Hacking Drupal Core: a Crime with Casualties!

QArea Team by QArea Team on November 23, 2015

Hacking Drupal Core: a Crime with Casualties!
Reading Time: 3 minutes

Your site’s explosion just demolished South Korea? You probably hacked the Drupal core yesterday, haven’t you? Despite all possible temptation and promising benefits, you should never ever hack the core. The activity will not turn out the way you expect it to.


The one trap that caught us all!

You have probably heard it already. We shouldn’t hack the core. Ok-ok, we get it! Or do we? Countless people fall in the same trap over and over again. We are stubborn enough to repeatedly shoot ourselves in the same leg before the wound even gets the chance to heal.

Every single Drupal developer has tried to hack the core at least once.

Each of us failed.

It was painful.

Have we learned from the experience? No, we have not. OK, that’s not entirely true. Some of us have. We, at QArea, never even think of something as gruesome and devilish. But we’ve had 14+ years of experience at our disposal to learn the lesson the hard way. That is something I am willing to share with hopes that some of you, my fellow readers, will finally follow the smartest advice of all: Never hack the core.

Is there anything more tempting than the forbidden?

Why do developers keep hacking the core if it’s really that bad and everyone knows it? That’s simple. People love to take the easy path. People are lazy. People are arrogant. Developers are people.

Hacking the core may seem like the simplest, fastest solution to many challenges. The force in a poor choice is strong. The dark side is tempting. It tricks young, inexperienced minds into considering answers to the following questions:

  • Hacking the core seems so easy. Shouldn’t we, as developers prefer the simplest route over more complex ones?
  • Sure, it may be bad for the site owners. Why should I care?
  • Is not being able to get upgraded that bad?
  • This issue can only be resolved by hacking the core, can’t it?

Such thoughts have come to the minds of even the best of us. However, I’ll not even bother explaining why this mindset is horrific and terrifying. It is obviously unacceptable in any society. Especially in the one that is oriented on results and quality – like the Drupal community.

Why is hacking the core not different from killing kittens?

When you develop a website on Drupal website owners, as well as users are your responsibility by default. They trust you with either their money or product in one case or their personal data and credentials in the other. Will you have the heart to just cheat on them by choosing a simple path? A road that’s good for you, yet puts all of them at risk?

I don’t believe you are that kind of a person.

And neither do you.

By the way, it’s time to finally get to the point (I have several of them, in fact). Why are we, at QArea, never hacking the core? Why’s it so bad?

  • We all realize the importance of bug and security fixes. After the core is hacked you will never install them again. One might say that it will be difficult, but not impossible. Trust my experience – such a level of difficulty is intolerable. Sure, after endless hours of agony you will come up with a solution that is slightly less broken than all other ones, but its realization will be more challenging and resource-consuming than rebuilding the entire project from scratch. Hacking the core is just NOT WORTH IT!
  • You will hang a bright, seductive neon “welcome” sign for all the hackers out there. You will offer them an irresistible treat. And I’m pretty sure stakeholders won’t appreciate the gesture.
  • By hacking the core you give other people headaches. Literally. There will be a team responsible for website maintenance some ways down the road. People who will have to deal with circumstances of your “creative thinking” and “issue solving” (aka laziness). Each developer who hacks the core is mean to his other colleagues by default. That’s bad karma.
  • And, in the end, right after you hack the core – you are suddenly all alone. The only person in the whole wide world who can detect and fix issues and bugs, popping up in your site. You will lose the community, as none of the members is aware of the changes you’ve made and the effects they’ve caused.

At the end of the day, there are no unresolvable issues. All that, which seems like a valued reason to hack the core is not what it seems and can be resolved otherwise. With smarter methods. So, before you proceed towards you little malicious scheme, please be kind enough to consider all, that was written above. And then ask yourself a question:

Is it worth it?

We know it’s not. We are professionals who value both our colleagues and clients. We care about the quality of our development solutions. We love our job and we love Drupal. So should you!