I've done some Wordpress consulting work in the past. I wouldn't say I hate Wordpress. I advocate for it's use in some cases! I think it is a fantastic piece of software for what it natively does.
You want a blogging platform? Wordpress is one of the best, hands down. You want a basic CMS that is so dead simple that anyone that can use a word processor can update the website? Wordpress excels at this, because that is what it was designed to do.
But I do think it is a poor solution in a lot of cases where it has been shoehorned into. People keep grafting so much extra, unnecessary crap onto what is still, at it's core, a blogging platform. Often this is done by low-skill, low-paid "consultants" with very little experience in writing maintainable, secure code. Literally all they know how to do is write Wordpress code. I would often end up having to clean up the mess from these folks, who often still write PHP like it's 2007 and they haven't learned better [0].
Wordpress's architecture has, until relatively recently, encouraged this behavior. Their stubborn refusal to move beyond PHP 5 for many years (and continuing to support absolutely ancient versions of PHP 5 at that!) held their entire ecosystem back from writing better, more secure code for a long, long time. And, more broadly, held PHP as a whole back, as they were among its largest players. It was really hard to make the case for hosts to upgrade PHP when Wordpress still supported whatever ancient version of PHP the host was providing. Their internal architecture can be very messy in places and documentation often contradictory about what the "correct" or even preferred way to do something is because there are multiple ways implemented at different times.
I will give them credit: Wordpress itself doesn't have too many gaping security holes anymore. Most of those has been patched. It's the plugins and themes that provide the attack surface now.
The public plugins themselves (and to a lesser extent the themes) are of such widely variable quality that it is difficult to know what to use and trust. You're probably okay with the "official" plugins and most of the widely-installed third party plugins, but you get too far off the beaten path, you find a lot of garbage (and, to be fair, a few gems as well). And any custom plugin I find is immediately suspect for the reasons above. Building a theme? Which of these multiple ways of user customization do you support? All of them? None of them? Or do you just write your own customization further messing up the UX for writers and editors who have little idea how to manage Wordpress beyond the very basics of writing a post.
Oftentimes when I would come into a Wordpress case, there's 30 or so plugins installed, half of which are disabled and you have no idea what is causing the client's problem. It takes a few hours just to untangle the mess, and you can't ask the last "consultant" because they wrote garbage code, threw it over the wall and disappeared. It's the reason I usually don't take Wordpress cases anymore unless it's someone I know or an installation I did, myself, from scratch that hasn't been messed with by anyone else.
Wordpress is a great blogging platform and basic CMS. It's when people start trying to make it do things beyond this that problems start to accrue. I don't hate Wordpress. I hate what people try to do with it.
When Wordpress is your hammer, everything looks like a custom post type.
> It's when people start trying to make it do things beyond this that problems start to accrue.
Ugh, that just serves to remind me of the unholy, demented shapes I've seen (Fortune 500) companies are able to mangle SharePoint into. Customizability is usually a nice quality in general, but certainly not without any cost.
Jira is just infuriating. It is super configurable, but that configurability comes the cost of making it so ridiculously complicated almost to the point of unusability.
Let me be a SOB for a second and ask for your opinion. I'm interested in freelancing with WordPress, mostly small company websites, would you still recommend it for someone who's just getting in the market?
It's all about what the client needs. The advice I give on this subject these days is that Wordpress is fine to use for a blog or a very basic, low traffic read-only company websites. Think like a small restaurant or something. The two things to be aware of:
1. Somebody has to support it, whether that be you or someone who comes after you. While Wordpress doesn't have as many security issues in and of itself as it used to, it still does have some occasionally and will still need to be patched up to more recent versions. Security vulnerabilities in Wordpress are almost immediately exploited, so the sooner you patch, the better.
2. The minute you start trying to push Wordpress beyond the bounds of being a basic CMS or blogging platform (like adding online ordering, inventory management, etc.) you are better off finding other, better suited options.
> (like adding online ordering, inventory management, etc.) you are better off finding other, better suited options.
What better suited options? And why are they better for someone's small business or intention to sell a few products?
To be fair, the "online ordering" part is handled by services such as Paypal and Stripe. Wordpress is not doing the heavy lifting. Inventory is just a bunch of products sitting in the database. I'm not sure it's fair to describe this as "pushing beyond the bounds of a blogging platform". At the end of the day, you get a new item in the Wordpress admin "products". Click that, add products, enter prices.
Is it ideal? No. But what platform is that is affordable and predictable?
What I usually recommend at that point is that users do one of two things:
1. Switch to a hosted solution like Shopify for actual order processing, inventory, etc and keep Wordpress around for the read-only business type pages or blogs. Let each component do what it is best at.
2. Switch entirely to a hosted platform like Wix or Squarespace, which let you do both.
I have yet to encounter a Wordpress eCommerce plugin that wasn't, at some level, a disaster. Every one I have seen is janky and the code quality is usually quite poor.
There is also the security implications of doing this. Especially for small businesses, if you can't or don't want to pay someone to constantly patch Wordpress up against the most recent security issues [0] (again, in fairness, this is largely plugins and themes these days), you're taking a very real risk at having your installation hacked and possibly data exposed depending on the severity. I've seen Wordpress installs hacked within hours of a zero-day being dropped. Every plugin you bring in increases your attack surface, and the more complex the plugin, the larger the attack surface.
People really need to just let Wordpress be Wordpress. Wordpress was designed to be a blogging platform and basic CMS. Just because you can extend it beyond that doesn't mean it's a good idea. You can use a screwdriver as a hammer if you try hard enough, but that doesn't make it actually a hammer or the right tool to use.
I wouldn't recommend Shopify. Clunky, slow, overpriced. And business inventory shouldn't be outsourced and hosted on third party platforms.
Self-managed solutions offer more options to scale and add features, customization and generally taking control over the way your business is presented online. This matters, and customers notice the confidence of a business owning its online presence.
Doesn't need to be Wordpress, but even if it is, the option to use something like Snipcart is there if WooCommerce isn't wanted. No need to switch everything over to hosted solutions like Shopify.
> "You can use a screwdriver as a hammer if you try hard enough, but that doesn't make it actually a hammer or the right tool to use."
Not sure why you thought it necessary to expand "right tool, right job" into that longer version, but you're implying Shopify is the hammer. Why? Because it has "shop" in the name? They stack a bunch of technologies together just like everyone else. And with that comes attack surfaces and issues just like anyone else.
You want a blogging platform? Wordpress is one of the best, hands down. You want a basic CMS that is so dead simple that anyone that can use a word processor can update the website? Wordpress excels at this, because that is what it was designed to do.
But I do think it is a poor solution in a lot of cases where it has been shoehorned into. People keep grafting so much extra, unnecessary crap onto what is still, at it's core, a blogging platform. Often this is done by low-skill, low-paid "consultants" with very little experience in writing maintainable, secure code. Literally all they know how to do is write Wordpress code. I would often end up having to clean up the mess from these folks, who often still write PHP like it's 2007 and they haven't learned better [0].
Wordpress's architecture has, until relatively recently, encouraged this behavior. Their stubborn refusal to move beyond PHP 5 for many years (and continuing to support absolutely ancient versions of PHP 5 at that!) held their entire ecosystem back from writing better, more secure code for a long, long time. And, more broadly, held PHP as a whole back, as they were among its largest players. It was really hard to make the case for hosts to upgrade PHP when Wordpress still supported whatever ancient version of PHP the host was providing. Their internal architecture can be very messy in places and documentation often contradictory about what the "correct" or even preferred way to do something is because there are multiple ways implemented at different times.
I will give them credit: Wordpress itself doesn't have too many gaping security holes anymore. Most of those has been patched. It's the plugins and themes that provide the attack surface now.
The public plugins themselves (and to a lesser extent the themes) are of such widely variable quality that it is difficult to know what to use and trust. You're probably okay with the "official" plugins and most of the widely-installed third party plugins, but you get too far off the beaten path, you find a lot of garbage (and, to be fair, a few gems as well). And any custom plugin I find is immediately suspect for the reasons above. Building a theme? Which of these multiple ways of user customization do you support? All of them? None of them? Or do you just write your own customization further messing up the UX for writers and editors who have little idea how to manage Wordpress beyond the very basics of writing a post.
Oftentimes when I would come into a Wordpress case, there's 30 or so plugins installed, half of which are disabled and you have no idea what is causing the client's problem. It takes a few hours just to untangle the mess, and you can't ask the last "consultant" because they wrote garbage code, threw it over the wall and disappeared. It's the reason I usually don't take Wordpress cases anymore unless it's someone I know or an installation I did, myself, from scratch that hasn't been messed with by anyone else.
Wordpress is a great blogging platform and basic CMS. It's when people start trying to make it do things beyond this that problems start to accrue. I don't hate Wordpress. I hate what people try to do with it.
When Wordpress is your hammer, everything looks like a custom post type.
[0] https://phptherightway.com/