Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’ve got a lot of clients with WordPress sites and this hasn’t been the case for a very long time - the only exception being poorly written 3rd party plugins.

Current generation WordPress regularly updates automatically with no issues, and I’ve seen no incidents with security updates for PHP either.



>the only exception being poorly written 3rd party plugins

Unfortunately you need several of these to make any web site plus a theme, so yes, it happens.

If you have so many clients you know it well that you can't upgrade from php 7 to 8 without the site crashing. Well, unless you are really lucky.


Did you just create this new account because your previous accounts were banned for posting racist, transphobic, and sexist shit, lies, and conspiracy theories, yet you're continuing to post racist, transphobic, and sexist shit, lies, and conspiracy theories from this new account? Didn't you learn anything?

https://news.ycombinator.com/user?id=veave

https://news.ycombinator.com/item?id=37245819


>you know it well that you can't upgrade from php 7 to 8 without the site crashing

This is not unique to WordPress, this is how most any software running on an interpreted language would behave if you updated the interpreter by a major version and did not update the software to a supported version.

Major version upgrades in PHP are the only time BC breaks are allowed, for example.


Wordpress does very well on motte and Bailey - the core is performant and secure, but if you try to do anything with just core, you’re told to install any number of (quite good mind you) plugins.


Most of the time you get a new client and they have a website with a theme and plugins that haven't seen updates in years because the authors abandoned them. You have to constantly fix them. Even if you create the website yourself you really have no way of knowing for how long it will be supported, and even then, you are not going to do a complete security audit of the codebase.

For example because of latest updates to PHP 8 they have deprecated the $var{key} syntax - who the fuck uses that?! I did not even know it existed until some of my clients' websites crashed after I updated PHP.

It's an absolute minefield since we moved on to the PHP 7 branch. I am glad for PHP because the language sucked before because of how lenient it was. But it creates a lot of work for me.


Oh, certainly. The number of client websites I’ve seen with strange custom themes is way too high (I’ve seen one, and we were the client apparently).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: