
Our Director of Engineering on the new Wired.com - altern8
http://wired.com/2015/03/wired-dot-com-from-the-devs/
======
falcolas
As someone who has just spent the last two weeks attempting to secure and
standardize a WordPress install, my sincerest condolences to Wired's system
administrators.

WordPress has achieved the complexity promised by Zawinski's Law, and is a
true nightmare to attempt to secure. Not only do you have software which
writes its own full URLs (including the scheme), you have software which
checks and optionally triggers a built-in cron with every request, one PHP
file which rules them all, an average of four cookies for every visit (which
messes with some caching attempts), a mish-mash of JS and CSS files, static
assets spread throughout the wordpress base, every plugin, and every theme,
executable PHP in the DB...

It can even install its own plugins, if you give it the credentials to FTP to
the server which hosts it.

I'm glad this project is nearing its completion. The promises made by
Wordpress to content creators is backed by the nightmares of system
administrators.

Zawinski's Law: “Every program attempts to expand until it can read mail.
Those programs which cannot so expand are replaced by ones which can.”

EDIT:

Dear WordPress Sysadmins:

You still have some work to do in securing your site. For example, I can tell
just from your headers that you're running on Apache 2.4.6, on PHP 5.6.6, and
using Varnish 4 as your caching mechanism from your somewhat verbose headers.

Good luck!

~~~
romaniv
While I agree with the overall assertion that Wordpress is ridiculously
bloated, slow and insecure, a lot of the specific things you mentioned have
nothing to do with it and actually are pretty sensible features for websites
of a certain size.

For example, the built-in Cron thing is invaluable for smaller shared hosting
installations, which do not allow you to schedule actual Cron jobs. Moreover,
it allows you to copy Wordpress (or unroll if from a database backup) without
having to worry about recreating those Cron jobs.

Not everyone has root access to their hosting. Heck, not everyone has shell
access to their hosting. Even people who do do not always have time and
expertise to set up, maintain and use Docker/Puppet/openVZ or whatever you use
for sysops.

 _one PHP file which rules them all_

What do you mean?

~~~
smacktoward
He/she is referring to WordPress' use of the Front Controller design pattern
([http://en.wikipedia.org/wiki/Front_Controller_pattern](http://en.wikipedia.org/wiki/Front_Controller_pattern)),
which of all the things about WordPress you could choose to hyperventilate
over seems like a strange one to go with.

~~~
kmz
Isn't this a decent amount of PHP frameworks? I mean taken from the Wiki link;

* MVC frameworks written in PHP. For example Yii, CakePHP, Laravel, Symfony, CodeIgniter and Zend Framework

* Drupal

* Microsoft's ASP.NET MVC Framework.

* Spring Framework

* Cairngorm framework in Adobe Flex.

* Yesod web application framework written in Haskell.

So is this a knock on WordPress, or any application that uses the Front
Controller Pattern

------
jfc
As a developer who spends 90% of my time on WordPress, I'm really glad to read
about this.

WordPress is a great way to organize content on the web and has a robust
developer community. It's always improving. Love it!

------
ebbv
Here's a talk from WordCamp 2014 about (at least part of) this:

[https://wordpress.tv/2014/11/01/kathleen-vignos-
migrating-17...](https://wordpress.tv/2014/11/01/kathleen-vignos-
migrating-17-wp-blogs-on-wired-com-into-one-wordpress-install/)

------
josefresco
Some more information for the curious:
[http://builtwith.com/wired.com](http://builtwith.com/wired.com)

Their theme is called "Phoenix".

Being a "small time" WordPress developer I'm always fascinated by "big media"
implementations of WordPress, and their decided upon hosting/server setup.

Can't say I'm thrilled with the new Wired.com design (those category
icons...ouch), but it's always been somewhat of an ugly duckling, and I'm
happy to see they're still taking changes.

~~~
dudurocha
How you discovered the theme? Tried searching for "Phoenix" on the page you
linked but could not find.

~~~
ebilgenius
In the source you can see that it links to /wp-content/themes/Phoenix/

------
tedunangst
Where does the "12 databases" in the HN title come from? Neither 12 (twelve)
nor database appears in the article.

~~~
lucb1e
For those who came here later, the original title read:

> Wired merges 100k posts, 12 databases, and 17 blogs into 1 WordPress install

------
sixQuarks
Does anyone else think their new design is terrible? The fonts are hard to
read. I hate to be that guy, but I liked the old site better.

~~~
cnp
I'm in literal shock over the fonts. I've never seen something so high-profile
so badly designed, typographically.

Isn't there some kind of rule somewhere that says 4 fonts max? On the homepage
there are seven different fonts! And then you click into a link and blammo,
you're hit with this crazy antique looking thing that looks like porcelain
shaped words, but with far less class. Is this a technology site or a site on
fine cigars and expensive yachts?

Its unreadable and seriously needs to be addressed. Just some dire
constructive crit for such a great publication. This will turn away users, if
only subconsciously.

------
artimaeis
I love how much faster the new site feels. Seems like before I'd load it up
and some content would take 30+ seconds to load but everything I touch on the
page all but leaps out to respond to my click. It's pretty wonderful and a
welcome change.

Not sure if I like the idea of a dynamic news feed. It's one of my least
favorite "features" of Facebook given that I have a harder time filtering what
I have or haven't read. Seems to be the way the modern web is heading though.
At least looking forward to see how Wired's implementation of it works out.

------
skywhopper
Having only recently begun to poke around at the Wordpress Multi-Site database
layout thanks to having to take over responsibility for an 8000+ blog morass
of an install, I can say that the hacky way in which Wordpress achieved multi-
site capability would actually make this transition relatively simple. Other
than ensuring user IDs in the database were in sync, the core blog tables
themselves just need to be imported with slightly tweaked names, since each
sub-blog in multi-site WP has its own independent set of tables.

------
thesystemis
of note -- new yorker also transitioned to a wordpress backed system recently:

[http://www.nytimes.com/2014/07/09/business/media/the-new-
yor...](http://www.nytimes.com/2014/07/09/business/media/the-new-yorker-
alters-its-online-strategy.html)

~~~
nashashmi
If you were to look at all those times that PHP is cursed either for its speed
or programming or something else, I am surprised these big websites are still
investing in something so _buggy_.

Btw, I'm a PHP developer.

~~~
falcolas
Throw enough caching at a speed problem, and the speed problem effectively
goes away. This is why the terms "Varnish" and "fcgi_cache" are so well
associated with WordPress installs.

~~~
matthewmacleod
I'm not sure I agree with this — it just becomes much more complex and harder
to debug!

~~~
falcolas
You are absolutely correct - caching solves the apparent speed problem to the
end user, not the underlying cause of the speed problem. That said, solving
the apparent speed problem for the end user is frequently enough.

------
sjthompson
I'm seeing <meta name="robots" content="noindex, nofollow" /> in the source of
every page...

------
1123581321
Some problems with the subscribe CTA in the sidebar
([https://subscribe.wired.com/subscribe/wired/93911?source=Fai...](https://subscribe.wired.com/subscribe/wired/93911?source=Failsafe&pos_name=AMS_WIR_DESKTOP_FAILSAFE))

* The Customer Service link is broken.

* It doesn't say what you'll pay after the initial $5.

* It doesn't explain the GQ promotion. Is it 5 issues, $5 for 6, something else?

Also, it would be re-assuring to see the to-be-billed amount near the
Subscribe button. Because of the other issues on the page, I don't quite trust
the header which is just an image made by a designer.

I was interested enough to click but too unsure to follow through, so
hopefully someone from Wired/Conde will see this and fix some of these issues.

~~~
hullo
The full year subscription price does appear to have been completely left off
the new site. Hiding the actual price probably tested well?

~~~
1123581321
To be fair to Wired, I have a good idea what a magazine subscription should
cost. :) I just think they haven't considered that hiding the price and
agreement on a payment form signals an unintended negative impression.

------
data_spy
Wired.com also upped their ads from 3 to 5 on their homepage. Also page design
is to make squares exactly match high value ad sizes. Almost as desperate as
Pandora's two ads in a row that started happening the past few months

------
Immortalin
One of the main reason I am using Drupal and not WordPress is that the
WordPress community seem to prefer more paid "premium" stuff over FOSS ones.
Take Drupal Commerce for example, you have access to all of the plugins but
you only need to pay for support. For wordpress, it's a completely different
story, either pay for a full version of woocommerce with all the bells and
whistles, or stick with using the half-baked "basic" version, lacking crucial
features. While I understand the need for monetization, for startups and new
companies this model is very pricey compared to the Drupal one.

~~~
aram
Good points; however, this is not only important for startups and new
companies, but for the community itself.

Drupal has much stronger community than WordPress & Joomla for example, and I
think this has to do with keeping all extensions in one place and discouraging
premium ones.

This way all developers can get whatever they need, but because of Drupal's
"complexity", you there is way less crappy code written by people who are just
passing by, as in WP/Joomla.

~~~
MichaelTieso
This seems opinion based. I'd argue WordPress has a much stronger community.

~~~
Jgrubb
This also seems opinion based. I'd argue Drupal has a much stronger community
;)

~~~
mikeschinkel
And yours seems opinion based. I'd argue WordPress has a much stronger
community in part because is has around 10x more community members. :-p

------
bmiller
FYI if your browser zoom isn't the default 100% all the graphics on the page
have their sides clipped....

At first I thought the publisher had changed their name to just "WIRE" as part
of a rebranding.

------
nodata
How did they harden it? Anyone know?

~~~
josefresco
Good question - the wp-login.pp is accessible, however that doesn't say too
much: [https://www.wired.com/wp-login.php](https://www.wired.com/wp-login.php)

They left this up:
[https://www.wired.com/readme.html](https://www.wired.com/readme.html) \- But
again, now too telling.

Site does not handle being secure:
[https://www.wired.com/](https://www.wired.com/)

I would imagine most of the "hardening" is on the server level, and not the
basic level WP security that most webmasters usually encounter.

~~~
eeeeeeeeeeeee
They are forcing SSL for /wp-login.php, though. Better than nothing as I'm
sure Wired staff are logging in to this system from all over the place.

Would be interesting to know more about how an article gets from written to
published. Do the writers draft in WP and then have editors review it?

------
stevesearer
I wonder if they are building their own "longform feature article builder" or
if they'll be using something like the Aesop Story Engine Wordpress plugin.

------
cnp
Please excuse me, but WTF (I mean -- really -- WTF) is up with that headline
font? It is totally unreadable and tacky. Did someone hack the site?

~~~
msutherl
Was about to post the same thing. It contrasts with everything else on the
website in every way. I'm actually really curious what the rationale could
possibly be.

~~~
cnp
Its blowing my mind right now how many reviewers let this pass without a fight

~~~
seanalltogether
It is weird since the two main fonts seem to be fighting with each other. The
main wired font has always been blocky/techno/sci-fi, and this new headline
font is trying to look like a newspaper font from the 1920s.

~~~
msutherl
Nah, it's even worse – that typeface is based on didones from the 1790s!

~~~
cnp
hahahahaha yeah....

------
jacquesm
On this page at the bottom there is a bug in the rendering of the boxes with
other articles, the word 'newsletter' partially overlaps the box next to it
(firefox).

[http://www.wired.com/2015/02/ellen-paos-lawyer-says-
performa...](http://www.wired.com/2015/02/ellen-paos-lawyer-says-performance-
reviews-changed-kleiner-lawsuit/)

------
mtbcoder
I don't mean to be snarky, but is there something terribly interesting going
on here? The only bit that seemed somewhat interesting was the "AI page
curation" tool, but they hardly touched on that other than to mention that it
was a Grails application, which was then ported to CakePHP, which was then
ported to be a WP plugin.

~~~
MangoDiesel
I agree. This all seems fairly basic, and from clicking through the site for
15 secs I was able to find a lot of bugs. For example, when reading the linked
blog post, the social media bar scrolls and then re-anchors to its spot on the
page on chrome 40.0. Reading through the other comments it sounds like there
are many bugs throughout.

The Grails app that is now Cake PHP is just a tool to aggregate content from
other sources and then post it to wired.com site? And it was previously built
and maintained by a single developer? Sounds like a basic tool.

------
nashashmi
I never realized there would be so much junk to haul through when trying to
upgrade websites to these modern interfaces. It makes me wonder if this
problem of really bad code is widespread in the industry or just among amateur
web developers.

~~~
gk1
Rome wasn't built in a day. Any product that's been around for 10+ years
accumulates a lot of "junk." The thing is, it wasn't always junk. Eight years
ago it was the best thing, it just hasn't been updated since then (aside from
patches and bug fixes, as mentioned in the article).

------
pacofvf
I wish they had a section where you can see all the articles in chronological
order (newer to older). they made a latest news section but it doesn't look
ordered.

------
kmz
Well they definitely seem to server ad's blazingly fast.

------
gdulli
I'm having a vision of their CTO reading an article about horizontal
scalability and his face starts getting red.

~~~
jdub
... because you think WordPress doesn't scale horizontally? That's... look,
you should probably ask your doctor about WordPress.com. Or any reasonably
large WordPress site.

~~~
gdulli
Scaling web servers is easy but there are limits on what a single database
instance can support that Wordpress won't address and having multiple sites on
multiple database instances is a simple, desirable solution.

~~~
nacin
WordPress works great sharded and/or replicated across databases, servers,
even datacenters. This is what WordPress.com, WordPress.org, and pretty much
any major WordPress site uses:
[https://wordpress.org/plugins/hyperdb/](https://wordpress.org/plugins/hyperdb/).

------
jbb555
"mobile-first"? Never mind then

~~~
LukeB_UK
What's wrong with mobile first? It makes complete sense.

------
kybernetyk
I stopped reading wired since they always redirect me to the local wired.de
whenever I try to read their US version. Which is really annoying.

------
pavlov
So wait, Wired's website isn't called hotwired.com anymore? Huh. I guess it's
been like 15 years, but I just never noticed.

