the user added an image description where he shouldn't have" to "a global object from a plugin is polluting other global objects passed to acf_register_block_type()".
Maybe I should call the already irate client and tell him he should avoid quick judgments and strong opinions.
By the way, the issue was cunningly appropriate for this thread: Considering that in wordpress EVERYTHING is stored in the DB as an article in the WP_POST table (Yes, even stuff like attachments, images, and the menus) an hook from a slider plugin was messing up with the image descriptions, which are stored as...the main body text of an article. Which is actually an image.
In a classic wordpress install this would just cause some weird garbage in the output, but given that in a gutenberg+ACF setup the content data is passed to the React/Block rendering engine, it would absolutely go crazy.
But HTML is not in your own hands with WP. WP changes your HTML as it pleases. See my other comment as an example.
One of my first programming moments when I was a child - I naïvely opened the wp index.php to understand how it works. I remember I couldn't understand a thing except the comment in the top of the file "code is poetry".
Dear op thank you for changing my mentality about code, inspiring me and pushing me into it.
It sure seems that way until you need to get just a little bit deeper and you realize what a dumpster fire WordPress is.
You want metadata on posts, you install ACF. You want to filter on that metadata, good luck if it's over a couple filters simultaneously, the SQL queries will time out. Take a look at WP's insane schema to figure that one out.
Gutenberg promises to have WYSIWYG editable React components, which is a big deal, but they made insane decisions like storing the attributes in HTML, rendering HTML in the database, and requiring component developers to keep an array of deprecated changes when they want to modify anything on the component.
There are some people trying to untangle Wordpress by refactoring and bolting Laravel onto it[1], but every layer is just a nightmare; the authors of different parts can barely assess why things randomly break.
You might find WP appealing for the plugin ecosystem, but the plugins are completely random in implementation, so you're likely to get a bloated scramble of CSS and JS pushed to your users.
I moved to Directus and Astro, but I would probably use a Laravel-based CMS like October or Statamic for more generalized PHP deployment.
[1]: https://roots.io/
The thing is, there are a lot of other CMSs out there, which can do this as well with much less bloat. Statamic, Craft CMS etc.