I recently had the opportunity to join a great group of people building websites using the CodeIgniter framework. After building websites with WordPress for several years I was looking forward to learning a new framework and was interested to know how it would compare in both speed of development and quality of the Website build.
It is important to note that CodeIgniter is not for beginning web developers. The CodeIgniter framework requires significant knowledge of PHP, javascript, mySQL, CSS, and html. Knowledge of application architecture is also required for best performance and scaleability.
For websites that have low traffic volume and for which high speed response times are not critical, WordPress can not be beat. It’s ease of installation and user friendly updates are great for the beginner to intermediate web developer. When the correct method for making customizations is followed, WordPress can be a very effective and competitive framework to use. (this website is WordPress)
When using WordPress for enterprise level web applications, WordPress becomes more of a PHP framework that is customized similar to any PHP framework. Developers dissect the application and use only in house plugins and themes that are streamlined for the specific application. This improves the efficiency of the application and removes all the unnecessary code bloat and bugs that come with third party plugins and themes. The core files are not altered and major core updates can still occur.
When a developer has reached the need for this level of sophistication and customization it is time to question whether WordPress is the best framework to use. Since the developer is no longer using the things that sped up development (namely third party plugins) why not consider using a framework that is truly light weight in structure yet provides all the necessary classes for building a truly performant application?
The main reason this does not happen is the organization has built in-house “plugins” or codes snippets that speed their web development process up. Copying large sections of code for reuse is common practice in all types of application development and web development is no different. When an organization has built a large in house library using one framework, the upfront cost of starting over with another framework seems too great.
It is this cycle that causes an organization to get stuck in one framework. If the organization has started small using WordPress and grows into needing to providing high performance, scalable web applications it may run into problems making the transition to large scale enterprise level web applications as the cost of a transition is seen as too high. Not wanting to spend the extra money on sophisticated developers or take the time to learn a new process.
In the end my experience with both WordPress and CodeIgniter has led me to believe the best choice depends on your clients needs (go figure?). WordPress is slow. Too slow for enterprise level websites out of the box. It is perfect for low to medium traffic web sites and keeps build costs low initially.
While WordPress is used by many enterprise level web sites the level of necessary customization to reach acceptable performance levels is on par with any other framework. So for the enterprise level website my vote goes to CodeIgniter.
It is important to keep your WordPress installation updated for many reasons. Security is at the top of the list. Updating your plugins, themes, and core files to the latest versions is the best thing you can do to avoid security problems with your website. In fact having your website fully updated is the single most important factor in preventing malicious activity.
WordPress comes with a feature called automatic updates built in. When you first install WordPress minor core automatic security updates are set by default. This means that any updates to the core files of WordPress will be automatically updated when they are released. This is a great for security reasons and peace of mind. If there is a security patch released the patch will automatically install without you having to do anything at all.
The default automatic updates are only the bare minimum of what is possible with the WordPress automatic update options. There are other update features that come with WordPress that are not turned on by default. You can turn these on programmatically or you can download a plugin that will allow you the flexibility to set all the options available. The program I wrote and use is called L7 Automatic Updates.
L7 Automatic Updates allows you to choose which plugins you want to update and which ones you don’t. This is a handy feature that I use on many sites I have inherited.
Keeping all of your plugins, themes, and core files updated to the latest versions not only keeps your site running smoothly, it is the greatest security measure you can take.
Filter hooks do exactly what the word sounds like they do, they remove or change material (filter it). They take an input and ‘filter’ it through the hooked function which returns the filtered input. You can hook your function and change the text of a post before it goes into the database or at different hook events throughout the websites execution.
Filter hooks sit at certain execution points either going into the database or being output to the browser screen. A list of all the available WordPress filter hooks is available here.
The WordPress codex shows the add_filter function as follows,
|
1 |
add_filter ( 'hook_name', 'your_filter', [priority], [accepted_args] ); |
Here is an example of a filter I used in my plugin L7 Login Customizer. I use the add_filter function in the constructor of the plugin’s main class, I have to use the
|
1 |
array( $this, 'l7wc_logo_link_change') |
because the function I am hooking is located in the same class.
|
1 |
add_filter( 'login_headerurl', array( $this, 'l7wc_logo_link_change' ), 15 ); |
The function l7wc_logo_link_change is now connected to the login_headerurl filter hook. Now when the login_headerurl filter hook is executed my filter function will filter the data which in this case is the logo link url and change it to the new url. There could be more than one filter hooked to the same filter hook. The ‘priority’ argument decides which filter goes first. Lower numbers are executed earlier.
The l7wc_logo_link_change function is here,
|
1 2 3 |
function l7wc_logo_link_change(){ return $this-l7wc_default_settings( 'link_url' ); } |
Notice that this function does not take an argument to filter. This function simply returns the value set in the settings array with the key ‘link_url’. We could change this function to look like this,
|
1 2 3 |
function l7wc_logo_link_change( $input ){ return $input . 'something'; } |
This would return the default WordPress link URL with the word ‘something’ appended to it. Of course this link would get a 404 but it is a good example of how this works.
For filters you find the filter hook that executes with the data you want to change and hook your function to it. Take the input, do what you want with it, and return it.
A CMS is a “Content Management System”. A content management system creates an interface that a person uses to build or manage a website without having to know any code. It allows the user to login from a web browser and make changes to the website like adding pictures and making text changes. Depending on the system the level of customization can vary. It can be easy to change the font size, colors, and many other design options.
There are three popular open source CMS systems available today (there are others less popular). Drupal, Joomla, and WordPress. Wordpress is the most popular system in use today with over 24 million active websites. Around 24% of websites using a content management system use WordPress. These CMS systems share a common model. They all use “Themes” which provide page designs for the user and “Plugins” (WordPress), “Modules” (Drupal), or “Extensions” (Joomla) that extend its base functionality. The user adds personal content into the template to create the website. Using a CMS a person can build a simple website without knowing any code at all.
Once the user has learned how the system works they are able to upload images and change text easily and from any major web browser. The CMS also speeds up the creation of a website by using page builder systems. That can divide and place content quickly and easily. Page templates can be used and plugins can be installed to further customize the site.
A proper CMS system can save professional web designers many hours of coding by providing the frame work of things common to all websites. For a person who doesn’t know any code at all it gives them the ability to create and publish great looking websites.
Security is a complex topic. There are many different ways a would be hacker can compromise a website. Often the server on which Wordpress is installed has been compromised. On a shared server environment this can lead to many websites being “hacked”. This can be hard to detect and often hosting companies will not disclose this kind of information because it affects their reputation.
The most common reason for a WordPress site being “hacked” is an out dated version of the software. With version 3.7 (currently 4.3.1) came automatic updates. Wordpress has settings that allow you to choose what level of automatic updates you will allow.
There are four levels of automatic updates:
“By default, every site has automatic updates enabled for minor core releases and translation files.” WordPress codex.
For people who are not comfortable editing the config.php file in a WordPress install it is best to install a plugin to make changing the settings easy for you. The plugin I use is called L7 Automatic Updates. It is a free plugin that provides all the options a regular user would want to use.
With your site automatically updated to the latest version of WordPress your website is secure. When the next bug release or security flaw is discovered your site will be protected as soon as the patch is released.
WordPress is an open source project which means that the code that runs it is freely available to scrutinized by everyone. At first this may seem like a bad idea because you are exposing the inner workings of the system to would be hackers. But it has been proven that this kind of exposure lets the code be inspected by many, many people who can and do report their findings to the WordPress organization, which creates a patch and can deploy it in a matter of hours.