Hacker News new | past | comments | ask | show | jobs | submit login
WP21 (ma.tt)
426 points by joshbetz 5 months ago | hide | past | favorite | 174 comments



I just wish WordPress actually adhered to development standards, not actively tried to break them.

Using globals everywhere and encouraging spaghetti code with its classic themes, and with its new themes it evidently learned nothing and is encouraging JSON inside HTML comments which obviously has no editor support, is very prone to errors, besides being just plain stupid (like seriously, some senior engineers I assume decided to have templating inside HTML comments as JSON?). If I had my tinfoil hat on, it's almost as if they actively try to kill the freelancer or digital agency market and push everything to its WYSIWYG site builder on WP.com.


They encourage lots and lots of bad practices. I mean, just look at themes and how they are built by default. Comments in a CSS file describe the theme metadata. Using concattenation instead of composition everywhere, so that parts of HTML are not reusable. CSS, inside JS inside HTML inside PHP ...

Part of it is this implicit structure it defines, which file it loads adter ehich other file to make a whole page. It seems convenient at first, if only you know it, but it encourages people to not properly finish all their HTML elements on the same file, but split them up stupidly and end them in other files, never to be reused.

It all seems very beginner-mistake like. But I guess they are stuck with this now, because thousands of themes rely on this, instead of having a structure based on composition. Contrast this for example with how one uses Jinja2 templates rendering blocks and macros.


Their mantra of ‘never break backwards compatibility’ is a double-edged sword.

It makes them extremely friendly to non-technical users, which I think is the majority of their userbase.

However, it makes it impossible for them to change technical decisions made in the past.


That would be fine, imo. But seeing as their new development efforts (Block/Gutenberg themes) are also making horrible decisions when they no longer have to (such as putting templating markup inside of HTML comments as JSON)[1]

E.g:

    <!-- wp:latest-posts {"postsToShow":4,"displayPostDate":true} /-->
    <div class="posts"></div>
I've lost any faith I had in their core development teams competence. I would understand if development choices made 20 years ago weren't all that great by todays standards, and never breaking backwards compatibility would be the reason it still is bad today, but their new themes can be used independently from their old themes as an entirely different implementation, so they had a chance to finally do what is industry standard, and they chose to again make it horrible to write theme markup code that is prone to errors, has no editor support (what editor supports JSON in HTML comments?) and enforces more spaghetti to be made.

[1]: https://developer.wordpress.org/block-editor/getting-started...


I think there's some confusion in your comments. The HTML comments aren't a templating language, there's no (or little) post processing when displaying this content.

They're annotations that indicate where a 'block' of content starts and ends.

The JSON data stores some values set by users for a block that can't easily be parsed from the HTML content.

The content is stored as HTML as most content a user creates is static HTML, so when displaying content much of the HTML is displayed verbatim (but without the HTML comments), and then there's only a little bit of progressive enhancement for dynamic content.

I think you're also conflating some terms, like 'themes' and 'blocks', these are two different things and launched years apart.


Not the GP, but I still remember, when I was looking for where one could set an abbreviated version of a text (I don't remember, if it was a whole post's text or some description or what.). I must have searched for 30 minutes or so, until I gave up and searched in a search engine. Imagine my disbelieve, when I saw, that they use friggin HTML comments, to indicate where to make the text cutoff. In terms of storing data cleanly in the database, this is a bad design. Also sooo unintuitive. There is a field or button for everything, but suddenly I need to put HTML comments into text. What.


You've got some pretty compelling arguments for why WordPress shouldn't work, it's I think even more interesting to figure out why it has. Especially on a site like HN, which has "terrible" UI and code, it even still uses single-pixel spacers! :)


I have not looked at the code of HN. Is it public? And what parts of it are terrible?

I think single pixel spacers and such things are of a different quality than the design (code) flaws brought up about WP though. Their impact is different. One merely influnces the layout of things while the other for example influence how whole themes are structured and how many pitfalls WP developers set up for themselves by writing unmaintainable code.


Kill the freelancer? I'm a freelancer and my favorite thing to tell cheap potential clients for the past 15 years is do their site with Wordpress and to go find a Wordpress "expert".

It exists for the broke and the cheap who are under the illusion that they need a simple website, which itself is a dead letter.


Why do you think they might be wrong when they want a simple website?


Because then he couldn't justify why these companies should continue hiring freelancers


I'm not saying they're necessarily wrong... there are certain things where a website should just be dead simple. I built a site for my mechanic, in trade for work on my car. It's like three static pages. Just something to backstop a link on Yelp and Google Maps.

I said simple websites are a dead letter, because it's no longer the 1990s. There's no cachet in them. The web is littered with simple sites that don't rank and no one ever visits. Then the owners think 'maybe I should hire SEO' or 'add a blog' and the question is "wait you built me this site, why can't you just do that for $500"? And that's why I just refer clients like that to someone who does Wordpress now. I have no interest in learning the giant pile of PHP sludge that is WP for projects that barely pay. I hardly build websites at all anymore unless they're SPAs, and only if it's functionality that can't be done with off the shelf frameworks.

To the sibling who said I'm doing this to justify being a freelancer - quite the opposite. I'm telling potential clients of a cheaper way to get what they want, and turning away work that I know is a pointless headache.


Because most non-technical people greatly underestimate all the moving parts in a website, even a simple one.

And yes some websites truly are simple and can be managed with a few Markdown pages and a static site generator (even that can be a barrier to non-technical folk), but any kind of advertising or small business website - even if it's a single page - needs the ability to be updated or managed by a non-technical person and those parts are unknown/invisible at first.

Wordpress, for all it's problems, is one possible solution that can help those people have the website they imagine or want without the sticker shock that comes with the eventual realization that their website (as a whole) is not "simple".


WordPress is simple for the user.

It’s like a lightbulb. Of course, the manufacturing of lightbulbs is a highly technical topic. However, to the user, they present a simple interface (screw it in and flip the switch).

I feel like this is a point that devs often miss. Simplicity from the POV of a user and the POV of a dev are completely different things.

The dev finds a static site generator simple, and WordPress unnecessarily complex. The user finds WordPress simple, and an SSG unusable.


It's too bad you didn't go into using WordPress for higher-end sites. We're seeing huge growth on the enterprise side, which Automattic calls VIP, including taking significant share from Sitecore, Drupal, Magento, Adobe, and many others in sites with budgets in the seven-figures and beyond.

I would say the main gating factor is the number of agencies and developers who can handle bigger clients including governments.


If I have to work with WP I always use the timber framework instead of the block/classic version

https://timber.github.io/docs/v2/


I have worked with themes that used Timber and it has its own set of quirks.

I also have an opinion that using things like Timber in WP themes just adds to the inconsistency instead of helping it. Taking over website with Timber when you never heard of it is fun.

I don't want discourage, use what you like. Just my 2 cents.


Our choice for Timber is not about consistency, is about sanity and survival.


I am by no means a Wordpress expert, but I have had to deal with moving clients sites from time to time and I have vivid memories of hardcoded absolute file system paths in the database embedded in serialized PHP that broke when trying to move their installation to a new server with mildly different pathing.


Migration is horrible right now, making it better is part of the Data Liberation focus this year.


If I recall correctly, it was double the fun when it points to the original copy of your other wp install while it’s still running.


If you adhere to development standards your users aren't locked in to your platform. They could move to better working, more manageable CMSes instead of begrudgingly having to pay someone or, better yet, move to your hosted solution to keep the platform from tripping on its own feet.

Unfortunately that could negatively affect your "Our platform powers 43.4% of all websites" marketing pitch.


Actually market effects these days make it so that clients themselves demand WordPress, and are unwilling to try any alternative platforms at all. So either I decline the client and make no money or have to use WP.


I agree that WordPress has often failed to live up to development standards, but those aren't them, those are ones that can legitimately vary between platforms.


The use of comments alongside the HTML was the result of a very long (and honestly very public) discussion, ultimately, it boils down to those reasons:

- Comments exist to define a block boundary.

- JSON inside a comment exists to load up user preferences for things that can't be easily parsed from the HTML.

- HTML has to be the final result and representations, and it has to be the source of truth.

- The outcome has to be portable to any other platform or system, you can't move the website tomorrow and get a bunch `[xyz_shortcode]`.

I encourage you to read this post by one of the senior engineers who worked on the project since its inception:

https://lamda.blog/2018/04/22/the-language-of-gutenberg/

The documentation is in itself very expansive and throughout, you should give it a read:

https://developer.wordpress.org/block-editor/explanations/ar...

Gutenberg in itself is a very versatile tool and isn't locked to WordPress btw, you can build your own editor if you want (all JS, no PHP):

https://wordpress.org/gutenberg-framework/


Quick judgments and strong opinions have unfortunately become part of the community.

Having spent the last 2-3 months working excessively on WordPress development, I would like to say a word about the excellent isolation of code with blocks ("Gutenberg"). As standalone plugins or in combination with Advanced Custom Fields, these allow for perfect, modular websites and development flows (design system), where even the HTML is 100% in your own hands. I can recommend everyone to understand and learn WordPress properly.

– no relation or connection to WordPress.


I'm doing what you're proposing literally right now.

I have a fascinating error 500 on production because somehow, somewhere, today Gutenberg and ACF w/Blocks are having a disagreement on parsing the content of a nested media field. Which could be ranging from "the user added an image description where he shouldn't have" to "a global object from a plugin is polluting other global objects passed to acf_register_block_type()".

Maybe I should call the already irate client and tell him he should avoid quick judgments and strong opinions.


By the way, the issue was cunningly appropriate for this thread: Considering that in wordpress EVERYTHING is stored in the DB as an article in the WP_POST table (Yes, even stuff like attachments, images, and the menus) an hook from a slider plugin was messing up with the image descriptions, which are stored as...the main body text of an article. Which is actually an image.

In a classic wordpress install this would just cause some weird garbage in the output, but given that in a gutenberg+ACF setup the content data is passed to the React/Block rendering engine, it would absolutely go crazy.


>Quick judgments

I think most peoples judgments have been formed over 21 years. WordPress initially gained a reputation for being a fast and easy way to setup a website, then gained a reputation for being a security nightmare.

Maybe its not anymore but people are right to be sceptical. I sure do see a lot of CVEs in the weekly update I check - maybe they're all low risk, or relate to rarely used plugins.


I think the root of bad reputation was due to various plugins and their usage pattern:

lots of non-tech users heard that they can use plugins X Y Z for fun and profit, so they started to use them, but no one told them that managing dependencies requires some skill or at least discipline; that the fact some 3rd party pluggable software exists doesn't automatically mean it's good, viable, maintainable and safe; and that things in IT don't work by means of cargo cult, copy-pasting without underdstanding and by crossing fingers. So, there was a fallacy: these people believed (and many believe until this day) that they can remain being non-tech users while maintaining their wordpress-with-plugins installation, but it's impossible; one needs to become tech-aware in the process.

I am not sure what WP community did to dissolve this fallacy; maybe they did something. maybe didn't.


We've expanded our HackerOne and other security apparatus to cover the top 100 plugins directly and do our best to work with every plugin in the directory, including many contributions from web hosts who of course want their sites to be secure. The update system has become very robust, and all the top hosts also protect their sites at the network layer so many CVEs are blocked even if the code hasn't been updated yet.


Personally (and this is just based on my gut feeling), I don’t think WP core is more insecure than other CMSes.

The real problem is the plugin ecosystem, which is not impossible to navigate for the disciplined, but at times bears resemblances to the Wild West.

So, what ends up happening is:

1. Cheap ’experts’ install every plugin under the sun.

2. One of these plugins inevitably gets pwned.

3. Headline: ‘WordPress backdoored’.


One of my first programming moments when I was a child - I naïvely opened the wp index.php to understand how it works. I remember I couldn't understand a thing except the comment in the top of the file "code is poetry".

Dear op thank you for changing my mentality about code, inspiring me and pushing me into it.


It sure seems that way until you need to get just a little bit deeper and you realize what a dumpster fire WordPress is.

You want metadata on posts, you install ACF. You want to filter on that metadata, good luck if it's over a couple filters simultaneously, the SQL queries will time out. Take a look at WP's insane schema to figure that one out.

Gutenberg promises to have WYSIWYG editable React components, which is a big deal, but they made insane decisions like storing the attributes in HTML, rendering HTML in the database, and requiring component developers to keep an array of deprecated changes when they want to modify anything on the component.

There are some people trying to untangle Wordpress by refactoring and bolting Laravel onto it[1], but every layer is just a nightmare; the authors of different parts can barely assess why things randomly break.

You might find WP appealing for the plugin ecosystem, but the plugins are completely random in implementation, so you're likely to get a bloated scramble of CSS and JS pushed to your users.

I moved to Directus and Astro, but I would probably use a Laravel-based CMS like October or Statamic for more generalized PHP deployment.

[1]: https://roots.io/


Can you recommend some of the better ways to understand and learn it properly?

(Worked with it extensively 2009-2011, including authoring/modifying plugins, but never felt like I really understood it, only vaguely understood/appreciated it)


Not parent but:

https://fullsiteediting.com will help you.

It's a great project.


What's the best skeleton theme to build your own theme on in 2024, that supports Full site editing, Gutenberg etc?

After a decade away from WP I wanted to set up a new site. The default 2024 theme doesn't meet my needs, and I couldn't find a modern skeleton theme where I could add in Tailwind and build what I wanted. I've used https://roots.io/sage/ previously but they're moving further and further away from the WP way of doing things.

Edit: or instead of a skeleton theme, a good free FSE theme to build on?


https://fullsiteediting.com/themes/ has a list, including one or two skeletons.

I am tempted by Anders Norén's Björk, which is also FSE:

https://andersnoren.se/teman/bjork-wordpress-theme/

I think I did most of my learning with Carolina's own Jace theme.

(FWIW I have always thought the roots.io stuff is a mistake, conceptually.)


I made this - it's not free, but it's FSE and Tailwind: https://sinukoduleheabi.ee/blocks/


WordPress is a great blogging CMS.

The fact that people use it for something else is what create strong opinions.

Example : woo commerce.

Products ? In the WP_POST db. Orders ? In the WP_POST db.

And in every post about WP it says that using WP_POST for storing your data is good practice.

Well I don't think it is (but it's only my opinion. A strong one).

And the problem is that a LOT of plugins and themes are like that.


FYI, WooCommerce added the ability to store orders in a separate database table.


Do you mean table(s)?


This was a bit of a reaction to other CMSes that were creating dozens or hundreds of tables, which creates a different set of problems for things like search or overly complex joins.


Anyone remember the old Spip CMS ? People used to cram every possible content in the _ARTICLES_ loop. Same mistake.


> Example : woo commerce.

> Orders ? In the WP_POST db.

No longer true, at least for new installations: https://woocommerce.com/document/high-performance-order-stor...


Ok, sorry for this example. I last worked on one about a year and a half ago.


Perhaps you mean 'table'?


But HTML is not in your own hands with WP. WP changes your HTML as it pleases. See my other comment as an example.


The thing is, there are a lot of other CMSs out there, which can do this as well with much less bloat. Statamic, Craft CMS etc.


I love Wordpress. People install it on their own, install dozens of useless, unsecure and buggy plugins ("it's easy, just clic clic clic... I love my admin panel !") and after a while their websites break and then we can charge them for a more secure and resilient solution.


Back in 2011, I had the pleasure to take a peak at the sociable plugin (#2 on their plugin ladderboard) and it was one of the more brittle and bloated piece of code I ever saw. Felt like an unfinished weekend project that dragged too long and ended up published, 5 screens long for loops over massive globals, duplicated to then do whatever.


They sure made it enticing to install plugins, if not just by putting this UI to the forefront. Also, when images aren’t compressed by default, it’s a perfect alliance with the various SEO analyzers which mandate you to compress them…


WordPress is my favorite example of "It doesn't have to be perfect, it just needs to work"

So many cool projects die because people over-complicate the first steps. You can always make it better later if people start using your thing, but first you gotta ship.


Funny, I think it proves the contrary. Wordpress effectively made their whole code base the public API, so now they’re stuck with the legacy code they have for eternity, unable to meaningfully improve it, as plugins may depend on the existing state.

It’s so bad, the PHP language developers are unable to implement some features/fixes in the language, as the Wordpress team refuses to migrate their code, which makes for a huge chunk of PHP usage. Imagine that.


This is stability. Stability is good. There is no need to change code that works just because it collides with modern taste.

If WordPress has a stabilizing influence on php that's even better. All the breaking changes of the new versions are a nightmare for an established project I work on.


Code is never just working. The environment it runs in changes, requiring refactoring things. We’re not talking about a showcase piece of artisan algorithm here, but bug-riddled legacy code reliant on outdated system packages, SQL queries that cannot use bound parameters for historic reasons and are ever-prone to injection attacks. Code that uses broken multibyte encoding, such that it is vulnerable to several attack classes. And that’s not even talking about performance. Are you seriously telling me software performance should not improved if the core functionality kinda, sorta, works?


> Are you seriously telling me software performance should not improved if the core functionality kinda, sorta, works?

I would not hesitate to take this position. Of course it depends, on how severe the bugs are, especially for the outer code (like plugins) calling it, and on how bad the performance is. But otherwise absolutely, never break user space.

> The environment it runs in changes

The web environment Wordpress runs in did not change all that much. The JS ecosystem simulates big changes, but that's all bullshit. Server code that worked 30 years ago still works - if projects like PHP don't go out of their way to break it.


> Server code that worked 30 years ago still works - if projects like PHP don't go out of their way to break it.

I'd be horrified to expose ANY software written 30 years ago to the internet, if it touches money or valuable data in any way.


> But otherwise absolutely, never break user space.

Neither the Linux kernel, nor OpenSSL, or any other reasonably complex project manages to do that over a given time frame. Sometimes you need to adapt, and things break in the process. Nobody would expect a house built 30 years ago to not require some maintenance and upgrades over time.

> The web environment Wordpress runs in did not change all that much. The JS ecosystem simulates big changes, but that's all bullshit. Server code that worked 30 years ago still works - if projects like PHP don't go out of their way to break it.

That sure sounds good, but is simply not true. We went from HTTP and FTP deployments to TLS and containers, from dialup to gigabit consumer uplink; the browser isn't a remote document viewer but a platform-agnostic virtual machine for fully-fledged applications; the web is centred around a few enormous platforms; people regularly stream GBs worth of video and expect services to deliver web apps on a variety of devices; they don't post on bulletin boards and in news groups, but use chat services; scammers distribute ransomware, steal your identity, remotely take compromising pictures from your webcam, or order stuff from your shopping accounts online. The modern web has almost nothing in common with the one from 30 years ago.


> That sure sounds good, but is simply not true.

Sure it's true. Many users are still doing deployment FTP-style, even if it's not the original protocol anymore. That the pipes are bigger just meant we could up the thumbnail size, and the browser is still also a remote document viewer for sites that don't demand more. I just today answered a support question on a bulletin board, and so on.

There are other aspects of the web today, but the old way still exists.

> Nobody would expect a house built 30 years ago to not require some maintenance and upgrades over time.

You can do upgrades of software in a way that does not break compatibility, and you can definitely always aim to minimize breakage. Wordpress is not a bad example for just that. HN itself counts as a further example. If it weren't possible we wouldn't have this thread to discuss in.


Newer PHP versions are certainly supported (and required by many hosts due to the significant performance improvements of PHP 8.0): https://make.wordpress.org/core/handbook/references/php-comp...


Wordpress requires at least PHP 7.0... and will complain about it if it's not above 7.4 (which was released in 2019).

So this to me looks like WP is progressing with PHP, just slowly.

Frankly I don't have a massive problem with this.

The speed of Laravel's PHP baseline change may be appropriate for Laravel, because it is git-managed, more easily run in a container etc., but it's absolutely inappropriate for WordPress to chase the edge.

Compared to trying to stay up-to-date with needless Node.js changes and frameworks that get EOL'd as soon as there's something more fun to play with, it's a paradise.

Why don't people build things with a decade of life in mind?


Isn't the fact that people started using WP about 25 years ago evidence against "you can always make it better"?


WP is the perfect tool for 95% of the job with the last 5% of tweaking being incredibly frustrating. I've used it extensively and it's longevity is a testament to its usefulness may it be around for another 21yrs.


To be honest, I never found WordPress easy to use. It's all flowers and rainbows as long as I can find good themes and plugins. However, it starts going south as soon as I need to make a very small custom change.


I've always considered myself an above average web developer, my friends would always have Wordpress websites, and ask me if I can just tweak a few things.

Without hesitation, I'd proclaim I could easily make those changes!

Then I'd load their site, load their plugin/theme code and css files, struggle for hours to get the desired effect, and even if I got it to work, I would break every other part of their site.

---

Denigrating anecdote aside, good job Matt, loved the story at the end.


I had the exact same thing happen years ago and I've never felt so helpless. Simple banner / color change. Ended up rebuilding the entire site from scratch it was easier.

Once you spend some time in the codebase and understand a bit of its legacy history it gets easier over time. A lot of plugins and solutions are aimed towards non-technical users and a lot of overlap. Where we might just write up some custom HTML others might install 3 plugins to make it work.


The overlap between plugins is crazy. It looks like every plugin comes with an entire SEO toolkit, a performance optimizer, a firewall and the kitchen sink. Unless you're very careful, you quickly end up with an unusable house with 5 kitchen sinks, no fridge, and 1 3/4 ovens that are perpetually trying to burn one another.


I think half the problem there is everyone offering half a house for free, but every company is offering a different half. No one wants to pay for the paid offerings that have all the features, they install one SEO plugin to get page metadata, another to get structured data / microdata, another to optimize keywords; when all they had to do was buy the premium version of Yoost, for example.

Thankfully there was a recent consolidation in a plugin called Admin & Site Enhancements (ASE). Probably got rid of 10 others with this thing. Includes duplicate post/page, admin menu cleanups & reorganization, hiding dashboard widgets, cleaning up the top bar, changing the login URL, an easy way to setup SMTP delivery, media replacement, hides the annoying admin notices, and a bunch more.


Initial setup of wordpress is super easy, but it gets very hard to maintain after a while. Updates require manual intervention, themes must be fixed, plugins deprecate. All of this adds a burden I am not willing to accept, which is why I moved all my sites to Hugo/Jekyll/Mkdocs (etc.) since about 2017.


Have you looked at WP-CLI?

A lot of the stuff you want to do can be maintained at the command line. And it even gives you a way to do some fleet management.


Automated updates are easier now, at least with well tested plugins and themes.


How about PHP updates for major versions (e.g. 7 to 8), or how about maintainability for 10+ years? I was sick of all the work that emerged after a while for some simple sites. I have about 15 websites, all focus on a specific topic, with one or two updates per year. Wordpress is too much for this. Static sites can be moved around or hosted on the most basic nginx, whereas Wordpress requires a lot more.

I am not against wordpress in general, just that I found it not suited for my purposes.


I switched to ghost, at first it was a bit rough around the edges, but since they made the global cli. It has being quite nice. For blogs, would rather use that than WP. Of course I also prefer JS instead of PHP.


What I find remarkable is that multiple people can say 'I am a Wordpress Developer' and it will translate into very different experiences and skillsets.

For some it means clicking around installing theme, plugins then writing the content of pages through the Wordpress admin.

For others it means old school php code to customize Wordpress behaviour with PHP template to write the HTML. This is called classic theme.

For yet other people it means writing JS+React with docker, CI/CD,... This is the new block theme.


For yet others, it could be all of these,

if they have chosen a diverse enough clientbase.


I wish more companies would adopt the sabbatical policy that automattic has: https://automattic.com/benefits/sabbatical/


note that in the US they have 2 weeks vacations per year, so even with 3 months sabbatical less than in Europe


This isn't true at all. The vacation policy is "Our time off policy is short: take the time that you need" and "There is no minimum or maximum, but we encourage you to take at least 25 days of time off per year".


Do you know what makes you feel old? When you read "WP" and think not of WordPress (which would now apparently be accepted as an adult in even the most conservative countries), but of WordPerfect (https://en.wikipedia.org/wiki/WordPerfect - which is now at "midlife crisis" age).


I still miss WordPerfect. I used to prefer it to MS Word. And it's been 25 years since I last used it.


One of the things that strikes me about WordPress is the way that web nerds expect to find it easy and are angered when it is not.

Like everything, it takes learning. It has opinions.

It has some crazy history (I really wish media items were not handled the way they are), but it also has methodology to it.

If I said I know Go and JS and Perl and Java and Ruby and C, and I was enraged that Rust is so hard to learn, I'd be shot down for it, rightly.

WordPress looks like it does a simple job, but actually it's a whole, quite broad platform. You might have to read some documentation for a bit.

And if you've inherited a site using Elementor, ask the people who made it how to change the simple stuff, because they will be able to help.

If you've inherited a site using Visual Composer or Divi... shoot the people who made it.

If you think Gutenberg is bad (it is very much not, now!)... oh man, Divi was a time.


I've "inherited" a website using Divi for all of its styling.

It's absolutely one of the worst pieces of commercial software I've ever seen. Just saving a blog post is capable of putting the entire website in an unrecoverable condition if there's even the slightest timeout in the execution of the terrifying javascript UI they wrote on top of Wordpress. The italian and french localization is genuinely abysmal, on par with some japanese games from the '90s. Responsive options are absolutely non-working, unless by responsive you mean "hide and show content on specific breakpoints". And even then, everything is absolutely brittle given that the front-end "theme" is basically an unreadable dump of jquery-era javascript.

I'm 100% sure nobody would use that if Elegant Themes (Divi authors) weren't massively spending on advertising.


What’s the crazy history?


Well, maybe not crazy. Just heavily legacy.

There are a few deeply frustrating things, if you ask me:

All the media files are stored in a single uploads/year/month (maybe year/month/day) directory, which can mean some very big directories of file variations

There's code that cannot be fun to support anymore, like the Pluggable functions (that still let you get Wordpress to check some external login system)

There's still really not enough of a sense of a "model" anywhere.

It still (AFAIK) stores some things in the database using PHP serialization (which is unambiguously the most annoying serialization format on earth, and means that search and replace tasks must be done in PHP)

I mean... it's hard to blame them for not wanting to break stuff, and the commitment to backwards-compatibility is very nearly unprecedented.

I think WordPress is great, and I am not judging. I'm just saying, there are decisions that might have gone better with a little more foresight. But some of them are literally twenty years old and hard to change now.

Not that WP is alone in that -- FreeCAD is just getting through its "fix a two decade legacy problem" as we speak!

Matt is right about zip uploads. I mean it's better than explaining to random users how to upload nested hierarchies over FTP, but still.


I have come across a situation, where an automatic Wordpress update (need to keep up to date, against vulnerabilities) made a site I maintain violate the law:

I used a unicode symbol for something in text. Wordpress out of nowhere and by itself decided, that it would be better to replace that symbol with a bloody svg, that is loaded from some third party. At first I could not believe my eyes, then it dawned on me, how incredible reckless they acted with that update. They must really have no clue what they are doing.

Then I scrambled to reverse this bs and tried various things, including editing the theme minimally, which originally I never wanted to do, because I do not want to maintain a theme in addition to the site. Well nothing worked, except for installing a plugin, whose sole purpose it is to reverse this stupidity.

If I had not had functionality connected to the DOM structure around my unicode symbol, I might not have noticed it, because that functionality also broke.

So there we go, WP automatically making the site violating the law by loading from third party without consent and also breaking my functionality and basically forcing me to install a plugin to correct WP core mistakes. Of course it is very clear now, that it is completely unfit for any business website, when the core developers make such bad decisions. It requires constant maintenance, even if you update nothing but WP itself. Alternatively you let it get outdated and get hacked due to vulnerabilities. Great.


Are you intentionally not mentioning which country and law?


GDPR, EU. You cannot simply load third party shit on your website, without asking for consent. By downloading an SVG from a third party provider, I would need to ask the visitor, whether transmitting their IP address is OK or not, since that is personal data. Aside form all the information associated with when someone accesses the site.


> You cannot simply load third party shit on your website, without asking for consent

That's not how the GDPR works at all. If it were, there would be no content distribution networks operating in the EU. Linking to a third party image in document markup does not involve you transmitting anything.


By including external references to third-parties, you’re effectively leaking your visitors’ IP addresses to the third-party. Those IP addresses are considered PII and are covered by the GDPR.

https://www.theregister.com/2022/01/31/website_fine_google_f...


Gotcha, thanks


My bet is EU and making it non-compliant with GDPR.


They definitely are and I would bet money it's China.


China has laws against loading content from third parties without consent? Sounds more like an EU thing.


China has laws against graphic displays of blood. I could not find a European country that does.


How is that relevant?


> Of course it is very clear now, that it is completely unfit for any business website, when the core developers make such bad decisions.

I'm not saying it is or it isn't, but I do wonder how many people are doing business with WP while never considering a donation or whatever value add for the project. At the same time maybe you do pay, maybe they already swim in money.


Wordpress doesn’t take donations. They have a payable service attached to the open source platform. And that service does not work any differently.


Automattic is valued at $7.5BN. They don’t need your donations.


WP is 21 years old, and people on HN still bishing and crying about it. How come no one has offered something that can beat WP in 21 years?


I think developers underestimate the ecosystem and community aspects. Software is definitely not a space where "if you build it, they will come". There is better codebases, but no one has held a candle to the ecosystem yet. I believe this is because the core users of WP are not it's developers, the users (admins, agency clients etc) hold a considerably larger stake in typical business engagements.

I have been doing eComm agency work for years and even if the chosen eComm platform does have a CMS, we're very often asked to integrate a wordpress site for the company's marketing/content team to use.


It’s HN. This is where WordPress comes to get bashed :-)

Although - to be fair, I’m not seeing nearly as many anti-WP comments as you’d expect here - most people are being reasonably balanced with their criticisms.

As a long time WP agency owner I agree with a fair number of the comments.

My main beef now with the platform is that there are three fairly distinct types of WordPress in 2024.

1) “Classic” WordPress with no Gutenberg: great for data rich sites where you want many custom post types and taxonomies

2) “Gutenberg” WordPress for rich front end editing

3) “FSE” WordPress for quickly throwing up a one pager or simple brochureware site

I wish WP was a bit more vocal about explaining these types and how they differ. And in fact I think they’re sufficiently distinct that the installation path should be explicit about these types and which to choose.

There are of course endless things that really should be in core and not provided by plugins - it’s sometimes galling to have a team pushing endless changes out to Gutenberg when the underlying software doesn’t have obvious stuff. Page duplication, acf style custom field support, rich seo, sitemaps, better media handling, etc - all of this should just be there without plugins.

But - as said above, it’s easy to snipe and overall I bloody love most of the whole ecosystem :-)


> 3) “FSE” WordPress for quickly throwing up a one pager or simple brochureware site

You can have a full fledged site and blog using it. Not sure what you mean by this comment.


Nah, that’s not how it works. People are also complaining about the quality of Google‘s search results, but has anyone come up with a something that can beat them?

Technically, yes! But practically, Wordpress has such a velocity, it’s mostly impossible to stop at this point. There’s an ecosystem of millions of plugins, themes, entire agencies around Wordpress, that’s something you can’t really solve. So just because Wordpress sticks around doesn’t mean it’s the superior solution; it just happened to suck less than the competition a decade ago.


People are also complaining about JS/PHP/Python, Excel, JIRA, people-complaining, Windows, Teams, Google, death of RSS, ...

I think it helps some people re-evaluate their decisions, helps products to get some unfiltered feedback, and perhaps motivate entrepreneurs to analyze the market needs. What's there to complain? :)


It's more objective if you compare by carbon footprint among others and how you build your site.


Meaning there is always challenges is all software and everyone has different expectations, I don't see why I get downvoted.


> WP is 21 years old, and people on HN still bishing and crying about it. How come no one has offered something that can beat WP in 21 years?

https://en.wikipedia.org/wiki/Economic_moat

https://en.wikipedia.org/wiki/Barriers_to_entry

https://en.wikipedia.org/wiki/Sunk_cost#Fallacy_effect

Something can be mind-numbingly bad, yet be almost impossible to dislodge.


WordPress is not the blogging solution humanity deserves, but the one that was needed. Customising a base and installing plugins as opposed to devving a blogging platform allows a huge portion of people to create internet businesses who otherwise wouldn't. I get that there are supposed better solutions now, but this was not the case a few years ago. And there is a lot of WordPress content out there for novices to learn web dev.

My sister co-owns a very basic architecting firm, and they have figured out WordPress based on online materials to design a website that suits them pretty well. Maybe that is not the long term solution for them, but it is a very productive place to start for a small business.


> better solutions now

What better solution for self-hosted websites that can be jump started by anyone and provide the kind of flexibility that WP provides?


It really depends on your needs. Are there many alternatives more flexible than WP? No. But that is begging the question. The vast majority of people don't need the kitchen sink that is WP, and would be better served by utilizing one of the many products and platforms that have cropped up to fill more specific niches since the inception of WP.

Just need a blog? Maybe want it to be a newsletter? Ghost, Medium, Substack, etc

Want an online store? Shopify, Checkout Page, etc

Need a sexy website that doesn't take coding? Squarespace, Framer, etc

You get the idea.


Out of all your examples, only Ghost is self hosted. Not everyone wants to or is able to afford a $20/month provider, especially small businesses outside the US.


Given that your previous comment said "can be jump started by anyone", self-hosted is definitely not a reasonable requirement.

Self-hosted WP cannot be jump started by anyone, and in the limited cases it can (very, very limited WP), you're probably not spending much less than $20/m.


I will always fondly remember that time i was in college (~2011), and created a fully working social network for my classmates using WordPress and ungodly amount of Plugins, and ducktape code I barely understood.

A user profile display was ~30 SQL queries (who needs cache), and my poor 5$ VPS was sweating ...

learned a lot on what not to do! fun times !


30 SQL queries are basically normally functioning WordPress, it's a bit more unusual when it gets to 150+ queries zone :)


I remember laughing because one of the plugins was storing the HEX color value of a small banner in a DB and for every page load it needed to fetch it again even if the banner was nowhere on the page.

Suddenly it changed my look on all all those "easy" knobs and fields from the admin panel and they looked very costly


I wish wordpress did fewer things but did them better. There should be something that is a notch better Jekyll but doesn't get gross when you install a dozen plug-ins. Out of the box wordpress produces a very slow and bandwidth heavy site.


If you need a simple site now you barely need any plugins at all. Something for a contact form, maybe.

You do have to lean in slightly to how Gutenberg and Full Site Editing works -- I recommend this amazing documentation site:

https://fullsiteediting.com


Have you given Dotclear a try?


* Google for “Dotclear”, get the first result with no description (“No information is available for this page. Learn why”) - not a good first impression

* Dotclear website’s theme is ugly verging on purposefully ugly. At least WP default themes look decent

* Click on “About” to see what this runs on (homepage doesn’t tell me), nothing loads. Oh! I have to click one of these header tabs/links, odd… “About” -> “Overview” still doesn’t tell me what language this is written in. Click “Pre-requisite” finally see it’s PHP+(MySQL/Postgres/SQLite)

For software that’s been around since 2003 I kind of expect better and I expect have heard of it since back in 2009-2011-ish I was doing a fair bit of WP development.


I prefer something like Django to build more complex websites against for clients, or just pure PHP for blog style stuff for myself. WP level sites wouldn’t hire me as two days of my work is as expensive as years of WP hosting.

But I admire the way the web was democratized with these CMS’es.


In a vertical where the barrier to entry is not high, being first to market with something simple that people can extend can create a decent-sized moat.

The downside is that much of the code in WP core is effectively un-modernizable, given how much depends on things working a certain way. Key classes and functions haven’t been meaningfully updated in over a decade.


I was on the team that built news.com.au, which, along with the other news sites we set up in a multi tenant WordPress setup, was at the time the largest commerical WordPress site in the world, getting something like 500 million monthly page views. We made extensive use of caching to say the least.


>> "Almost every site would be improved by having a great blog."

Unfortunately, WordPress seems to move further and further from this every year. I've used WordPress from near the start, and the editor is so top-heavy now that I get anxiety opening it. Switching to Ghost (with a nice little $4/month managed host[0,1]) was a breath of fresh air.

It doesn't do all the things WordPress does, but it does the things it does do better. Especially newsletters and pay gating.

[0] Referral link: https://magicpages.co?aff=9fLJierQBpnV

[1] Non-referral link: https://magicpages.co


I remember a time when WordPress was "easy". Nowadays starting from a clean install and customizing the appearance and modules has actually become quite difficult. Even the usage workflow feels bloated.

These days I prefer Dotclear as a blog engine. It also has grown in complexity over the years, but not quite as much and still feels like nothing is getting on your way.

This is from the point of view of someone knowing how to program and the languages involved (PHP, SQL, HTML, CSS, etc.) but who's not a professional web developer and even less a professional WordPress-based developer (since this is now actually a thing).


I avoided wordpress like a plague. Used stuff like django, flask, grav and who knows what. But recently I had to make a website with lots of unknowns which needed to be authored by dummy users and I just said ** it and went with wordpress.

What I struggled with are: 1) Interesting site design, 2) custom functionality through plugins, 3) making it easy to add pages and blog posts with a nice editor.

I'm glad open source solutions exist, but I swear, they always have drawbacks. Either they are code heavy, plugins are out of date, maintenance takes a lot of time or there is no way to easily design a page.

So for Wordpress I bought Oxygen, for which you can still buy a lifetime license for, and oh my god, even I can make a nice, responsive website without touching code. It's such a game changer.

I think lots of people avoid wordpress because of security. But that is not primarily a wordpress fault. Linux & PHP complicates it a lot. And I'm sure those other open source projects have severe bugs, too, but nobody knows or talks about them.

What could bring down wordpress, imho, are expensive license fees for plugins. Who wants to spend 50 to 100 bucks per year and per page for a builder plugin? Everyone wants one, but no one wants to pay yearly. And it seems that all plugin makers are starting to go that way.


I agree about builder plugins -- they are expensive mossy lock-in.

WordPress now has a full-site editing system that lets you GUI edit the templates that are in the normal flow. It is not what I would call easy to master at the code level, but there is a global styles system and a way to use Gutenberg blocks to control layout outside the main content flow.

So we are getting towards a point where page builder plugins won't be needed for skilled shops. But IMO until there are really easy to use themes based around FSE (there may be some), small design shops are still likely to use Elementor, which is a slow, frustrating experience (slower and more frustrating than Squarespace can be)


My gf has a WP ecommerce site that her business revolves around, it was built buy some local guys doing WP development who have an agency solving problems just with WP. She told me how fast they were able to iterate and solve all their problems. The site has a bunch of plugins integrating various social services, ad tracking, SEO and whatnot.

The site generates PDF shipment labels for parcels, one day her sales got high enough to buy a label printer, one that spits out 10x15cm stickers. The problem - PDFs from the site come out as A4 and text gets tiny if squeezed to fit into that sticker. She asked her developers to fix it, they said it's impossible and refused. Now that's interesting, nothing is impossible I shouted with my nerd hat on. I'm in the tech space for a good few decades now, I have FAANG experience, complex systems are my thing!

I spent 5 hours diving through tons of spaghetti code plugins masquerading as highly abstracted set of interfaces to arrive at the conclusion that these guys were right, the PDF blob comes from the shipment company's SOAP API, though it's obfuscated deep enough. In the end I solved it with a simple PyQT+fPDF UI utility to crop out the printable parts and project them onto the right sized canvas for printing, it took me 2h to complete with binary packaging and all, less time than it took to understand why the WordPress site can't do it natively, and much less than than it would have taken me to integrate this PDF modification into WordPress. These guys were basically right.

Her site now backs up to 4GB zip with photo assets. I dread the day when her site goes down due to some "hack" but I have no idea how to replicate this functionality for this cost without WP. No way in hell I would say I can do it from scratch for her, my previous Web dev experience doesn't matter at this point. Shopify? Sigh.


4GB? Those are rookie numbers. I have a site where /wp-content/ is 20GB. Tens if not hundreds of thousands of images that have been auto generated by WordPress because of how thumbnails and minifaction works, but also converting images to WebP. And if you delete old posts or any other content, the images stay.

And it’s my understanding that there is no safe way to remove unused images. I have tried to do it using the in-built media manager but eventually I gave up because it’s tedious and I don’t want to risk leaving pages without images by accident.


But 20GB is not a big deal these days, even cheapest hosting solutions give "unlimited" storage (only limited by inodes mostly, but those go into absurd numbers too).

In my eyes it's more optimal to just don't worry and take the WordPress site as simply a tool - yes, it will break after 5 years, but by that time you would have needed new site anyway.


Surely there is a plugin for that.


I have a handful of different personal web apps spinning away, and other critical-path ones for work.

Nothing though gives me the feeling of dread that I get when my partner's business WP site goes down and she asks if I can take a look.


It's amazing how much lock-in you get by developing ecommerce sites with WP for clients. Her site was recently down, just didn't load. She paid a few hundred for the agency to take a look, they said they updated plugins and "removed viruses" and all is good again. If you're someone not technical or without a huge sum of money to pay someone to replicate the functionality to migrate off WP you're on the hook for the life of business.

You can migrate hosts but that's about all the freedom you have, paying Shopify 20-30 USD / mo is nothing compared to what you'll have to eventually pay with WP if you build your business around it IMHO.


Same thing happened here recently, connection limit on the shared hosting's mysql.

If I hadn't named the exact issue for her in her communications I'm sure a consultant would have happily shaken her down for the same.

To be fair though, we get the same at work with Salesforce consultants


Wordpress is the SMS of the Internet. There are hundreds of alternatives that came and went.


It's the PHP of the CMS world.


... in PHP.


Congrats Matt! WordPress enabled lots of people to push their own boundaries in the internet. Looking forward to celebrate the next 21!


WordPress is proof that clean code doesn't matter. Security doesn't matter. Out of the box performance doesn't matter. At least none of these matter if you are the 800 lb gorilla in the market and everyone else is trying to take a piece out of you.


>if you are the 800 lb gorilla in the market

but it didn't start out as an 800 lb gorilla. Simply saying it's an 800 lb gorilla in the room is lazy.


No, but there weren’t any good contenders at the time, and Wordpress quickly grew from that cute baby gorilla into the massive beast we have now. We could also say that Google didn’t start as a world-spanning empire of search engine moat. Yet it is now, and it’s hard to build a new search engine unless you’re a multi-trillion dollar company (and it’s hard even for them apparently).


> No, but there weren’t any good contenders at the time,

Well yes and no. They were very few good blog focused CMS at the time. A contemporary one that comes to my mind and that actually predate Wordpress was Dotclear (which is still alive and still focusing on blogging). More general CMS like Typo3, Drupal, SPIP, Plone to name only a few open source ones were already around too and much more capable than Wordpress was.

What Wordpress did very well at the beginning, was focusing on one thing: blogging for non technical people. It was a much more limited software but that made it much easier for so much people. And it came exactly during the blog boom and only with time became a more general purpose CMS. But if you had to build a website for your business it was a very bad choice at the time.

Bottom line: making good software is one thing, but timing is everything.


It's funny because a lot of our growth has come from being one of the early CMSes to be completely W3C / XHTML compliant out of the box, security improvements including our update system give us auto-update numbers better than Android (but not as good as Chrome or iOS), and client-side performance and SEO performance are a huge reason why people choose WP! Some things are in the eye of the beholder.


The only things that matter are a decent admin UI and the illusion of choice of free plugins - most plugins are useless in 2024 because they have a pro version. When you add up the annual costs of all pro versions, the "free" WordPress (which requires a beefy hosting plan) becomes the most expensive and hardest to keep up publishing system nowadays!


Can’t blame the plugin authors, a freemium Wordpress plugin is about the best possible source of passive income there is. Have a security issue? Take your time, they are coming anyway!


I blame them as they usually don't know how to price their plugins to get real revenue.


From a business perspective the significant part of the website costs are man-hours for setup and maintenance.

Got something to say about how WP compares to others when it comes to man-hours (assuming you can buy any and all plugins you want)? Honest question, because I have no idea about CMS.


But they overprice and they forget people use multiple plugins, so I use a third-party service that leverages GPL to offer most premium themes and plugins for a low annual fee.


So basically you just want the functionality without paying for it.

> they overprice and they forget people use multiple plugins

People who complain about the prices also forget that a lot of these plugins take months or years to develop. You’re (we’ll not you since you made it clear you don’t pay the devs) literally getting thousands of man hours for like 60 bucks per year.


I never said that - they need to price adequately. 99% of the plugins are just overpriced junk that's not worth even 1% of what they ask for it.


You said you’re buying from an unauthorized reseller because you don’t want to pay what they ask for. If you don’t agree with their prices that’s totally fine. But then why use their products? You want to use them but you don’t want to pay the developers.


Unauthorized?! It's 100% legal! Maybe not 100% moral, but I needed this for a nonprofit. I donated GiveWP to this and 2 more nonprofits - it costs me $420 per year and it's worth it. But no plugin developer offers a nonprofit discount, and the pricing is just cost-prohibitive. So, I donated the lifetime plan for GPL Vault. Keep in mind, that I could've decided not to pay for GiveWP as it's available from GPL Vault, but because I know it's a complex piece of work... although extremely buggy, I wanted the developers to continue the development and fix those bugs at some point far in the future, but the other stuff is just nice-to-haves and not worth the asking price.


> clean code doesn't matter. Security doesn't matter. Out of the box performance doesn't matter.

Absolutely so. Those are things for people to play, while the only thing taht matters is value. Does clean code provide value? No. Does security? No either.


> WordPress is proof that clean code doesn't matter.

At least it isn't Magento.


I like Wordpress and it’s the CMS of choice for almost every situation, but Gutenberg has been out for a long time and it’s still far from good enough. Both as an enduser and as a developer.


Haven't used it a lot in the last decade, but WordPress was great for quickly setting up a basic website that needs a nice beginner friendly CMS.

Just make sure you stick to the base theme with a custom child theme and only use a select few plugins (like custom fields and contact form), that don't stab you in the back or begin to fight with each other later on.

I just still don't understand how Gutenberg is an improvement. It's so clunky and confusing to get even the most basic things done with it.


My first computer software related job was creating Wordpress powered web sites from photoshop documents. Thank you to the creators for making that possible!


Would be interested to hear other people’s favorite paid WordPress plugins.

A couple essential ones for me are Advanced Custom Fields Pro and Admin Columns Pro.



No matter how long it has been, on the one hand, WordPress can be seen as a victim of its success, as widespread adoption has led to various challenges such as security vulnerabilities and performance issues after maintining clients' website for the past 3 years. There are remaining security that is essentials and yet not many website does it correctly.


I checked it out around the same time Mark Pilgrim moved to it. Movable Type came and went but to their credit they tried a GPL version but sadly OpenMelody never caught on.


21! At this point WP is “boring technology” which makes it a great choice for many sites. It still does much that's hard to get anywhere else:

- The core update process. It's long been one-click. Almost no other CMS or self-hosted framework offers as smooth an update process. (With Laravel, for example, I end up paying for Laravel Shift and even then it requires manual intervention that would be hard for a non-dev to handle.) For WP, services now exist to do automated updates with health checks and rollbacks to counter potential plugin incompatibility[1].

- The plugin ecosystem. WP went from "democratizing publishing" to "democratizing user-owned sites and businesses". From learning management systems to stores to paid newsletters, it's pretty cool what people with no programming experience can spin up.

Things I'd love to see for WP in the next 21 years (that we'll probably get sooner if enough people contribute):

- Built-in multilingual support. The web is global but WP isn't really, yet, except via third-party plugins. It's on the roadmap[2] but it's been a long time coming.

- Improved education around Full Site Editing (FSE) and the new editor. The tools are getting good now, but there's still an education gap. Lots of people are helping to close this, though. Jamie Marsland's YouTube videos do a great job of showing what's possible with FSE, for example. [3]

- Background batch processing/queues. These are only available via third-party solutions (and bundled with things like WooCommerce), but should probably be built into core.

- SQLite support. Already pretty good but not officially supported in core yet.

- Built-in site migrations. Also on the roadmap.[4]

- Enhanced Playground tech. Distributing WP as a single binary for dependency-free local development (i.e. without Node.js) feels achievable and worthwhile.

- Version control. It's too hard to store a WP site's state in a git repo and keep that synced with production and staging environments, especially when those with admin access can install and upgrade plugins independently of the repo.

[1] Like Automattic's own scheduled updater on WP.com (https://wordpress.com/blog/2024/05/20/scheduled-plugin-updat...) and WP Engine's Smart Plugin Manager (https://wpengine.com/smart-plugin-manager/).

[2] Current state of multilingual sites in WP: https://developer.wordpress.org/advanced-administration/word...

[3] I like Jamie's videos showing how to recreate famous layouts with FSE: https://www.youtube.com/watch?v=WrdXCSIP578

[4] Site Transfer Protocol: https://core.trac.wordpress.org/ticket/60375


That's a good list, there's cool stuff coming with many of those! SQLite support will be official if it's not already thanks to the Playground work.

https://wordpress.org/playground/


WordPress is special - though I don't work with it anymore, I have enjoyed seeing newer developers solve problems with it


I'm getting old. I really thought for a moment that the title was about Word Perfect 2.1.

Dann I miss the underwater screen.


Kudos, WordPress.


> 1. Simple things should be easy and intuitive, and complex things possible.

Yeah. Like, for example, forcing users to install the "Classic Editor" plugin to use, well, a normal editor that is more than sufficient for a blog.


Or one plugin no working with another and having to try all permutations to see which breaks which - that's simple and intuitive!


WordPress is simultaneously amazing and terrible. At its best, it's a highly extensible free and open source CMS that's incredibly easy to set up and customize. For that matter, its core has reasonably good security and performance before third-party themes and plugins are added into the mix.

The problem comes in with how many basic GUI-based features it's still missing out of the box 21 years later. Take, for example, the curious case of the lack of post cloning; Why is there still no "Duplicate Post" button in the core after 21 years? Why are over 4 million websites being forced to keep a third-party "Yoast Duplicate Post" plugin active in order to access a very basic CMS feature? The same goes for other GUI-based tasks like logging outgoing emails (WP Mail Logging), or viewing the scheduled cron jobs (WP Crontrol), or letting an admin temporarily switch to another user's account (User Switching), or downloading a one-click backup of the site regardless of host (All In One WP Migration), or managing the SMTP settings (FluentSMTP), or managing URL redirects (Redirection), or enabling SVG uploads (SVG Support).

The fact that many of those tasks can be accomplished through small code snippets in the child theme is great and all, but that doesn't help the average WordPress site owner who is barely tech literate and would be more likely to break the site than successfully copy a hook over to the correct file. It's not uncommon to find WordPress sites with 50+ plugins installed, a good chunk of which are abandoned and have multiple code vulnerabilities, yet still find the time to clog up the dashboard with useless "notices", AKA advertisements for their other products.

I could understand a lot of the missing functionality if WordPress was still a small FOSS project with no real funding and a few irregular volunteers, but the fact that's it's grown into what it is without any real plan to address those issues is just so frustrating. I've made a few small contributions to the core and read through a bunch of tickets for longstanding issues, and it's clear that time or funding aren't the problem; it's that the maintainers have an attitude of "We don't personally need that feature ourselves, therefore it can just be a third-party plugin", which might sound fine on paper, but...

Ever clicked on a Google link, only to catch a quick glimpse of the real site before being redirected to an "UPDATE CHROME NOW" or "CRITICAL MICROSOFT ALERT" or "CHEAP PHARMA PILLS" website? There's a 99% chance that site is running WordPress and has dozens of plugins and got hacked at some point, and if you try to message the site's owner to tell them what's happening and how they can fix it, they'll think you're crazy or a scammer and leave the malware there because it intentionally hides itself to logged in users. I'm not exaggerating about that percentage, either; WordPress runs a massive chunk of the modern web (excluding major social media websites), and the failure to quash the need for so many common plugins has made them a goldmine for bad actors to inject redirects and SEO spam.


> Take, for example, the curious case of the lack of post cloning

The percentage of users that need this functionality is exceptionally low. If WordPress bundled every feature that some percentage of users could ever need, we'd have the opposite problem. The GUI would be an endless mishmash of features that most people don't need.

> There's a 99% chance that site is running WordPress and has dozens of plugins and got hacked at some point

I don't know about these statistics, but I take your point. Although I'm not so sure this is as big a problem in recent years. The WordPress team has made big improvements in improving the quality of the WordPress plugin repository.

The reality is that WordPress is a big target. Even if they included all the features from the top 1000 plugins (which would cause an uproar), there would still be a huge market for plugins and some of those plugins would have security vulnerabilities.


> The percentage of users that need this functionality is exceptionally low.

I am not sure about this -- I do know users who rely on post-cloning to update their sites. And I don't think it's unreasonable that this functionality should be fore.

But what I would say is, it's not a slam-dunk as a piece of generalised functionality, though it might be possible to implement it fairly completely for the core post types.

It would almost certainly need new core hooks. There are questions for example about who can clone whose posts -- do the editing and ownership mechanisms need updating, etc. And it might need reassessing in the Gutenberg era.

I've found post cloning plugins to be an adequate solution here.


> should be fore

= should be in core.

Goodness knows how that typo happened.


<< Static websites are fine, but dynamic ones are better.>>

Nah


WordPress is the biggest bowl of spaghetti code in production! 21 years of carbicide!




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: