Custom Code Development – What Could Go Wrong?


We get asked about custom development quite a lot, and whenever able we recommend a couple of companies we know about. Unfortunately, not everyone listens to our recommendations and that can sometimes end with catastrophic results.

Let’s begin with the basics. You want to start your own website. At the very least you install some plugins, follow some tutorials to set up everything and you’re done. However, for many users a time will come when they need to have something done that just does not come out of the box in ready-made solutions.

Here’s where custom code comes to play. Thankfully, WordPress plugins and themes are open source and you can use custom code to fit your particular needs. If you can’t code yourself, you should turn for help to someone with expertise in this area. You wouldn’t redo the whole plumbing system in your house without the proper know-how, would you? Well if you’d attempt that, you’re definitely brave. Not exactly smart, but brave.

Assessment

Before you go ahead and hire developers to do the work for you, start with asking yourself a few very important questions:

  • Is this really necessary and does it solve my initial problem?
  • Will I get a return on my investment?
  • Is there a ready-made solution I could use?

If it’s really necessary and there’s no existing solution, then yea. You need custom code.

Trust is everything

Initial development of some custom code usually does not require access to your production site or server. For example, if you need to have N integration created between PeepSo and Easy Digital Downloads, your contractor just needs the specs and the 2 plugins to get started. Testing the integration is a different thing, though.

Whoever you choose may need to have (in many cases) access to your website and / or server itself. That means pretty much unlimited access to all of your data, including but not limited to user information. If it’s not clear, it also includes any and all intellectual property that you might have there. Are you running an online store? You do remember all those API keys you have exchanged with your payment processors, right? They’re usually stored as open text in the configuration of your payment plugins, DB etc. That’s very sensitive data.

There’s a workaround, and it’s one of the most basic rules ever: A SANITIZED STAGING SITE. Don’t provide full access to your production environment to people who don’t have to have it or you don’t trust with your life. A sanitized staging site should have (in my opinion):

  • All vital API keys removed.
  • All WP user emails changed. A good idea is to run a DB query changing their emails to: @fake-domain-for-staging.com
  • Limit the site so that it can’t send out emails – so that users don’t get any notifications. It’s necessary, as some plugins like EDD keep their own user file with their emails and are sending notifications to those emails instead of the WP user email.
  • Set the site so it’s not indexed by search engines.
  • Set the site behind maintenance mode so that visitors / guests can’t view it.
  • Set a different DB login and password. That information is stored in the wp-config file and you need it to be different.
  • If you’re paranoid enough you can also change all administrator passwords on the staging site so that they’re different than on production site. Heck, you can do that for all your users.

There are probably more ways to ensure security of your staging site.

Experience, code quality, price and licenses

There are a lot of companies and contractors out there that do programming specifically. Every single one of them is fighting for their business. Many people pay attention to the price first. Why wouldn’t you? However, is it really the key or the only factor you should consider? Most certainly not. In fact, personally, I’d run away screaming from the cheapest offers. It’ll become very clear why as you read more.

Experience

Experience in the area you need help with is key. Why? Because where a given job takes 1h to someone with experience, it’ll take 10h to someone with no experience. But they have to learn somehow, and do you really want it to be done with your project as the training grounds?

When you hire someone experienced – and at the same time more expensive – you’re not paying them for the one hour it takes them to complete a given job. You’re paying for the years of their experience and expertise. It might take them just 1h, but they’ll do it properly the first time; that’s because they spent years perfecting their craft. This is universal, it applies to nearly any professional out there and is not limited to programmers.

Code quality

Code quality is one of THE MOST important things there are. So many points and examples that could be given here. Let’s start with the basic things that code quality impacts.

  • Extensibility – well-written code should be easy to modify, improve, add-to without the need for a complete rewrite.
  • Performance – well-written code runs smoothly with no unnecessary, inadequate or inefficient structures.
  • Maintenance – well-written code is easy to maintain. As technology progresses, code needs to be updated, e.g. to be compatible with the latest PHP version.
  • Security – well-written code is as secure as it can be. It does not leave wiggle room for any tampering.
  • Comments – well-written code is commented well enough for future reference and other developers to understand it quickly without the need for reverse-engineering the whole thing.

Granted, many people can’t write code well enough to judge the quality of other people’s code – that’s why we hire contractors, right? That’s why those contractors must be experienced and trustworthy.

Here are two examples on how to operate on time in the form of Bad vs Good. I won’t get into the details of the two examples or even try to explain why the Bad example is bad. Just trust me on this, you don’t ever want to see anything like that anywhere near your project.

Bad

Good

Price

Price is important, of course. It’s something I already touched on above when talking about experience. You never want to go over your budget. At the same time you should never go for the cheapest option. Not knowing how to code yourself is not an excuse to not do your research about a company or a contractor you want to hire.

You can always ask a potential contractor about their experience, past projects, some references. Contact those past employers and ask them about their experience. If that contractor did a website or an app, ask for links so you can check their work yourself, look at it, experience it.

There are tons of examples where being cheap ends up backfiring and being more expensive in the long run. Consider this. You hire a son of your cousin’s aunt who can do it ‘for cheap’. He takes his sweet time and a job that could’ve been done in hours stretches to weeks. Weeks of going back and forth. Micromanaging, testing and frustration along the way is something you just have to deal with in this kind of setting. Once it’s done, it’s slow, but somewhat works. You go to production with it. After a month, a new version of WordPress comes out, and that software is incompatible so you’re stuck on an older WP version.

Time goes by, you’re still stuck on an old WP version, can’t upgrade other plugins, can’t upgrade server stuff like PHP. Your website becomes a liability since you can’t upgrade to latest versions. The son of your cousin’s aunt can’t help you anymore as he has school, or something else far more important than your problem (which isn’t his problem anymore). You somehow endure and tell yourself, “if it works, let it work”. Then a vulnerability is exposed in the old WP you’re using. You can’t upgrade because your custom code won’t work. You get hacked. The project is lost. You’re out of thousands of dollars in sales, even more in liabilities, unhappy clients, bad reviews.

But hey! It’s ok! You have backups. You finally hire a professional. That professional, after examining the situation and the code, comes back with the obvious: you need to have it all rewritten from scratch. Now you spend thousands of dollars on rewriting the code, migrating badly placed database data, optimizing it all, upgrading and securing the whole website.

Instead of paying a professional to do the job right the first time, you end up paying far more for it, and you lose precious time. And don’t even get me started with the consequential stress. More often than not, badly-written custom code is the main culprit for hacks. This example is just to show that even an outdated WordPress version might be your downfall.

Licenses

This might be a little segue from custom code and focusing more on web developers. Let me preface by saying that fortunately we don’t see this very often. Sometimes, there are ‘web developers’ who are creating websites, communities for clients using illegal / cracked / nulled versions of software. PeepSo included.

Someone is contacting our support saying: X does not work. We try to do our best, check everything just to discover that it’s an outdated, hacked version of PeepSo. Our hands are literarily tied and our support can’t do anything without the client purchasing the license and installing the latest versions of our plugins.

And that brings me to a very important point: buy your own software and licenses. Get a list of necessary software from the developer. Make sure it’s definitely necessary first. Then go ahead and buy those licenses yourself. Especially if a given project is supposed to be a one-time deal rather than an ongoing partnership.

Compromises

Unfortunately, not everyone has the budget that’s necessary to get the job done right. What then? Well, compromises need to be made. However, compromise does not mean getting the son of a cousin… Compromise might be just biding your time and saving money for a professional.

Perhaps contact some plugin / theme developers with suggestions for features. You don’t always have to start with custom code requests. We do take suggestions when they make sense, we see that many communities could benefit from a given feature and we try to fast-track such requests. For others there’s a longer wait, but we do get them done. Of course, we can’t speak for all plugin / theme developers out there.

Developers we recommend

There are a couple of development companies who we can wholeheartedly recommend. They definitely have experience with creating solutions for PeepSo whether by tweaks and code snippets, creating plugins, themes or integrations. For big scale projects we wholeheartedly recommend 9seeds.com – they will take very good care of you. There’s also WBCOM Designs with a bunch of plugins and a theme for PeepSo. Cminds are another example of people who have experience creating solutions for PeepSo.

Conclusion

The conclusion is pretty simple, in my opinion. Should you REALLY NEED that custom code – try reaching out to relevant developers with feature requests first, and who knows, you might just get lucky. If not, hire someone who you can trust. Someone who is within your budget. Above all else, someone who knows what they’re doing.

If you have feature requests, by all means contact our support. We do welcome them.

Brought to you by PeepSo Team Eric Tracz
I’m a Digital Nomad currently living in Manila, The Philippines. Co-Founder and CEO of PeepSo.com. First time WordCamp Speaker at WordCamp Kuala Lumpur 2017, WordCamp Singapore 2019 and hoping to speak more soon. I started my journey with open source nearly a decade ago as a simple support guy. Joomla! was my first encounter with the world of Open Source. After that period of my life got phased out I fell in love with WordPress and never left. I have been both lucky and at the same time I worked my ass off to get to where I am right now. Free time, if I have any, is usually spent with my wife and / or travel around South-East Asia. Even when I’m supposed to be on a little vacation, not a day goes by when I don’t check up on PeepSo. So far visited or lived in: Hungary, Czech Republic, Slovakia, Indonesia, Malaysia, Singapore, Hungary, Vietnam, Cambodia, Laos, Thailand, China, Japan, Maldives, Sri Lanka, Myanmar, Norway, Germany, Scotland, England and more… Whenever possible, I jump on my Ducati Monster and just ride.

Community by PeepSo

Super-light and free social networking plugin for WordPress