3 • 27 • 18 natesymer
I don't hate WordPress. Sure, there are aspects of it that suck, but any platform has similar limitations. For most sites, WordPress would be suitable - especially if you intend to do something simple. I'll take a look at performance, security, data organization, and developer productivity.
Any web platform will have performance drains. Scripts have to be loaded, processes need to be loaded into memory, OS calls need to be made, etc. The only platform that I know that doesn't suffer from 66% of those is Haskell (this site is Haskell) because Warp is optimized to use as few OS calls as humanly possible and nothing has to be compiled/loaded at runtime.
Most (robust) scripting languages will have some kind of bytecode, and depending on the language, this might be able to be cached. Have you ever seen the __pycache__
directory in a python project? That's what that is.
PHP is no different, except the caching mechanism is a little more... obscure. The Zend OpCode cache or Alternative PHP Cache (APC) is buried in the obtuse php.ini file and, depending upon how you deploy your PHP code, may be disabled by default. The Zend OpCode cache is also not "Free Software".
WordPress also has another flaw: it loads everything from scratch each time a request is processed. Frameworks like Django or Rails pool database connections (this site does too) because connecting to a database is slow. This is not something PHP does. Also, plugins (need I say any more?).
Another problem with WordPress is that it can be extremely chatty with the database. The abstractions that provide the configurability WordPress is known for require lots of options to be stored, data is stored across multiple tables, and WordPress loves to eager load options. With a real web framework, None of those things ever happen; At most, you'd use a couple queries to load exactly the data you need and no more.
But neither flaw is too heinous. If you put a website in a production environment, you should be using caching. This includes caching query results, external REST API calls, and expensive computations. You should also be caching pages if you're not using a Single Page App (SPA) architecture, and JSON REST responses if you are. Given the presence of caching for those things, does it really matter if you're using WordPress or a fast web framework? No. The cache is really doing the heavy lifting here, and it's the same regardless.
WordPress also drops the ball on security. Many plugins are beyond insecure, many of them skipping the sanitation of user input. But is this too different from using a library from gem or pip? Not really, many have the same issues. I guess you could quibble about the quality of WordPress plugins used by hobbyists and small design shops versus the high quality libraries written by Facebook or Google, but a large portion of django or rails (or node) sites use sketchy libraries too.
WordPress really does take a face plant with data organization. Everything is a post, and custom data is completely unstructured. There is no real unifying ORM to speak of (although I'm sure there is a plugin that attempts it) that works for both posts and postmetas. The problem with WordPress is that once you start using it, your data is hopelessly stuck in it. You'd have to get extremely creative and sanitize a lot of postmetas to start being able to restructure your data and remove dependency on plugins. Good luck.
Real web application frameworks do a much better job with developer productivity (and sanity!), providing you with well-structured data and real ORMs to access/manipulate the data. The sacrifice of such things makes it harder to write secure, stable pages or endpoints in WordPress. WordPress/PHP developers (the term is almost a joke!) need to write in more sanity checks, string coercion logic, and fallbacks - But they need to write much less code overall.
While WordPress isn't the best tool, it will suffice for a surprising amount of websites. It's great for people with little software engineering experience. But you really should use something like Django, Node, Rails with a React or Vue.js frontend. Those tools allow for faster sites, and sometimes (like with Django) come with robust admin panels.