Has the web dev messed up?

[SantaMuerte]

Yeah it generally works best for content sites where the customer is going to constantly have non-dev people updating it.


Sent from my iPhone using Tapatalk Pro

Correct. The clients I get that insists on Wordpress sites are the ones that want to update the sites themselves. I don’t even bother to include those in my portfolio. 9 times out of 10 they fuck the sites up within the first week.

 

[souljazk]

Nope there isn’t. But in it’s basic form it’s just a blog tool and it’s vulnerable.

Wordpress takes a lot of configuring and optimization if you want to use it to deliver a truly professional website. There’s a reason all these R999 Wordpress website agencies’ work looks like ass, performs terribly and gets hacked so often. They put no effort into the sites.

Most times I find it faster and less of a hassle just developing a site from scratch than using Wordpress.

In the cases that I do use Wordpress (which is mostly on a client request basis) I remove quite a bit of the Wordpress code and I tweak some of it’s base code too.

For that kind of money I would at least have expected them to use iThemes Security which is a very good security plugin for Wordpress.

Let me tell you a joke (Please keep in mind that in the last 4 days I'v learnt more about website "security" then I have in the last ~10 years.)

SO the owner said "More plugin's = slow site" & that they must ASK the client IF they want a security plugin... (I wonder if an attacker would be so kind as to ask before taking action?)

I have ~10x plugin's, mainly security based stuff. Using Chrome inspect -> Audit I scored a poor 20/100 .. Some research later I got it to 26/100 lol. Their website score for performance...

 

[SantaMuerte]

Let me tell you a joke (Please keep in mind that in the last 4 days I'v learnt more about website "security" then I have in the last ~10 years.)

SO the owner said "More plugin's = slow site" & that they must ASK the client IF they want a security plugin... (I wonder if an attacker would be so kind as to ask before taking action?)

I have ~10x plugin's, mainly security based stuff. Using Chrome inspect -> Audit I scored a poor 20/100 .. Some research later I got it to 26/100 lol. Their website score for performance...

More plugins does not necessarily equate to a slower site. Such a dogshit excuse. Sure, some plugins do slow Wordpress down, no doubt. However, those are normally shitty developed and free plugins.

Could you send me a link to said website that scores 1 for performance? I need to see that. I’ve never seen that in all my time of doing web dev. Whoever did that site must be the worst “developer” on the planet 🤣

 

[souljazk]

More plugins does not necessarily equate to a slower site. Such a dogshit excuse. Sure, some plugins do slow Wordpress down, no doubt. However, those are normally shitty developed and free plugins.

Could you send me a link to said website that scores 1 for performance? I need to see that. I’ve never seen that in all my time of doing web dev. Whoever did that site must be the worst “developer” on the planet 🤣

Your profile is limited. PM me please

 

[souljazk]

More plugins does not necessarily equate to a slower site. Such a dogshit excuse. Sure, some plugins do slow Wordpress down, no doubt. However, those are normally shitty developed and free plugins.

Could you send me a link to said website that scores 1 for performance? I need to see that. I’ve never seen that in all my time of doing web dev. Whoever did that site must be the worst “developer” on the planet 🤣

My thinking exactly, as little as I know about this side of IT (Prob also 1% bwahah) I know that proper plugin's + ability to actually code will result in a reasonably fast site.

 

[SauRoN]

More plugins does not necessarily equate to a slower site. Such a dogshit excuse. Sure, some plugins do slow Wordpress down, no doubt. However, those are normally shitty developed and free plugins.

Could you send me a link to said website that scores 1 for performance? I need to see that. I’ve never seen that in all my time of doing web dev. Whoever did that site must be the worst “developer” on the planet [emoji1787]

Yeah it makes no sense to me.

Most of that stuff happens on the server end before serving the page it shouldn’t have any effect.

In fact a lot of it would make it faster.


Sent from my iPhone using Tapatalk Pro

 

[souljazk]

Yeah it makes no sense to me.

Most of that stuff happens on the server end before serving the page it shouldn’t have any effect.

In fact a lot of it would make it faster.


Sent from my iPhone using Tapatalk Pro

This was somewhat my reply to them today. To purely show they are talking kak (for what its worth VS my knowledge of such things) , I have ~15 plugins (one for cache and 2-3 for security) and then a "heavily" modified htaccess file in the root...

They say "The htaccess file is already protected through two different security plugins. Messing with it even more, might have a negative impact on the website (i.e. it can interfere with the website’s permalinks, hyperlinks from one page to another, might prohibit users from certain countries to visit the website, etc.)." . These are the same folks who said that a SSL cert will prevent hacking of the site.

Chromes audit tool gives them either 0 or 1/100 for performance, while mine is now at ~49/100 with my "abuse" of plugin's & what in their mind I can only imagine would be an "obese" htaccess file.

 

[ian_stagib]

R 50k to setup a WordPress site? I'm in the wrong business.

I think you need to consider that it's not just a wordpress site, it's the customizations of the look and functionality if it's not driven by plugins. Clearly it's not driven by a simple theme and plugins otherwise they wouldn't have had security issues

 

[Oj0]

I think you need to consider that it's not just a wordpress site, it's the customizations of the look and functionality if it's not driven by plugins. Clearly it's not driven by a simple theme and plugins otherwise they wouldn't have had security issues

I think the security issues actually point directly to it being driven by plugins, and the "dev" not knowing which should be installed. When I do a WP site for literally 1% of the amount, the security plugins are some of the first things to be installed.

My thought is that this "dev" didn't install any plugins, or trying hacking one to pieces with a few online tutorials and opened up a hornets' nest of security issues. I've seen it many times before.

Think of it this way. A massive chunk of the internet runs on WordPress, including Facebook Newsroom, Flickr Blog, Mozilla Blog, US DoD Blog, Bloomberg, Walt Disney, Sony Music, Microsoft News, Mercedes Benz, BBC, Wired, Time, Home Depot, AMC, Yelp, IBM, Go Daddy... The list is endless. A quick glance at the Wiki page suggests that a third of the 10 million biggest websites in the world run on WordPress. I truly don't think that would be the case if WP were inherently insecure, and any dev worth their salt should be able to build upon the CMS without bringing security to its knees.

 

[Eddie]

Can somebody put a TL;DR

I want to know what the cause was.
I assume it was like a review plugin that didn't escape JS?

 

[Deleted member 39861]

R 50k to setup a WordPress site? I'm in the wrong business.

Yes sir, it's hard work

-TechNerd