There be dragons

I should subtitle this “a snarky developer talks shit about other developers”.

One of my WordPress rules is that I keep plugins to a minimum. Hell, I just blogged about a plugin that I released – it’s currently one of three plugins installed on my website.

I keep my plugins to a minimum for a few major reasons. The first is that WordPress itself is fairly secure and when WP sites get hacked en masse, it’s usually a plugin’s fault. The second is that honestly, I think WordPress gives theme/plugin developers way too much control to hook into how the CMS itself runs.

The second point is a problem because honestly, there are some really shitty developers out there. And, in my experience, the shittiest developers I have ever met are WordPress developers. I’m not saying that all WordPress developers are shitty. Far from it – I know some very talented WordPress developers. Just…there’s a lot of opportunity in WP and opportunity breeds shitty competitors.

Case in point – my recent foray into finding a plugin to run a search and replace on my website. One of my quirks is that I always take a look at a plugin’s code before I run it. I don’t claim to read and grok every single line of every single plugin, but I like to look for monstrosities.

One of my favourite strategies is to pull down the zip file, crack it open and search for wpdb. The wpdb class is useful when you develop plugins, but it’s also one hell of a good way to figure out how much a developer knows about WordPress. For example, if you ever see anything like this, don’t install the plugin:

$results = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}posts WHERE ID > 0" );

There are a few problems with this statement. The first is that the WHERE clause is redundant – the ID field auto increments so saying WHERE ID is greater than zero is saying the same as:

SELECT * FROM {$wpdb->prefix}posts

But second, what about get_posts() in simple situations like this or wp_query in slightly more complicated ones? Why reinvent the wheel and rewrite functions that the framework already has?

Maybe you are reinventing the wheel for good reasons. Maybe you need to pull of a very complicated query but performance is of the essence so you want complete control. Or, maybe your plugin needs to create a custom table.

But when a developer writes a SELECT statement instead of using a built in WordPress function, it makes me wonder how much they know about WordPress. Do they know that the function exists? If they don’t, what other WordPress knowledge are they missing?

WordPress is a huge system with lots of gotchas. There are lots of areas where ‘local knowledge’ can prevent disasters. When I see developers writing simple SQL statements (especially with redundant WHERE clauses), I worry they don’t have that local knowledge. And that scares me because plugins get first class access to the entire content management system – they ultimately operate as whichever user owns your server process…

Leave a Reply

Your email address will not be published. Required fields are marked *