back to article WordPress 4.9: This one's for you, developers!

WordPress 4.9 has debuted, and this time the world's most popular content management system has given developers plenty to like. Some of the changes are arguably overdue: syntax highlighting and error checking for CSS editing and cutting custom HTML are neither scarce nor innovative. They'll be welcomed arrival will likely be …

  1. Pomgolian
    FAIL

    But...

    ... still the same vulnerable-by-design database layer shite that does not support parametrised or prepared queries which have been around for decades. Maybe by the time Wordpress 6 comes around they might actually fix that, but I do not have the lung capacity to endure the wait.

    1. Anonymous Coward
      Anonymous Coward

      Re: But...

      Aren't you supposed to work around that by only using wordcyst for JSON output and having an entire complete layer of frontend formatting in $buzzword, preferably clientside JS? I'm sure that's what they'll tell you. (I know that's not a fix for your problem. When was a vendor's reply ever an answer to your question?)

    2. Tim Brown 1
      1. Pomgolian
        Boffin

        Re: But...

        Oh, you'd think so, wouldn't you?

        But read this:

        https://www.theregister.co.uk/2017/10/31/wordpress_security_fix_4_8_3/

        and

        https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

        and then go and find a CMS that actually does walk the walk.

  2. Anonymous Coward
    Anonymous Coward

    Still not as good as Hugo.

    1. bombastic bob Silver badge
      Devil

      I just hand-edit everything with pluma, use a private github repo to transfer to the production site by doing ssh into the web server and 'git pull' and do whatever fixin' needs to be done on the web end afterwards. Actual development happens on a development box Works fine, and seems pretty secure.

      who _needs_ something like WordPress?

  3. wiggers

    Comments on images still there

    The code in images.php had an unconditional comments call, which you had to delete to disable comments. Now there doesn't appear to be an images.php file and still no way of turning off comments on image pages.

    1. This post has been deleted by its author

  4. Barry Rueger Silver badge

    The Heroin of Web Design

    Recently had to whip up a quick emergency Web site. I chose WordPress because I figured it would be fast and easy. And it was.

    After many years away from WP, I'm reminded why I avoided it for so long.

    Installing and dumping in page contents is quick, but when you start trying to do anything more elaborate you find yourself diving down the rabbit hole of (mostly ugly) themes, (often half-baked) plug-ins, and (untested or out of date) CSS hacks.

    Very soon you've wasted invested enough hours that turning back seems impossible.

    The absurd thing is that if WordPress just offered a product that created a web site and not a blog they would wipe the floor with "big" guys like Joomla and Drupal. Sometimes you just need a half dozen mostly static pages. WordPress should do that, but it always seems to be a battle.

  5. ecofeco Silver badge

    Anything will be an "upgrade" to the admin panel

    Wordpress has to be the platinum standard is shitty fucked up admin control panels. It's about as intuitive as anything can be that suffers from recto-cranial-inversion and has the fine control of a wrecking ball.

    So anything will be an improvement.

    Well, maybe.

  6. Guus Leeuw

    Bad bad bad

    Dear sir,

    The English in the article is appalling.

    Is it that you guys just write things and hit the publish button?

    I thought so.

    Regards,

    Guus

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019