Soldato
How on earth did you manage to make it so big with just 5 pages?!
Standard wordpress install is less than 20MB, it's hardly fair to call it 'bloated' when you've filled it up with 100MB of unnecessary stuff.
Is WordPress overkill for a simple static website?
- Thread starter asim18
- Start date
How on earth did you manage to make it so big with just 5 pages?!
Standard wordpress install is less than 20MB, it's hardly fair to call it 'bloated' when you've filled it up with 100MB of unnecessary stuff.
I have to admit, I've long been an advocate of WordPress (above) but recently I saw the downsides all to clearly when I was contracted to correct a couple of issues with a WP install.
Essentially one of their staff had been hired with "WordPress knowledge" and had been given the task of setting up an online shop for an individual. They had gone off sick for a couple of days and the company couldn't get in touch with the developer so they asked me to quickly fix a couple of issues regarding layout and design.
However, being the diligent person that I am, I did a full scale review of the site to understand what I was working with. Essentially, it turned out, that in addition to having a whole bunch of regular security flaws and complete lack of best practices, they were sending credit card details across the internet without any encryption.
The site had been live for two months.
With the right knowledge WordPress is incredibly powerful, it can be used to create fantastic looking and functioning sites that are easy to maintain and are incredibly flexible.
Unfortunately, in the wrong hands (as I've seen on more than just this occasion) they can be a minefield of bad, and genuinely horrific, practices.
I've long held the opinion that setting up a website, without expert knowledge, can be hard and quickly become a mess. But to set up a website with WordPress without these skills can easily become dangerous.
Essentially one of their staff had been hired with "WordPress knowledge" and had been given the task of setting up an online shop for an individual. They had gone off sick for a couple of days and the company couldn't get in touch with the developer so they asked me to quickly fix a couple of issues regarding layout and design.
However, being the diligent person that I am, I did a full scale review of the site to understand what I was working with. Essentially, it turned out, that in addition to having a whole bunch of regular security flaws and complete lack of best practices, they were sending credit card details across the internet without any encryption.
The site had been live for two months.
With the right knowledge WordPress is incredibly powerful, it can be used to create fantastic looking and functioning sites that are easy to maintain and are incredibly flexible.
Unfortunately, in the wrong hands (as I've seen on more than just this occasion) they can be a minefield of bad, and genuinely horrific, practices.
I've long held the opinion that setting up a website, without expert knowledge, can be hard and quickly become a mess. But to set up a website with WordPress without these skills can easily become dangerous.
WordPress is overkill for pretty much everything these days.
The beauty of WordPress is that it allows people who aren't developers to create websites with functionality that would normally require knowledge of coding, the plugins are much less flexible and often don't follow best practices but neither does WordPress either.
I'd only use it if a client requested it, otherwise it is better to do everything by hand, eCommerce sites included.
The beauty of WordPress is that it allows people who aren't developers to create websites with functionality that would normally require knowledge of coding, the plugins are much less flexible and often don't follow best practices but neither does WordPress either.
I'd only use it if a client requested it, otherwise it is better to do everything by hand, eCommerce sites included.
I agree with this, also seems like people have no respect for web designers & developers.
(A lot of people seem to think webdesign/development/deployment is just point and click)
I think this is really one thing that ultimately leads to problems.
It's like people who install linux on servers using a howto guide. (it's fine until it breaks and they have no clue why it broke or how to fix it)
I've had to fix websites where people have had really poorly programmed wordpress plugins. (so many are where the 'developer' has bought a template & just installed plugin after plugin)
I even had one site which had a excel spreadsheet with server credentials on. The site got exploited due to wordpress & led to them having to reset passwords across all of their infrastructure (VPNs, servers, firewalls etc)
That was the scary part actually because at first I thought it had been missed as well. So, in addition to simple design stuff specifically what I had been called in to look at was some of the PCI standards that SagePay were requesting they look at.
On the list was simple things like "make sure cards types accepted are on homepage" and "basket must show total including postage before payment confirmation" but no mention of the lack of SSL on the checkout.
At first I thought there was something clever going on in the background that I wasn't aware of, but a quick test transaction with Firebug running and I could see the card details clear as day.
It's hard to know because the person that created the site did so without supervision, left no documentation and was fired without returning from being off sick (only emailed in 5 working days after first day off - not sure on specifics after that)
Saying that, after the initial shock and rush to implement SSL, from what we could gather from her work email:
1) The checkout went to SagePay pages originally
2) SagePay did a PCI check and issued the requested changes
3) The client asked that the checkout be changed so that they stayed on their website
4) The developer changed the integration so that it did this
5) She went off "sick"
So essentially the PCI check was done before the change was made. But that change looked to have been made pretty much the same day, or day after, the PCI check.