|
|
|
|
|
|
by mgkimsal
73 days ago
|
|
|
Tangential rant about WP. Having got back in to some WP in the last year, the big thing that struck me compared to other framework/environments is... no... build step, or even plugin/module install step. Files are just there in the document root, accessible by default - the logic files are invokable and the asset files are reachable. Most other php frameworks will install a plugin/module outside the document root then have some sort of publish/install step that will copy assets to be publicly accessible as needed. No plugin logic files would be invokable directly from a URL. That one change would make a big difference, imo, but seeing so much of the last 15-20 years of WP involves helper functions to assumed paths, and default assumptions about assets and logic living in the same paths... I'm not sure the ecosystem could adapt or support an alternative approach at this stage. Might be wrong. It's taken me a while to put my finger on why the current situation encourages less-secure-by-default systems, and this is probably the biggest thing I've landed on. There are other issues, but these issues all help contribute to WP popularity in the first place... |
|
|