At the mercy of WordPress Plugins; how to fight back

@Denis de Bernardy
I agree.

My plugin problems was with a rss aggregator plugin. In all fairness I had some settings wrong. However the way it bailed on me, bringing down the whole site made me realize the mine field we are sitting on

Plugins are like Business Rules. One flawed business rule cannot bring down a BR engine. Similarly one errant plugin shouldn’t be able to bring down the site.

I think the plugin system, while very powerful, is fundamentally flawed. I find that calling apply_filters on a field is rather irritating. I would _much_ rather apply_filters to a post, because sometimes, you simply need to filter a field differently based on the surrounding data. And this would make the plugins work better outside the loop.

Btw: Which plugin we should stay away from?

@Christopher I think you misunderstood the comments. It is about running plugins in a secure sandbox, which is much harder to do in php then in Java. I wasn’t talking about error settings.

“In php world it is much harder to achieve.”

It actually is not hard to achieve, it just is of little interest in this application. I doubt that the Wordpress developers target audience are grumpy Java developers who can’t figure out the PHP error settings. Either log them or set them to print please.

In Java World we could allow the plugins to be executed in a limited rights environment or sandbox. So the plugins from unknown source cannot do anything nasty.

Secondly even if a plugin fails the site should continue. Again in Java world we achieve this by catching the execptions generated by the plugin, logging them, and move on to execute other plugins. The page should still display, albeit with reduced functionality.

This is in essence what we need for plugins. In php world it is much harder to achieve. So the fallback option is to have a public reveiew system of plugins and use only the ones with good reviews.

Secondly we should always test the plugins in a test enironment before deployment.

Personally I prefer to look in the plugin code also to ensure something strange isn’t going on.

Well said. No doubt someone experienced would be able to fix misbehaving plugins it does screws the non-geeks over.

How then would you propose a solution that offers security and fail-safety together with the existing simple ease of implementation? I’m really interested to find out.

@Thomas I registered as a provider. It is just so much complicated to create a klip. And then they do not explain clearly upfront, what in the hell is a klip!

It looks over-engineered at first glance. I might give it a try again later.

Forgot to say, in case you want added publicity for your blog, consider adding yourself to the klip folio database. It is a good way to get added exposure:

https://www.serence.com/provider.php

Nice Article..

I like your wordpress articles. You seem to be quite knowledgeable on the inner and outer workings of this baby. Keep up the good work.

I can see your Wordpress Feed updates in my klipfolio reader (www.klipfolio.com)

As far as plugins, so far no major problems.. the only thing I worry about is if I put too many of them in my blog that there will be incompatibilities amongst them. In addition, I fear that when I upgrade to next wordpress version, if I have too many plugins it will screw me over… But so far everything is smooth.

Regards,
tom