47

I hate Wordpress. I hate Wordpress. I hate Wordpress.

Wordpress can take a big shit on itself and crawl into a deep dark hole far away from all that is good.

Who even uses Wordpress? Bloggers? Come on, let’s be honest, they’re using more intuitive sites like weebly, wix, and square space. So WHAT is Wordpress for? I’ll tell you, it’s just to FUCKING TORTURE PEOPLE.

So, being the “techy guy” of the family, a relative contacts me asking for some help with their website because they need to install an SSL certificate but they don’t know how to. I tell them I’d gladly do it because, sure, they’re family and how long can it possibly take to install a certificate? I’ve done it before!

Well, I get to work and log into the sluggish Wordpress dashboard and try to use a plugin that would issue a LetsEncrypt certificate because they are free and just as good as any other SSL. But one plugin after the next I keep getting errors about how my hosting wouldn’t allow it.

So I contact GoDaddy (don’t get me fucking started) and ask them about the issue. The guy tells me it’s “policy” to only be able to use GoDaddy’s certificates. How much do they cost? Oh, how about $100 a year?! Fuck you.

I figured out the only way to escape this hell was to ask them to open an economy Linux hosting account with cPanel on GoDaddy (the site was formerly hosted on a “Managed Wordpress” account which is just bullshit for not wanting to give you any control over your own goddamn content). So now I have to deal with migrating the site.

GoDaddy representative tells me that it should only take 20 minutes for me to do this (I’ve already spent way too much time on this but whatever) so I go forward with the new account. I decide I should migrate the site by exporting a backup and manually placing everything on the new server. Doesn’t it end up taking an entire hour to back up a 200MB site because GoDaddy throttled the processing speed?!

So, it’s another hour later and I’ve installed all the databases and carried over all the files. At this point, I’m really at the end of my rope and can’t wait to install the certificate and be done with this fuckery.

I install the certificate and finally get ready to be on my way, but then I see it. A warning. A warning from my browser telling me the site is only partially secure. It turns out the certificate was properly installed but whoever initially made the site HARDCODED ALL THE LINKS to images, websites, and style sheets to be http instead of https.

I’m gonna explode.

I swear, I’m gonna fucking explode.

After a total of 5 hours of work, I finally get the site secure by using search and replace on every fucking file.

Wordpress can go suck a big one. Actually, Wordpress can go suck the largest fuckin one in existence and choke on it.

TL;DR I agree to install an SSL certificate but end up with much more work than I bargained.

Comments
  • 0
    There are plugins to convert wordpress sites to use ssl certs. I have used those to go from regular url to https url in a just a few minutes. I don't understand why you would need to search and replace anything. Are you self hosted or wordpress hosted?
  • 0
    @Demolishun I used a search and replace/force ssl plugin. But wouldn’t have been allowed to do that on the “Managed Wordpress” account by GoDaddy but am able to with the regular hosting account.
  • 2
    @techquaker I left godaddy a long time ago due to shit like this. Wordpress is actually really nice to work with IMO. I use some canadian hosting that is about $10 a month and I maintain websites for other people on my account. In the long run you might consider changing. You can host for as low at $5 or less month. Stay away from EIG owned hosting companies though. They are cancer.
  • 1
    @DemDefinitely,@Demolishun Definitely, I don’t use GoDaddy, it’s just that my relative does. I’m currently using Namecheap right now. And what’s EIG?
  • 2
    @techquaker

    https://en.wikipedia.org/wiki/...

    Its a mother company of a lot of hosting companies. I had a bad experience with 2 of those companies. Found out later I am not the only one.
  • 0
    @Linux look at the previous comments, I clarified that. And woah, you’re coming on a little strong don’t you think?
  • 0
    @Demolishun wow, good to know it’s a systemic problem haha
  • 3
    For that hardcoded http stuff, just use htaccess with upgrade-insecure-requests in the content security policy. Make sure not to send CSP headers for plain http (just as specified).

    Done.
  • 1
    @Fast-Nop thanks for the advice, that’ll definitely come in handy next time
  • 2
    There is also a Plugin called Velvet Update URLs and it updates everything within seconds ;)
  • 1
    @wolfmaster8 thanks that’s also really helpful. Hopefully I won’t have to deal with Wordpress again though haha
  • 4
    @techquaker it's a bad experience, but after years I realized that WP is a good way to do a website in a short time. You can also use Wix, Weebly, etc. But they are gonna ask for money for everything you want to do. WP is free.
  • 1
    @wolfmaster8 You have a good point. Never saw it that way :)
  • 3
    @wolfmaster8 The worst part of Wix etc. is that they hold your website captive so that you can't migrate away. What companies would resort to such a fishy scheme?

    Obviously those who know that their offer seems convincing only at the first glance, but not in the long run.
  • 1
    Plus that I came to value my priority for portability when Let's Encrypt started - and my hosting provider refused. Instead, he tried to upsell me some of his DV certificates, allegedly because phishers were using LE. Of course, he lost me as customer.
  • 2
    @Fast-Nop Exactly! That’s what bothered me so much! I couldn’t do what I wanted to do with the site because they didn’t want to give me any control!!! It’s definitely a thing I don’t want to experience again. You’re right, portability is paramount
  • 2
    @techquaker
    >@Linux look at the previous comments, I clarified that. And woah, you’re coming on a little strong don’t you think?

    don't take it to heart man! just thank him for his suggestion and tell him to eat a dick afterwards or tell him he's the retarded one for not reading properly.
  • 1
    @jesustricks thanks 😂
  • 2
    ... you don't want to know how many companies use wordpress, for what a wide range of things it should have never been used for.

    (let's forget for a moment that it should have never been used for anything in the first place)
  • 0
    @Midnigh-shcode yup I definitely don’t want to know. I think I’d just cry if I ended up working at a company that uses Wordpress
  • 3
    Mainly a hoster issue. Mine automatically keeps the Let's Encrypt certificate valid.

    Dunno what WP has to do with that...
  • 0
    to migrate site use Akeeba backup. Make backup and restore it elsewhere. It seriously can do wonders.

    Edit: no idea why my coment auto-duplicated
  • 1
    @DubbaThony The dupe thing happens sometimes.
  • 0
    This would take me an hour, sounds like a GoDaddy issue not a WordPress issue. You blaming WordPress shows that you are probably a bad PHP developer.
  • 1
    @Drmzindec

    While task itself indeed easy, wordpress deserves a lot of blame, in my honest opinion. And this has nothing to do with beeing good or bad PHP coder.

    Edit: ofc hoster problem.
  • 1
    @wolfmaster8 Or just set the URLS in the config and dont touch anything else.
  • 0
    @DubbaThony Why does WordPress get the blame? It did nothing wrong here, this issue was with the hosting! Im no fanboy of WordPress but its not a bad system if you know how to work with it properly and what its capabilities are.

    Most of WordPress "issues" comes from bad developers that have no idea what they are doing.
  • 1
    @Drmzindec

    In general, wordpress is... You seen wordpress database?

    Its quite resource hungry, it's coding patterns/standards looks like some sort of joke, and Im not talking about like idk camelCase vs snake_case. Somehow there are open sources that have less issues. Codex, although i didnt check up on it last year or so, was and maybe still is... Okay, better than nothing but still far from goos enough.

    Its database structure is... Well, tough shit if you want to do something in it. Why not have fqdn in separate record, and make everything actually use that record. Sure, there are devs who done shitty plugins and shitty themes, so everyone can suffer in the end. But than, since wordpress has its own "store" why not have some community controll over code quality?
  • 1
    Ive seen the database yes, its not great and ive seen much worse. Its simple to manage that these days with minimal index fixes and using MariaDB to suck a bit more out of it for a low amount of money.

    The coding standards arent fantastic either, but again, there is nothing stopping you from writing better code than they have when writing your plugin or theme file and actually doing it the right way when working on WordPress projects.

    Just making excuses is not solving a problem.

    I agree there should probably be some better standards for the "Shop", but than again, its an open source project, anyone can write a plugin or theme without it going through the "Shop".

    Good PHP developers will see the problems and fix them the correct way, just because it says WordPress on the box doesnt mean we cant change it or code properly when working on it.
  • 1
    @Drmzindec

    Honestly at this point it feels much easier to write new one from a scratch rather than deal with refactoring big open source project.

    I started working as something along lines "wordpress malware cleaner", ive seen a lot of these really shitty codes, im fed up with it.

    Resources point is big, since its popular cms lot of people are using it on shared hosting. How much traffic you can push through wp, in shared enviroment? Ive seen shared 'servers' choke on 4-5 concurrent requests, each one took like second.

    Same server, purpose-build PHP application (ofc it will be at least few times faster, thats the cost of general purpose, but thats too much) no problem hit 100concurrent reqests, after that response time started exceeding 20ms. Ofc RAM usage is whole story in such comparasion. Yes, i know its very unfair one, but I seen CMSes that work much faster and are much less of resource hog. And I seen WPs that spam DB queries like mad.
  • 0
    @DubbaThony I've always said it would be awesome to have a new branch with a full recode of WordPress. But that's not currently where we are at, and with so many site running WP it's probably not changing soon.

    So coding better themes and plugins in the correct PHP standard is the solution and highly recommended. Of course there are better cms out there, but not with millions of users so making bigger changes are easier.

    When it comes to shared hosting and your WP is choking, than it's probably time to upgrade your hosting, which is a hosting problem not a WP problem at that stage.

    Good theme and plugins that is coded the right way won't cause these issues or have them as severely. People blame WP too quickly, and when looking at there code you can see why. A good Dev will also advise on good DevOps even when using WP, so again it's all up to the Dev and their experience.
  • 0
    @Drmzindec

    As I said, i started as wordpress cleaner, after some time, I tried to code something using WP, and doing it from scratch was much less hassle and worked a lot faster. Nowadays, when if I use homebrew framework which makes creating these much easier and faster (but costs me few megs of ram, and like 10ms of exec time) im still waaaaaay ahead in performance terms.

    And of course, of course. I could do wp plugins. But I simply dont have time for that. There are tons of users who dont know what the shit they are doing, but wordpress approach encourages it. They are people who will cheap out on hosting. I have VPS and it works wondera for my purposes, could go dedi but no such need for now.

    If you are good php dev, you just either donate time, or stay away from WP becouse you have better things to do. If you are forced to build on wp, well... Rough life.
  • 0
    @DubbaThony I understand what you are saying, but none of this is WP fault. Most of it is your experience. I still work on WP and write plugins and themes. All custom built for clients not shop based one that you can buy, and there is so much you can do properly and in half the time once you know what you are doing.

    Yes WP encourages it, but that doesnt mean you as a developer have to do the same thing, you get better eventually and and fix your mistakes.

    If you are a good PHP dev than nothing scares you, you dont just stay away because its too hard! That's a shit mind frame to be in and shooting yourself in the foot, millions of sites with millions of users with millions of dollars and you just go: "nah, its too hard". lol!

    I have clients switching from Django, Laravel, Joomla, Drupal and many more to WP, becuase its simpler to use and their staff prefers it. You can fix the performance issues, and the bad code.
  • 1
    @Drmzindec

    Im not fixing other plugins code, not my job.

    If the apeal of wordpress for me would be "well, i can allways fix someones code" than well, FML.

    Luckly, im now building things from scratch and maintaining them, and thats my job. No more fixing malware'd wp sites.

    Good dev will know what his time is worth.
  • 0
    @DubbaThony I didn't say fix other people's code, I said write your own better ones the right way. Just like you are doing now.

    The appeal is that there are millions of them so a huge client base, a huge amount of different solutions and a huge community.

    Ive only ever found malware on 2 sites in WP, it's extremely rare and again not a WP problem but bad coding or DevOps.

    Just because it was too hard for you and you have given up, doesn't mean many of us good devs have given up. Not your job has bought me a house, new car, pc's and other cool shit, so thanks for that.
  • 1
    @Drmzindec

    I could do it in WP. BUT that was wasting my time, and I had problems with bulk actions killing server due stupud amount of SQL queries executed
  • 0
    I could not agree with you more. It's the least intuitive platform. You make something to look one way, publish it, and everything is the opposite of what the draft looked like. Thanks for the post.
Add Comment