Stop using code snippet plugins

  Рет қаралды 9,822

Adam Lowe

Adam Lowe

Күн бұрын

Пікірлер
@TheAdminBar
@TheAdminBar Жыл бұрын
What an absolutely epic video 🙌
@BGdev305
@BGdev305 Жыл бұрын
what exactly is "epic" here?
@suffolkwebdesign
@suffolkwebdesign Жыл бұрын
Awesome Video - I had no idea that snippets plugins created these issues - Thanks Adam!
@AdamLoweIO
@AdamLoweIO Жыл бұрын
To be fair, any plugin can cause these kind of issues. However, snippet plugins offer redundent functionality that you can easily get by using a child theme or basic custom plugin. I have no issue for using them for development or testing, but they have the potential to just create one more avoidable issue in production.
@vovkasolovev
@vovkasolovev 9 ай бұрын
I agree. I've been doing it for a long time, I store short codes in a unique plugin for each site. Storing in a child theme is not very correct - firstly, the theme is for design, and secondly, plugins are executed earlier.
@AdamLoweIO
@AdamLoweIO 9 ай бұрын
Yes, you are correct that themes are for design and design-related functions like enqueuing css or JavaScript. Any functionality-related plugins should be in a plugin (or mu-plugin). I didn’t go into all that nuance here since I wanted to try to keep it relatively simple and high level. As it is, this video started a shit storm in facebook comments since it goes against the way a lot of people have been doing things.
@uioverhaul
@uioverhaul Жыл бұрын
Besides that this video is great, I love that you are not reading your words from the paper, but you are rather talking spontaneously. You have a great personality Adam, and this kind of video (not scripted) seems way more natural and I just like to watch it even more. Maybe you can continue to record videos without scripts :)
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Thanks, Man. I’ve always had problems speaking off the cuff, so it’s pretty nerve wracking for me. I’m going to try to do more of these for things when I’m not trying to show a step by step process, though. Maybe I’ll even have fewer than 300 “ums” to remove in post. (Special thanks to Descript for getting rid of most of them without too much extra effort!)
@markpeters2254
@markpeters2254 Жыл бұрын
@@AdamLoweIO My 'um' alarm never went off. Great video and presented in a very authentic way! You can save yourself some scripting time in the future!
@AdamLoweIO
@AdamLoweIO Жыл бұрын
There were about 300 (no kidding) that I removed using the Descript video editor. It was appalling, especially since I used to do toastmasters years ago.
@jacobwwarner
@jacobwwarner 10 ай бұрын
I had been thinking about this earlier. These plugins for custom code snippets and CSS frameworks seemed to be repetitive if you're able to put this code into your child theme. I've seen things like Core Framework and Automatic.css creating a plugin with a UI to define custom CSS properties (variables) and utility classes that you can then apply on elements for consistent styling. This includes things like fonts, font size, colors, spacing and layout, etc. Given this example, is this another thing you can easily do by just defining all this CSS within the WordPress child theme's `style.css` file and then referencing those classes on various elements, possibly within a page builder like Bricks? Thanks for any help & insights.
@AdamLoweIO
@AdamLoweIO 10 ай бұрын
You hit the nail on the head. Those plugins essentially spit out a CSS file that gets enqueued in the builder and on the frontend. Some of them, like ACSS (not sure about Core), create the CSS file by compiling SASS but again, in the end it's just CSS that could be written and enqueued in your child theme. I don't recommend putting your rules and variables in style.css, though. It's a much better practice to create a function that enqueues a separate file. (developer.wordpress.org/themes/core-concepts/including-assets/#including-css). The developer docs look complicated but it's actually quite simple. My latest block theme video on child themes briefly shows the actual code you can use.
@jacobwwarner
@jacobwwarner 10 ай бұрын
@@AdamLoweIO Thanks, I'll go check it out. I'm coming in from a React-focused background, so the WordPress environment is still new to me.
@JamesJosephFinn
@JamesJosephFinn Жыл бұрын
Thanks for sharing your wisdom. This is the way. Subbed. This video is most timely, as I've recently arrived at this same conclusion myself, and am thankful to find someone of your calibre validating my assumptions.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Glad it was helpful!
@MikeSimpson1
@MikeSimpson1 Жыл бұрын
One thing about child themes is that I learned about the use of the Create Block Theme plugin with WordPress default themes as well. Very handy. You can choose to create a new theme or child theme.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Yes, that plugin is very helpful and it’s a great starting point for creating block themes.
@ZeoinBuffer
@ZeoinBuffer Жыл бұрын
I found this video just when I needed some advice, thank you.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
I'm glad it helped. There really are no 100% right or wrong answers, just different ways of doing things with pros and cons to each.
@mikt
@mikt Жыл бұрын
Thanks for the video! Regarding the "own Plugin" part - where did you start with that. from the overview i see a lot of interesting stuff which make me think to do my own one. BUT i have no clue of php :) Did you come up with the general idea on your own and it eveolved with your own and community snipets? And pointing into the right direction? THANKS
@AdamLoweIO
@AdamLoweIO Жыл бұрын
I’m not a great php programmer either. There are enough resources, though, that it’s pretty simple to figure out with googles help Mostly, I knew that I wanted to keep the snippets in separate files to turn them on and off easily, so I just needed to find the right way to do that in php. From there, it was just a matter of looking in the WP handbook for their plug-in guidelines on how to format the header properly.
@AhmedSiddieg
@AhmedSiddieg 3 ай бұрын
very good points , just check this plugin , it's new and file based and can delete the plugin without effecting the snippets , it's called fluent snippets. "Your snippets are safely saved in your file system and load natively with zero database queries, so it’s safe, secure, and ultra-fast."
@wittywolk
@wittywolk 3 ай бұрын
I'm not sure if it's the same safety Adam is talking in the video. My guess is that if someone finds a vulnerability in this plugin he can just make it execute a snippet from wherever he wants, but I might be wrong on that.
@AdamLoweIO
@AdamLoweIO 3 ай бұрын
@wittywolk I wasn’t referring to anything specific when I mentioned safety. Arbitrary code execution and modification are some of the biggest concerns, but I’m sure that’s not all.
@wittywolk
@wittywolk 3 ай бұрын
@@AdamLoweIO yeah, and that's why I wrote that my guess would be that you would have a partial disagreement with their marketing in regards to it being "Safe"; like it is safe now, but it can change with the next update and it's best to just not use these plugins on production sites - no matter if they're loading snippets from the DB, or from files.
@AdamLoweIO
@AdamLoweIO 3 ай бұрын
You make a good point, and I wholeheartedly advocate for not keeping code snippet plugins out of production. Putting on my "realist hat" though, I know that there is always a balancing act between convenience, security, and performance. Fluent snippets and the latest WP Code Box updates have at least taken steps to mitigate the risks, so while I probably wouldn't call them "safe," it's probably okay to say that they are "safer" than the ones that run everything from the DB.
@zvit
@zvit 8 ай бұрын
Although it requires extra steps to read the database, using a snippet instead of a plugin might increase performance. The reason for this is that many plugins include a lot of unused JavaScript and CSS that hinder performance even more than adding an extra snippet would. And, I don't see how a plugin's updates would have less of a security issue than a snippet plugin.
@AdamLoweIO
@AdamLoweIO 8 ай бұрын
I was actually referring to a small custom plugin, not a commercial multi-purpose thing. For code snippets, it can be a couple of lines in a single PHP file or an enqueued script. WP Codebox now lets you export your snippets as a small functionality plugin, which is a pretty cool feature. It just came out of beta this week so I haven’t had a chance to look at it yet, but it could be a good option for anyone who is intimidated by manually enqueuing css or js or who needs some minor conditionals.
@dzulhelmi81
@dzulhelmi81 Жыл бұрын
What is the difference when you create your own plugin and use code snippets plugin? Both are plugins? Both will query the database?
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Remember that a plug-in is just a piece of code that is run by Wordpress. A single-file plug-in that you create with nothing more than a header and a few lines of snippets carries a lot less risk than a 2MB plugin that stores snippets in the database (SQL injection risk) and has a lot of other code where things could potentially go wrong.
@mandrael
@mandrael 11 ай бұрын
Great and important video! Thanks!!
@HappilyHafsa
@HappilyHafsa Жыл бұрын
Brilliant!!! Thank you so much for sharing this
@jhonnatanr
@jhonnatanr 9 ай бұрын
Amazing video!!! I was not aware of these issues. I am curious about your opinion on the new fluent snippets plug in that seems to attempt to resolve those issues but I am not sure if it does?
@AdamLoweIO
@AdamLoweIO 9 ай бұрын
WP Codebox has an alpha feature that attempts to address it by creating a standalone feature plugin with code signing. That’s probably the best implementation I’ve seen so far. Fluent also does a similar thing, although I believe they don’t have the code signing. I haven’t looked at it since it was released though, so things may have changed. Both products have taken great steps to address security concerns. I would still consider foregoing the snippet plugins on production sites, however, unless you have a need to add or change snippets regularly. Putting them in a child theme or a custom plugin is just so much simpler. (Remember, a custom plugin can be as simple as a single php file with a line to name the plugin followed by whatever snippets you want to include)
@jhonnatanr
@jhonnatanr 9 ай бұрын
@@AdamLoweIO Thank you for your reply! I have been using Fluent snippets but now after learning about the issues you mentioned, I will start using my theme's child theme as suggested in your video. The custom plugin also a great idea that I will look more into. I really appreciate your time in getting back to me.
@JamesJosephFinn
@JamesJosephFinn 11 ай бұрын
I'm returning to this video for a second look. Your demo at the end of the custom plugin really stuck in my memory. I would like to implement this workflow in a project I'm working on; and it'd be really helpful to examine the file structure of your setup in detail to help educate myself. This wouldn't happen to be on Github / Gitlab anywhere would it? Thank you sir.
@AdamLoweIO
@AdamLoweIO 11 ай бұрын
It sure is. Here is the link. github.com/peakperformancedigital/wp-master-public
@henrymcdoo
@henrymcdoo 9 ай бұрын
@@AdamLoweIO Will you maybe update it with your current version, or upload it separately?
@andrewdowniephd
@andrewdowniephd Жыл бұрын
Really, really interesting stuff here. Well that's about the extent of my "technical speak". Many thanks for the info and something I will certainly attempt to implement too.
@IEVolleyBallNerd
@IEVolleyBallNerd 5 ай бұрын
Fluent snippets which launched recently doesn't store in the database, would that resolve many of the performance and security issues you identified?
@KaiBuskirk
@KaiBuskirk 4 ай бұрын
Thank You! For your time!
@jerryb6728
@jerryb6728 Жыл бұрын
This is a non coder question..as I might not be part of your target audience.. but its something we all should be aware of . My question is regarding the custom plugin..how is that more secure than wpcodebox? A Is it because its not a public plugin?
@AdamLoweIO
@AdamLoweIO Жыл бұрын
That's a totally valid question. The issue isn't so much that "plugins are bad" as much as it is that code snippet plugins have a lot of moving pieces and the ability to run arbitrary code that's stored in your WordPress database. A custom plugin, on the other hand, can be nothing more than a single file with a line declaring the plugin name followed by your snippet. Since it runs from the file system it loads faster than anything from the database, plus it can't be changed unless someone has file system access to your server. Contrast that to a code snippet plugin with thousands of lines of code, remote repositories, etc. and I think it's pretty obvious which one is going to be more secure. Of course, using a snippet plugin is exponentially more convenient so it's all about trade offs. That's why I advocate for using those snippet plugins during development and testing, then offloading them to custom plugins and css files when you go into production. Here is a good article from Smashing Magazine showing you how to make a simple plugin. If you know how to use a snipplet plugin or edit your functions file, then you'll probably find that this is just as easy once you know what to do. www.smashingmagazine.com/2011/09/how-to-create-a-wordpress-plugin/
@jerryb6728
@jerryb6728 Жыл бұрын
@@AdamLoweIOgot it.. thanks for the thorough response.
@mihaiandrei97
@mihaiandrei97 Жыл бұрын
Hi, Adam! Is your plugin available for download? Those default settings would save me soo much time. I'm also a member of the Circle, by the way.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Sure, here is the github repo. github.com/peakperformancedigital/wp-master-public
@maxziebell4013
@maxziebell4013 Жыл бұрын
Great video. I also like using child themes. But, doesn't WPCodebox v2 have an export to plugin feature?
@maxziebell4013
@maxziebell4013 Жыл бұрын
Functionality Plugin: Save and execute code snippets from a functionality plugin without loading them from the database.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
I haven’t experimented with v2 yet. If it has that capability, then that’s pretty sweet! It would take the leg work out of creating a plug-in.
@nickarceco
@nickarceco Жыл бұрын
@@maxziebell4013 I totally forgot that function existed. Going to have to try this out.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
FYI: I gave it a look this afternoon and came away pretty impressed. Let’s make sure WPCB knows that this is something that’s important to us so it can get moved out of “experimental” status.
@maxziebell4013
@maxziebell4013 Жыл бұрын
@@AdamLoweIO I tested it and like it. But I also found some bugs as well. I got this message from the developer today: "Yes, feedback for the FP is starting to come in. Based on this I will focus a few releases on getting it out of the experimental stage. - Ovidiu"
@JonnyPez
@JonnyPez Жыл бұрын
Hey Adam, I was hoping you could shed some light on how Pinegrow adds headers and footers to pages where they are not defined, but instead use master pages. I have an issue where I need to use a conditional statement to determine when header or footer to use on a specific page, but I can't seem to find the right place to inject that statement because every time I export my theme and examine the php file of the page in question the very first line is '' and then my conditional statement. In my example I'm using an auction plugin that adds some additional features to WooCommerce's single-product.php. If the product is of type 'auction' I want to use a specific header, and if it's a regular non-auction product, I want to use a different header. I've successfully implemented this code by modifying the single-product.php after Pinegrow exports the theme, but I would obviously prefer not to make edits to the code outside of Pinegrow. Do you have an obvious solution?
@AdamLoweIO
@AdamLoweIO Жыл бұрын
The get header and get footer thing is pretty standard Wordpress practice. It sounds like you might want to make a separate template for that post type and set it as a master page so it uses that header and footer. If it’s just a small piece of code that changes, then you can probably wrap that in an “if …” action. Just be sure that it’s inside the part that gets output to header.php and not the body of the template. I’m at WordCamp right now do I have very limited access to a computer. It sounds like this question might be worth posting to the Pinegrow forums.
@DavidWaumsley
@DavidWaumsley Жыл бұрын
Hi Adam, I've seen some brilliant videos from you. Thank you. I get your points, but feel the blanket "stop using" title is a tad unfair to developers and users who have balanced considerations, have a need for a different workflow and use them to improve performance and security. I love WP Codebox. Admittedly, these days I use it for mostly HTML and CSS coding for static sites, but it is now the last remaining WP plugin I trust. Very early on the author paid a lot to have an independent company look for security issues with his work (even though he has worked on well known unproblematic plugins for some years) How many bother to do that? I think your content here has great value for many (even though it does not cover why you might still want to use one), but I wish you would change the title to something less damaging to a generous and conscientious plugin author.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Yeah, the title is pretty clickbaity I’ll admit. I hate that titles like this work, but they do. That’s why I clarified in the description that these plugins do have a place, but that place isn’t on a production website. WP Codebox is a special case, especially since they are working on that experimental feature plug-in setting which offloads the snippets to their own plugin for production. It still requires users to know about the issue though and take action.
@DavidWaumsley
@DavidWaumsley Жыл бұрын
@@AdamLoweIO I added WP Codebox on inherited production site only last week. It's ability to add HTML and CSS via shortcode snippets let me replace a plugin removed from the repo for security issues and several heavy plugins. It's there to allow HTML content changes. Also, with agile work on live sites involving JS or PHP having WP Codebox ability to detect errors and stop outputting them can be safer than updating a plugin or changing the theme.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
The ability to detect errors and stop the execution is s nice feature. You comment about changing code in production is certainly a topic for a much broader discussion (hard core security people would say that using a dev > staging > production workflow is the best way to go). Your comment about having a snippet plug-in that only allows modification of CSS and HTML is also an interesting concept. Off the top of my head it seems that something like that would not have the same security problems as having the ability to also execute php or js code, but I’m sure a security researcher would find a reason to disagree with me there. As with anything, there are going to be trade offs between performance, security, and convenience. I am very eager to see the WPCB “functionality plugin” feature come out of experimental status. From what I can tell, it would give people the ability to use WPCB to write and manage their snippets, but would then write them to the file system as a standalone plugin and disable the main IDE plugin. Essentially doing what I advocated for in the 2nd part of this video.
@DavidWaumsley
@DavidWaumsley Жыл бұрын
@@AdamLoweIO Ovidiu is a good person to talk to. I think this plugin may have come out of him scratching his own itch. He's always stuck me as one of those old school plugin authors who is more concerned with the work than the profits. He's very thoughtful.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
He and I have spoken. I hope he doesn’t mind me quoting something he wrote when he said that everyone wanted code snippets so he decided to “make the best code snippets plug-in.” FWIW, I think he succeeded there.
@kareem2928
@kareem2928 Жыл бұрын
Now this is insane to me! I'm already rambling inside my brain WTF! I rely on WP Code Box plugin to do my styling more than ever! especially using partials, I also manage many projects efficiently, and a lot to mention! What do you think about this? Advice?
@AdamLoweIO
@AdamLoweIO Жыл бұрын
So much depends on your workflow. Plugins like this are fantastic for development, testing, and staging when you are constantly adding code and need to compile Sass regularly. In production, though, it's worth moving all that code to a child theme or plugin. If you find yourself needing to change CSS regularly on production sites, then it might be worth using an import directive to reference one vanilla CSS file to hold those changes. I don't think there is a one-size-fits-all solution. As always, "it depends." (Yes, I hate that answer too!)
@kareem2928
@kareem2928 Жыл бұрын
@@AdamLoweIO It's become complex after all this in the FB groups and here. You're a fine and trustworthy person as always to address stability and maintablity with an approach most likely not wanted. I would love from you If possible if all got sorted soon with WPCodeBox to address and how to move things towards the child theme like this case. Again I'm one of those who rely on styling entirely the website with manual code even with advanced page builders like Bricks using BEM and SASS. P.S. I still didn't continue your Pinegrow course with my tight life schedule. I wanted to do it ASAP. Also, Please consider Core Framework with Pinegrow as you didi with ACSS.
@carlosrosalesrojas6788
@carlosrosalesrojas6788 Жыл бұрын
Great, thanks!
@AidanJoyce
@AidanJoyce 10 ай бұрын
hey adam, thank you for taking the time to make and share this no bs video. Just a quick question if I may, do you know if use of chile theme impacts performance in any meaningful way or is it like a zero impact (hopefully)
@AdamLoweIO
@AdamLoweIO 10 ай бұрын
There is no real impact with child themes. Wordpress just sees the child theme files and uses them instead of the parent theme.
@deehrk
@deehrk Жыл бұрын
wpcodebox is still way to go cause they have the "functionality plugin". features, exactly as what you recomended, plugins with scripts on its own separete plugins, can deactivate the main plugins ater dev phase.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Yes, I think WPCB’s functionality plug-in may be a good compromise once it’s out of experimental status. Right now it has a lot of rough edges that need to be addressed.
@BGdev305
@BGdev305 Жыл бұрын
Really confused by this video.. your explaining the BASICS of child themes? Yes, they are important.. but why spend our time in this video about basic child theme and implementation.. when the title is "Stop using code snippet plugins"? Tell me about why to not use snippet plugins, AS A DEVELOPER. For basic understanding of child themes etc. there are thousands of videos for those that need that.
@AdamLoweIO
@AdamLoweIO Жыл бұрын
Yes, this is a basic function of child themes. You know that, and I know that, but a surprising number of people don't. Looking at various forums and social media threads, it was becoming alarming how many people were using code snippet plugins simply because they didn't know better. As for the reasons why it's not a good practice, as a DEVELOPER you should hopefully understand that snippet plugins introduce the potential security issues since they store the code in the database where it can be easily modified or overwritten. Those plugins also add unnecessary overhead to production systems, but that's a lesser concen.
Working with a Website Photographer
7:13
Adam Lowe
Рет қаралды 405
I Sent a Subscriber to Disneyland
0:27
MrBeast
Рет қаралды 104 МЛН
Slash your WordPress Plugins for Code Snippets
18:35
Web Squadron
Рет қаралды 12 М.
This is How I Scrape 99% of Sites
18:27
John Watson Rooney
Рет қаралды 209 М.
Something is wrong with ISPs in India 🇮🇳
13:17
Mehul - Codedamn
Рет қаралды 60 М.
How to Create a Wordpress Plugin | Wordpress Plugin Development Guide
23:28
Code Snippets vs WordPress Plugins Which Reigns Supreme?
50:15
Ferdy․com | Ferdy Korpershoek
Рет қаралды 15 М.
How to Create New Blocks In WordPress (@wordpress/create-block)
11:19
I found a way to never use Pixels again in Elementor
15:07
Rino de Boer
Рет қаралды 83 М.
Code Snippets Tutorial | Say Goodbye To WordPress Plugins
37:05
Ferdy․com | Ferdy Korpershoek
Рет қаралды 119 М.
How To Use Code Snippets Without A Plugin In Wordpress
16:54
WordPress Tutorials - WPLearningLab
Рет қаралды 11 М.