A while ago I decided I wanted to create a separate blog style site for my photography. So I purchased a new domain and started looking at how I wanted to present the content. WordPress would seem to be that logical choice as I already use it for this site, its well established and there’s a ton of themes and plugins for it. But then I thought about it a bit more.
Why not WordPress?
So why not go with WordPress? Well the more I tried to make what I wanted, the more I realised that WordPress just didn’t cut it for oh so many reasons. Before I get my rant on I should point out that for this site and others I’ve been very happy with WordPress and barring any major issues will probably continue using it for the foreseeable future. But for this next project I decided against because of a few reasons.
I like WordPress but over the last few years it has become clear that PHP totally and utterly sucks. It’s poorly designed, awkward as hell and allows for the creation of some of the worst coding known to man. I’m not going into detail why here as many people have covered these reasons time and time again.
Yes I can already hear the PHP true believers getting ready to trot out the “Not All PHP!” line as they declare the upcoming PHP 7 to be the best thing since burnt toast and will solve all known PHP problems forever. But here’s the thing, while PHP 7 might deliver on all these promises it is going to take a long, long time before a majority of web hosts give a crap. Hell a lot of them still aren’t even running the most recent stable versions of PHP 5.
So by necessity for maximum hosting compatibility WordPress is likely to stay PHP 5.2 compatible for a while to come which means a bucket load of legacy code, cruft and headaches which will hang around for years yet. Even if WordPress core did become PHP 7 clean, the various themes and plugins will have their own lag time for catching up.
To be clear here not so much the security of WordPress core which in my own opinion has done a pretty reasonable job of cleaning up their act and keeping the core clean of any completely brown pants exploits. Add to this the entirely sensible change to get the core and components to auto update and you have a pretty decent equation for keeping things reasonably secure.
Plugin security on the other hand, well, its remains pretty damn crap. Particularly photo gallery related plugins that generate thumbnails as they tend to rely on PHP libraries with utterly atrocious security history, poor file handling logic and when you start digging through the code some amazingly poor assumptions about host security setups.
Oh and lets not forget the utterly cavalier approach to security that some of the plugin developers and WordPress users seem to have with instructions and forums littered with solutions such as “just chmod 777 the directory” to resolve issues that then open the sites up to being owned within minutes. All in all I have not been impressed by the security history of PHP or WordPress plugin developers.
This one is going to sound a bit off but stick with me. Yes WordPress has a well defined and powerful theme system and partly therein lies the problem. Much like the rest of the WordPress core a lot has to be done to maintain backwards compatibility and even developing a “simple” theme starts to get complicated really quickly. Even if you do find a theme you just want to tweak, the procedure (at least in my mind) was incredibly frustrating.
So If Not WordPress Then What?
I am not by my background a programming person but over the last two years or so via my work I’ve been exposed to, and built web sites with, the python Django Web Framework. I found Python easy to pick up and write and Django to be something even a reasonably novice programming such as myself could get a grasp of.
It has an impressive amount of support and utilisation as well as one of the most sane set of default security implementations I’ve seen in a web development stack. So given all the effort I had put into learning for my work time I decided to branch out and utilise it for this personal project as well and started building my own site.
Re-inventing The Wheel?
So at this point I expect half a dozen people to point out both Python and Django suck in their own ways which is definitely true for a value of suck. Furthermore I’m then expecting people to point out that I didn’t need to build my own Django powered blog type site when there’s a bunch of establish projects I could have used like Mezzanine or the newer but impressive Wagtail.
But much like WordPress they were so feature rich that they seemed like total overkill for the site I had in mind and besides what I really, really wanted to do was a side project that would keep my brain engaged. Merely setting up the site wasn’t going to do that.
A Learning Exercise
So I stood on the shoulders of giants and learnt. I browsed through various Django powered blog apps and saw how they did things. I looked under the hood of the logic used by WordPress and other blogging platforms and picked out what I wanted. I then stripped it right back to the basic needs that I could start the site with and build on later.
Having recently moved a lot further out my commute time had expanded significantly which I figured out provide a good opportunity to do something useful. So I purchased a cheap little notebook, a HP Stream 11. I normally avoid HP like the plague and this device is really more aimed at kids but it was cheap (sub $300 AUD) and had more than enough grunt to handle web browsing, an SSH terminal and the Sublime text editor.
Over a period of a few months I slowly built the system that would run the site during my commute and on the weekends. Between the little notebook computer and my at home desktop I think I’ve managed to build something fairly reasonable. It’s still a work in progress and there are some bugs (the responsive design is.. well not quite properly responsive yet) but all in all I’m happy enough to launch it and keep making iterative changes.
So is my code that runs the site good? Probably not all that nice but it does work and I’ve tried to keep it clean as possible. I made a few rules in building the site:
- Python 3 all the way
- Running using nginx (all my prior experience was Apache)
- Clean HTML/CSS – Keep it small and simple
- Try and build it first, fall back to add ons only if required (or the cleaner option)
- HTTPS to be used and utterly enforced
As time goes on I’ll be adding to the code base of the site, cleaning up my mistakes and learning as much as I can. As it is simply doing this project in my spare time has helped me identify some deficiencies in my work projects which I can now loop back to and fix up using the knowledge I’ve now acquired. Most of it isn’t stuff I’ve done isn’t wrong per se but rather now I can see there are better ways to achieve what I wanted to do.
Back To The Photography!
So yeah I’ve built a thing, and now its time to use that thing for what it was built for. We’re heading into spring now, I’ve got a few photography trips and projects planned and I’ve set myself the goal of posting at least one photo a week onto the new site. Huge KPI I’ve set myself there I know but I’ve kind of let my skills in photography degrade for a while now and I want to slowly ease myself back into it. Now I have a purpose built site to achieve just that I can’t just let it sit there!