Programming is the are, science, and study of writing computer software. Programming, particularly for the web, is one of the key services offered by Reich Web Consulting.


Be a Web Developer Not a Plugin Installer Masthead

Be a Web Developer. Not a Plugin Installer

WordPress is my CMS of choice based on it’s simplicity, extensibility and the variety of plugins and extensions. Given it’ popularity, I’m not the only one.

But I’ve been stepping out on my lady. I’m working on a project in which the client chose the platform before I joined the team because it provided key features and it’s stock theme roughly matched their mock-ups. The choice to use third-party code led to missed deadlines, scope creep, and scrapping features because the platform isn’t easily extended. (For the record, WordPress would have been a terrible choice too.)

We’ll never know if it was the right decision, because the project will launch duct-taped together. This project wasn’t built on WordPress. So why am I talking about it? If we abstract away the technology there is an important lesson to be learned about what it means to be a web developer.

Hold Yourself Accountable

Developers are responsible for the code they sell to clients, not just the code they write. Our clients trust us to make good decisions on their behalf, and we often take that trust for granted.

We shouldn’t expect a client to understand the difference between our code and third-party code. If we choose to use plugins to build a solution we take credit when that choice results in success. Yet when the extensions we install (plugins and themes) lead to failures like hacks or broken updates, we’re perfectly willing to absolve ourselves of responsibility. It’s not our fault! It’s the plugin!

Who made the decision to install that plugin? Are you a web developer? Or are you just a Plugin Installer?

Be a Web Developer. Not a Plugin Installer

Choosing to install a theme or a plugin should not be a careless act. Perhaps we’ve stopped thinking about it because WordPress has made installing them so easy. Many developers approach plugins with a cavalier attitude and don’t consider the consequences of blindly installing third-party code that could do just about anything intentionally, accidentally, or through a hacker’s exploitation.

Plugins: WordPress’ Double-Edged Sword

Plug-ins made WordPress successful. So how can we leverage the massive library of free and paid extensions while minimizing our exposure to the problems they can produce? Here are a few questions to ask yourself to avoid installing bad plugins.

1. Did you pirate the plugin?

If you pirate a WordPress plugin, shame on you. People who make things for a living shouldn’t be comfortable stealing other people’s creative works. It’s really that simple. Besides: installing plugins from pirated sources is a recipe for disaster.  Pirated plugins often come with exploit code baked right into them. Their backdoor isn’t technical: it’s exploiting your cheapskate nature. Just. Don’t.

2. Does the plugin come from a trustworthy source?

There are a ton of sources for WordPress plugins on the Internet. The official WordPress Directory for example. It should go without saying that you shouldn’t install plugins and themes from disreputable sources. Don’t shy away from premium plugins from foundries like WooThemes and developers that sell their work via CodeCanyon, but research them before you install them.

  • Consider plugin and theme ratings.
  • Read user reviews
  • Check the plugin’s update history to make sure the developer is dedicated to maintaining it
  • Look for third-party information on whether or not the plugin has been hacked in the past

3. Do You Really Need a Plugin?

We’re web developers, right?

So why do we feel like we need to introduce other people’s  code into our sites just to add social sharing buttons, insert a tracking code, or add an image slider? If you can’t do these things for yourself, you’re not a developer. You’re a plugin installer.

Plugins make some tasks so easy we take them for granted.   But it’s important to remember that every time you install a plugin you introduce another potential vector of attack and another thing  that needs maintained forever.

Sliders are a great example.  Everybody wants a slider (though their value is dubious). Most of us simply install one of the many popular slider plugins and get on with our day. But slider plugins have been particularly vulnerable to attack. The incredibly popular Slider Revolution plug-in has been a very popular hacking target in the past.

So ask your self: do you need that slider?  Does the client really need to maintain it from the WordPress Dashboard? If not, it’s a prime candidate for skipping a plugin, and writing a few lines of JavaScript that won’t get your site hacked.


These lessons aren’t specific to plug-ins. They’re not specific to WordPress. Heck, I’m not even sure they’re specific to web development. As professional problem solvers we need remain conscious of the individual parts we use to build our solutions. Don’t Repeat Yourself, and Don’t Reinvent the Wheel. These philosophies remain true.  But don’t be afraid to build better mousetraps, particularly when the current design has a history of failure.

A Reponse to “Web Programming is Hard!”

This article is a response to a blog post titled “Web Programming is Hard!” The author expresses her frustration at being denied interviews for web programming jobs because she comes from a desktop/embedded system development background.

Let me tell you a little story that may make you feel better about the difficulties of web programming.  I work at a school, and about a decade back (before I was hired) they commissioned a programmer to build a customized student information system.  You couldn’t meet a nicer guy, but he was an engineer who followed the money into Visual Basic development.  He’s a smart guy, but originally not a programmer by trade or training.

About four years back they reached the limitations of that program.  More people were using it over wireless, which caused the Access database on which the VB front-end relied to become corrupted.  It began getting slower.  His programming relied on a separate program that ran continuously on a server to calculate grades.  On top of that, some of the VB 6 controls have nasty rendering issues on Vista and Windows 7.  It was time for a rewrite.

The requirements set forth for this new application were, 1. It must be web-based, 2. It must use a full-fledged RDBMS (SQL Server was chosen), 3. It must have a parent module they can access from home. The programmer, having never developed a web application in his life, decided on a set of technologies he’d never used: C#, ASP.Net, Silverlight, and IIS.

It’s four years later and we don’t have a web application.  The desktop application we do have is alpha at best, still doesn’t have all the features of the original, doesn’t have a parent module, and requires me to install about 5 libraries (requiring 2 reboots) before I can install it.  The only requirement that was met was to use SQL Server, and we’re a little leary of that because he couldn’t make his program work without admin rights to our entire SQL Server. The only reason the project continues is because certain stakeholders feel too invested to throw in the towel.

This is the story of a perfectly intelligent man who bit off more than he could chew and failed to understand one simple idea: web applications run in a browser.  Web development is different.  As others have said, it’s not any more or less difficult than desktop development, but there is an entirely new set tools, requirements and obstacles that you need to understand going into it.

Even if you consider yourself an expert in other forms of programming my recommendation isstill  to start with HTML.  HTML is just markup and no logic (just like XML, it applies structure and meaning to data), so it’s generally easy to pick up.

Then learn CSS.  You don’t have to become an amazing designer, but understand positioning, the box model, and font sizing, before you move on.

Next learn JavaScript, and make sure to add jQuery or another framework to your toolbelt! It wasn’t so long ago that you could develop a successful web application with little to no JavaScript, but that’s not the case anymore.  JavaScript is an integral building block of the present and future web. Make sure you have a good understanding of JavaScript’s types (everything is an object), JavaScript scoping issues, closures, JSON (JavaScript Object Notation), and Ajax.

Once you have a good grasp of the client side, then pick a server-side tool, whether it be ASP.Net, PHP, Ruby or Java. Then start small.  Even if you already know the language from a desktop development standpoint, write a program that outputs a “hello world” HTML page first.  You can write the next Facebook tomorrow!