Hi.
I’m thinking about getting started doing some freelance design/development work, and I figured I’d use WordPress for my clients’ sake; They’ll want a CMS and WordPress is very well known so there will be lots of people that would be able to maintain the site. But i’m not sure whether I should customize a theme like ToolBox or Underscores, or hand-code the site and then plug WordPress in for any bits that need to be editable. I’d like to hand-code because I’m inexperienced and want to get really comfortable with HTML/CSS. But I watched a presentation by somebody from Automaticc (Ian Stewart?) who said that nobody creates a theme from scratch for every project, and that It’s better to just customize a good one like Toolbox (Or something along those lines).
So I guess my question is: is it ok to hand-code and then plug WordPress in where you need it?
Wordpress is one of many things that could be useful to your clients.
Maybe, maybe not.
True. But there are some real drawbacks using Wordpress, not the least of which is its propensity to get hacked if a security vulnerability is found. That means your clients are going to have to be aware that they must check for updates regularly, preferably every day. Wordpress is going to need a babysitter, you could say. Another drawback is that it is awfully bloated and is overkill for simple sites that would be better off using static HTML files.
You don’t “plug WordPress in” to an existing design so much as you incorporate your design into Wordpress.
The Wordpress templating system is a mix of PHP and plain HTML. So yes, you will be hand coding. If you haven’t looked at the source code for a Wordpress template yet, I suggest you do so now.
Sorry, hand-coding was not what I meant :P. When I said that I meant hand-coding a static site. My bad. I’m certainly open to other ideas, honestly I’m not too keen on working with WordPress. I definitely don’t like bloated code, but doesn’t that depend on the theme? I knew there were a lot of vulnerable WP installs in the wild, but didn’t realize that somebody would have to check every day. That’s not cool. Under what circumstances could I get away with a static site? And about plugging my site into WordPress, does that mean that I shouldn’t just pick the things that need to be editable and use a WP function to generate them? Or what do you mean??
You can continue to create static sites first. In fact, that’s what I do regardless of which CMS I end up using. I don’t code all pages, just a handfull or so. Others can be done within the CMS, especially if some pages are extremely similar in terms of content structure, then it is indeed faster to code one page and then translate the rest of the pages within a template of the CMS of your choosing.
With WordPress, you should be extremely careful in regards to plugins. Make sure that whatever plugins you use, that these are of a high quality. Most aren’t, so research on the net first, look at the comments, reviews, etc. on WordPress’ plugin repository before installing anything. Plugins are one of the main causes for security issues and other hiccups.
Try to keep your WordPress install as clean and updated as possible at all times.
Do a search on WordPress security and implement some of the safety measures described.
There are a few books that touch on the security issue as well and there’s a website that lists WordPress plugins that contain security holes, unfortunately, I forgot what the site was called. Maybe someone else can jump in.
If you want to use WordPress, I recommend that you use a “naked”, barebones theme, ie something like Starkers. Once you advance and are more comfortable with WP, you might want to create your own barebones theme.