DEV Community

Discussion on: Are you really using WordPress template as a developer?

Collapse
 
kethmars profile image
kethmars

Though to add to my previous comment, I'd say Wordpress is a great tool because of it's huuuge ecosystem, many people already know about it's backend user interface and it's easy to build custom functionality.

As I don't have experience with Webflow, can't comment on that side.

Collapse
 
cwraytech profile image
Christopher Wray

Yeah, I agree that there are a lot of great plugins with WP. My concern is as a developer, I just can't recommend WP due to security concerns with easy to install plugins that could have issues. There are ways around that though.

Thread Thread
 
arberbr profile image
Arber Braja

Well same can be said even for JS based webapps. Every week Github notifies me to update my repos because some package on one of those apps has been updated because of an exploit/security issue.

I wouldnt blame WordPress as being insecure. WordPrees is not insecure by default. If developers decide to install nulled themes/plugins its their fault. If developers or whoever maintains the site never updates plugins or theme is not WordPress's fault for the site being hacked.

Basically put, in most of the cases its an external factor which permits a hacker to hack a website.

Usually its the devs fault, even when the dev uses a plugin he should need to know how to pick plugins. Ideally a dev should rarely need to install a plugin whenever the same thing a plugin does can be achieved in just couple hours of work.

Thread Thread
 
cwraytech profile image
Christopher Wray

Yes, I agree with you.

How do you normally pass off your sites to your clients? Do you just give them basic editor control in the WP admin panel, or do you give them full admin control?

Thread Thread
 
arberbr profile image
Arber Braja

It depends from the agreement/contract we make. In case the client wants to cut ties with me I prepare a document with info on how the client can do basic stuff on the site. I create a new user role with only basic capabilities (only what the client needs to have) and recommend the client to use only this user.

I do give the client the credentials of the admin user for sure too though since sometime he might need to have access and do something more.

In case the contract is for me to provide support for long term, I give the client only credentials of limited permissions user so he/she can add for example new pages/posts/events and prepare a guide how to do that.

Have created a template for this kind of stuff which I use for all clients usually.