惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Stack Overflow Blog
Stack Overflow Blog
Simon Willison's Weblog
Simon Willison's Weblog
B
Blog
V
Visual Studio Blog
G
Google Developers Blog
云风的 BLOG
云风的 BLOG
S
SegmentFault 最新的问题
博客园 - 司徒正美
博客园 - 【当耐特】
T
Tenable Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
宝玉的分享
宝玉的分享
N
Netflix TechBlog - Medium
S
Secure Thoughts
Hugging Face - Blog
Hugging Face - Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
IT之家
IT之家
Google DeepMind News
Google DeepMind News
Last Week in AI
Last Week in AI
大猫的无限游戏
大猫的无限游戏
PCI Perspectives
PCI Perspectives
H
Hackread – Cybersecurity News, Data Breaches, AI and More
阮一峰的网络日志
阮一峰的网络日志
P
Privacy International News Feed
N
News and Events Feed by Topic
H
Hacker News: Front Page
MongoDB | Blog
MongoDB | Blog
Google DeepMind News
Google DeepMind News
F
Full Disclosure
Google Online Security Blog
Google Online Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
H
Heimdal Security Blog
Project Zero
Project Zero
C
CERT Recently Published Vulnerability Notes
MyScale Blog
MyScale Blog
AI
AI
月光博客
月光博客
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CXSECURITY Database RSS Feed - CXSecurity.com
Spread Privacy
Spread Privacy
Apple Machine Learning Research
Apple Machine Learning Research
GbyAI
GbyAI
SecWiki News
SecWiki News
C
Cisco Blogs
The Last Watchdog
The Last Watchdog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
From Building WordPress Websites to Node.js APIs: My Honest Full Stack Journey
Kunal Pareek · 2026-05-24 · via DEV Community

Five years ago I was building WordPress websites for clients. The kind of work where you install a theme, build a child theme on top of it, write custom PHP for features the theme never imagined, register post types for every content model the client needs, and wire everything together with hooks and filters until it actually does what the client asked for.

That was the job. Not dabbling. Full time. Real projects. Real deadlines.

Today I write Node.js APIs, React dashboards, Next.js applications, and Vue.js interfaces. WordPress is still in the stack on most projects. But the stack is bigger now.

This is the honest story of how that happened. Not a tutorial. Not a career advice post. Just what actually occurred.

What building WordPress websites actually taught me

Before anything else I want to be clear about what WordPress website development actually involves because the internet has a habit of dismissing it.

When I was building recruitment and staffing platforms on WordPress I was writing custom PHP classes. Registering custom post types and taxonomies. Building complex meta box systems for managing job listings and candidate profiles. Writing hooks and filters to modify WordPress core behavior without touching core files. Building custom REST API endpoints for frontend JavaScript to consume. Handling user roles and capabilities so recruiters saw different interfaces than candidates.

That is real software development. It taught me how a large PHP application is structured. It taught me to write code that other developers could extend without breaking. It taught me to think about security because WordPress has strict standards and gets you in the habit of sanitizing everything that comes in and escaping everything that goes out.

It also taught me something most tutorials skip: how to read someone else's code and understand a system you did not build. WordPress core is millions of lines of PHP written over twenty years by thousands of contributors. Learning to navigate that codebase, understand its patterns, and work with it rather than against it is a genuinely transferable skill.

I did not know at the time how much all of this would matter later.

The first project that pushed beyond WordPress

I was working on a staffing platform. WordPress was handling the content, the job listings, the user profiles, the admin dashboard. But the client needed automation. Resume parsing. Third party CRM sync. Automated email sequences triggered by candidate status changes. Workflow automation that ran on schedules.

Forcing this into WordPress was technically possible. WordPress has cron. WordPress has hooks you can fire on status changes. But the more I thought about it the more it felt like the wrong tool for the job. WordPress is designed around content management and web pages. What the client needed was a background processing system.

So we built a separate Node.js service alongside WordPress. WordPress remained the content layer. Node.js handled the automation layer. They communicated over REST API calls.

I had to learn Node.js properly for this. Not just reading tutorials. Actually building something in production that real people depended on.

The Node.js learning curve was not what I expected

I assumed the hard part would be JavaScript. I had been writing JavaScript inside WordPress for years. jQuery interactions. Block editor components. Admin page scripts. JavaScript was not new to me.

The hard part was the runtime model.

In WordPress PHP handles one request at a time in isolation. You write code that runs top to bottom. When it finishes the process ends. The next request starts fresh.

Node.js runs continuously. It handles multiple requests concurrently through an event loop. If you write blocking synchronous code you freeze the entire server not just one request. Every file read, every database query, every external API call needs to be async or you are doing it wrong.

My first week of Node.js code was full of synchronous operations that worked fine in isolation and would have been a disaster under any real load. I was writing PHP that happened to use JavaScript syntax.

It took about three weeks of real project work before the async model genuinely clicked. Before I stopped fighting it and started working with it. The moment it clicked it felt obvious in retrospect the way most things do once you understand them.

Building WordPress websites had given me something I did not realize

When I started building Express.js APIs I naturally wrote validation on every input. I checked that the authenticated user had permission to perform each action before performing it. I treated every piece of incoming data as potentially malicious until proven otherwise.

My colleagues on the project who came from other backgrounds did not have this habit by default. They would write an API endpoint that accepted whatever was sent and trusted it.

WordPress had trained me so thoroughly in defensive coding that I did it automatically without thinking about it. Sanitize inputs. Escape outputs. Check capabilities. Never trust user supplied data.

In the WordPress plugin ecosystem these practices are enforced. The Plugin Review Team will reject your submission if you violate them. You internalize them because you have to.

In Node.js nothing enforces them. You can ship an insecure API and it will run fine. Until it does not.

The discipline I brought from WordPress website development into Node.js made my APIs meaningfully more secure than they would have been otherwise. That was the first time I understood that WordPress development was not a limitation I was moving beyond. It was a foundation I was building on.

Then a dashboard needed React

The staffing platform automation was running on Node.js. WordPress was handling the content. But the client needed a proper admin dashboard. Not WordPress admin. A custom interface showing real time data from the automation system, candidate pipeline stages, recruiter performance metrics, integration status.

WordPress admin was not the right tool for this. We needed something more interactive and more tailored.

React was the decision.

I had written React inside the Gutenberg block editor. Enough to understand components and props and the basic rendering model. But building a full React application with its own routing, state management, and API layer was different.

The first thing that confused me was that React has strong opinions and punishes you for working against them. Coming from WordPress where you can hook into almost anything and modify almost any behavior, React initially felt rigid.

State flows one direction. Data goes down through props. Events go up through callbacks. You do not reach into a component from outside and change it. You change the state that drives it and React re-renders it automatically.

Once I stopped fighting this and accepted it as a design decision rather than a limitation something shifted. The rigidity is the point. It makes large applications easier to reason about because you always know where data comes from and how it changes.

WordPress is maximally extensible. Any plugin can modify any behavior. This is incredibly powerful and also the source of extraordinary debugging complexity when things go wrong.

React trades extensibility for predictability. Different tradeoff. Different use case. Neither is universally better.

Vue.js through a different project

Not every client chose React. A different project had an existing frontend codebase in Vue.js. New features needed to be built on top of it. I learned Vue.js on that project while it was running in production.

Vue.js after React is genuinely pleasant. The template syntax looks like HTML with some extra attributes. The component structure has a clear organization. The reactivity system works more automatically than React's manual dependency tracking.

Vue.js also felt conceptually closer to WordPress templating than React did. In WordPress PHP templates you write HTML and embed PHP expressions inside it. In Vue templates you write HTML and embed Vue directives inside it. The mental distance is smaller than React's JSX which feels more like writing JavaScript that outputs HTML.

For teams coming from HTML-first or PHP-first backgrounds Vue.js has a lower entry barrier. For larger teams with complex state requirements React's ecosystem is deeper and more established.

Knowing both made me more useful across more types of projects. That was the practical outcome.

Next.js felt like something I had already understood

Next.js came into the picture on a project that needed both great SEO and a rich interactive frontend. Pure client side React would hurt search performance. Pure server side WordPress would not give the interactivity we needed.

Next.js was the answer.

What surprised me was how much my WordPress background helped with Next.js specifically.

WordPress developers understand server side rendering instinctively because WordPress has always rendered pages on the server. The server generates HTML. The browser receives it and displays it. Search engines can crawl it because the content is in the HTML not injected by client side JavaScript.

Many React developers who came from client side rendering backgrounds struggle with Next.js because thinking about what renders on the server versus the client requires a mental model they never needed before.

For me it was familiar territory in a new form. The server renders something meaningful. The client receives it and makes it interactive. This is a more sophisticated version of what WordPress has been doing since the beginning.

Next.js also forced me to make explicit decisions about data fetching that WordPress makes for you automatically. Does this data come at build time. Does it come at request time. Does it come from the client after page load. WordPress decides this based on its own architecture. Next.js requires you to decide deliberately.

Making those decisions explicitly made me think more carefully about performance than I ever had when WordPress was handling it automatically. Discomfort that became a useful skill.

What the full journey changed

The biggest shift was not learning new syntax or new frameworks. It was learning to think about systems rather than just applications.

WordPress is a monolith. The database, the business logic, the templating, the admin interface all live together. This is a strength for many use cases. It is also a constraint on the kinds of architectures you can build.

Working with Node.js as a separate service alongside WordPress, feeding data to React and Vue.js frontends, building Next.js applications that treat WordPress as a headless CMS exposed me to thinking about systems as separate concerns that communicate over APIs.

That thinking changed my WordPress work too. I started designing WordPress plugins to expose clean REST API endpoints rather than assuming WordPress templates would always consume the data. I started thinking about WordPress as a data layer rather than a complete application. That is a more modern and more flexible way to build with WordPress.

I would not have gotten there without the broader journey.

Where things stand now

I still build WordPress systems. Custom plugins with clean architecture. REST API extensions. Block editor components. Headless WordPress feeding modern frontends.

I also build Node.js APIs. React dashboards and applications. Next.js server rendered sites. Vue.js interfaces.

These are not competing skills pulling in different directions. They are complementary skills that inform each other.

WordPress taught me to think about security, extensibility, and writing code that survives contact with the real world.

Node.js taught me to think about async systems and API design.

React and Vue.js taught me to think about state as the source of truth for everything a user sees.

Next.js taught me to think carefully about rendering and performance as deliberate architectural decisions.

Building WordPress websites for clients taught me to think about the person using the thing I am building and what they actually need. That is the skill that travels furthest across every stack.

The journey was not planned. It was a series of projects that each needed something slightly beyond what I already knew. I said yes each time. I figured it out each time.

That pattern has not changed. The stack has just gotten bigger.