Wordpress is a bad joke

22.03.2009 11:25

I've written a little over 400 entries in my blog in the last four years. Now it appears like that's a bit more than what Nanoblogger can handle. It's taking more and more time to update the site and worst of all, I've been getting reports that the archive pages are badly broken.

I've first tried to fix Nanoblogger, but that's nearly impossible. Imagine 2500 lines of bash code, with functions that use global variables to pass data around and no comments.

Obviously it's time I move the site to some other software. In fact, if I've looked into the core code earlier, I probably wouldn't use Nanoblogger in the first place (the plug-in interface is relatively clean in comparison).

I played with the idea to write my own replacement for Nanoblogger, because I really like the idea of managing the site from a command line interface and having all my posts available in flat files. I even wrote some experimental code, when I figured that I'm just reinventing the wheel.

Colleagues at work suggested that I try Wordpress.

So I got a shared web host with Wordpress and started importing my data in it. I decided to write a Wordpress Extended RSS file containing all the posts and comments. There's no documentation for this format, but I managed to replicate it by example using a short Perl script and XML::Writer.

Well, it turned out all my imported posts came out of Wordpress garbled with line breaks inserted everywhere and worst of all, badly broken HTML (for example <p<br/>>).

Since I couldn't find a reason for that in my WXR file (it checked out as valid XML - I could hardly make anything else with XML::Writer), I started digging around Wordpress code.

First sign of trouble was when I stumbled upon the following function (wp-admin/import/wordpress.php:59)

function get_tag( $string, $tag ) {
	global $wpdb;
	preg_match("|<$tag.*?>(.*?)</$tag>|is", $string, $return);
	$return = preg_replace('|^<!\[CDATA\[(.*)\]\]>$|s', '$1', $return[1]);
	$return = $wpdb->escape( trim( $return ) );
	return $return;
}

Riiight. I guess nobody told Wordpress developers that the eighth circle of hell is reserved for people parsing XML with regular expressions.

Ok, but maybe I can forgive them one mistake. This is after all just code for importing entries that is used once in the life time of a Wordpress installation.

Still, their funny way of reimplementing a true XML parser wasn't the cause for my problems, so I dug deeper. Then I got to wp-includes/formatting.php and I didn't know whether I should laugh or cry:

$pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
$pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
$pee = preg_replace( '|<p>|', "$1<p>", $pee );
$pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
$pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
$pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);

and on for 2300 more lines like that. You can see where this is going.

This is code that gets executed for every piece of text that is posted through Wordpress. It's a miracle it works as well as it does!

This convinced me that going from Nanoblogger to Wordpress isn't that much of an improvement in regard to code quality.

And the third thing that makes Wordpress a joke is security. It's a little more than an afterthought. There's the wonderful security record of PHP written web applications and then there's the fact that there is no way to make Wordpress secure. Out of the box it doesn't even support SSL and the plug-in that adds support only does that for the page where you enter your password.

That's only marginally better than having no SSL at all. What good is securing the password entry page when all the administrative interface is getting sent in clear? Also, I find the practice of having code that is capable of modifying itself (by design!) very questionable.

If I would use Wordpress I could say goodbye to writing anything from events like the CCC.

That's it as far as I'm concerned about Wordpress. I'm never looking in that direction again.

I guess when everyone is rolling around on pentagons you sometimes have to reinvent the wheel.

Posted by Tomaž | Categories: Code

Comments

You mean pentagrams?

Pentagon, hexagon, whatever. As long as the reinvented wheel is a better approximation of a circle than the last idea.

Posted by Tomaž

Completely agree.

The only reason why I haven't moved from WordPress to something else is lack of time. I feel like an abused spouse that constantly suffers but I don't write often enough to find courage and time to break this painful cycle.

Thanks for getting this information out there!! What's worse than WordPress source code is how much it is revered throughout even the "professional" world.

Add a new comment


(No HTML tags allowed. Separate paragraphs with a blank line.)