Development, Drupal Development, Security,

Hacking Drupal Core: a Crime with Casualties!

3 m read
QArea Team
QArea Team Marketing Manager
November 23, 2015
Share on
Reading Time: 3 minutes

Your site’s explosion just demolished South Korea? You probably hacked the Drupal core yesterday, haven’t you? Despite all possible temptation and promising benefits, you should never ever hack the core. The activity will not turn out the way you expect it to.

Never!

The one trap that caught us all!

You have probably heard it already. We shouldn’t hack the core. Ok-ok, we get it! Or do we? Countless people fall in the same trap over and over again. We are stubborn enough to repeatedly shoot ourselves in the same leg before the wound even gets the chance to heal.

Every single Drupal developer has tried to hack the core at least once.

Each of us failed.

It was painful.

Have we learned from the experience? No, we have not. OK, that’s not entirely true. Some of us have. We, at QArea, never even think of something as gruesome and devilish. But we’ve had 14+ years of experience at our disposal to learn the lesson the hard way. That is something I am willing to share with hopes that some of you, my fellow readers, will finally follow the smartest advice of all: Never hack the core.

Is there anything more tempting than the forbidden?

Why do developers keep hacking the core if it’s really that bad and everyone knows it? That’s simple. People love to take the easy path. People are lazy. People are arrogant. Developers are people.

Hacking the core may seem like the simplest, fastest solution to many challenges. The force in a poor choice is strong. The dark side is tempting. It tricks young, inexperienced minds into considering answers to the following questions:

  • Hacking the core seems so easy. Shouldn’t we, as developers prefer the simplest route over more complex ones?
  • Sure, it may be bad for the site owners. Why should I care?
  • Is not being able to get upgraded that bad?
  • This issue can only be resolved by hacking the core, can’t it?

Such thoughts have come to the minds of even the best of us. However, I’ll not even bother explaining why this mindset is horrific and terrifying. It is obviously unacceptable in any society. Especially in the one that is oriented on results and quality – like the Drupal community.

Why is hacking the core not different from killing kittens?

When you develop a website on Drupal website owners, as well as users are your responsibility by default. They trust you with either their money or product in one case or their personal data and credentials in the other. Will you have the heart to just cheat on them by choosing a simple path? A road that’s good for you, yet puts all of them at risk?

I don’t believe you are that kind of a person.

And neither do you.

By the way, it’s time to finally get to the point (I have several of them, in fact). Why are we, at QArea, never hacking the core? Why’s it so bad?

  • We all realize the importance of bug and security fixes. After the core is hacked you will never install them again. One might say that it will be difficult, but not impossible. Trust my experience – such a level of difficulty is intolerable. Sure, after endless hours of agony you will come up with a solution that is slightly less broken than all other ones, but its realization will be more challenging and resource-consuming than rebuilding the entire project from scratch. Hacking the core is just NOT WORTH IT!
  • You will hang a bright, seductive neon “welcome” sign for all the hackers out there. You will offer them an irresistible treat. And I’m pretty sure stakeholders won’t appreciate the gesture.
  • By hacking the core you give other people headaches. Literally. There will be a team responsible for website maintenance some ways down the road. People who will have to deal with circumstances of your “creative thinking” and “issue solving” (aka laziness). Each developer who hacks the core is mean to his other colleagues by default. That’s bad karma.
  • And, in the end, right after you hack the core – you are suddenly all alone. The only person in the whole wide world who can detect and fix issues and bugs, popping up in your site. You will lose the community, as none of the members is aware of the changes you’ve made and the effects they’ve caused.

At the end of the day, there are no unresolvable issues. All that, which seems like a valued reason to hack the core is not what it seems and can be resolved otherwise. With smarter methods. So, before you proceed towards you little malicious scheme, please be kind enough to consider all, that was written above. And then ask yourself a question:

Is it worth it?

We know it’s not. We are professionals who value both our colleagues and clients. We care about the quality of our development solutions. We love our job and we love Drupal. So should you!

Tags
Share on
Privacy Preference Center
Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.

You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Cookies used

Google Analytics
Functional Cookies

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Cookies used

Test Second Test
Targeting Cookies

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

More Information

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.