• Goodie@lemmy.world
    link
    fedilink
    English
    arrow-up
    29
    ·
    2 months ago

    is it decades of hacky code, or decades of battle tested code?

    I haven’t touched wordpress in… many years, but I’ve seen far too many developers look at old code and call it junk… only to break things horrifically when they attempt a rewrite.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      2
      ·
      2 months ago

      Hacky.

      Wordpress has a reputation for the most moronic security issues. Especially when it’s built on PHP, which has its own reputation for moronic security issues. And that’s saying nothing about the quality of plugin developers or plugin code.

      I’ve worked on Wordpress sites, plugins, and themes. That was many years ago now, but I doubt it’s changed that much. If anything, it’s mostly benefited from improvements to PHP.

      • fake@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        14
        ·
        2 months ago

        Has to rank as one of the most exploited pieces of software ever.

        Definitely be not aided by the fact it’s targeting an audience without the skills or knowledge to adequately configure, maintain and monitor it. And the plugin community only makes the vulnerability exposure worse.

        • webhead@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          Kind of the old Windows vs Mac problem though. It gets so many exploits because it is so ridiculously popular. No one is going to bother looking for exploits in shit that no one uses right? I’m sure they’ve got problems like any project but I’m not convinced they’re THAT bad. Not to mention a lot of exploits you see are plugins doing dumb shit, not WP itself.

    • chilicheeselies@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      Both honestly. Very spaghetti, but noone can deny that it just works from a user perspective. Would I want to maintain the code? Hell no! Do use it as an end user? Hell yeah!

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        Nah, not touching that with a 10’ pole. There have been far too many exploits for me to feel comfortable putting any of my important data on it. And it’s not just that it’s popular, the level of sophistication for these attacks are… alarmingly low.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            If it’s an e-commerce site, than people’s payment info, name, and address. If it has a login, then their login information (which they’re most likely reusing elsewhere). Even if it’s just a static site, than any data that might be hosted on the same server.