Custom Code is the Biggest Vulnerability of a WordPress Site

I am in the middle of fixing custom code that caused a fatal error with processing Woo Commerce orders on a client website. It took several days to find enough patterns that allowed diagnosis of the issue. This was followed by examining the error logs and code base to find what was causing the problem and creating a solution to test.

Experience has taught me that the more features (and code) a site has, the greater the chance of a vulnerability. This is doubly true for code written by fellow developers. Greater attention to resources for testing, documentation and QA is essential for keeping a site with custom code stable.

As a consequence, I’ve become frugal with any type of site features that isn’t supported by a third party. Not only does this approach cut down on maintenance, it also makes WordPress websites more stable. Plugins authors spend ample resources on both testing and security, as there are many customers depending on the stability of their software. With custom software, all this must be handled exclusively by the client…