Category Archives: WordPress

WordPress 14

IMG_7931.JPG

Today is 14 years from the very first release of WordPress. The interface I’m using to write this (Calypso) is completely unrecognizable from what WordPress looked and worked like even a few years ago. Fourteen years in, I’m waking up every day excited about what’s coming next for us. The progress of the editor and CLI so far this year is awesome, and I’m looking forward to that flowing into improvements for customization and the REST API. Thanks as always to Mike for kicking off this crazy journey, all the people chipping in to make WordPress better, and Konstantin and Erick for surprising me with the cool cake above.

WP Growth Council

WordPress

In the WordPress world, when we look back an 2016 I think we’ll remember it as the year that we awoke to the importance of marketing. WordPress has always grown organically through word of mouth and its passionate community, but the hundreds of millions being spent advertising against WP has started to have an impact, especially for folks only lightly familiar with us.

I’ve started to hear about a number of folks across many WordPress companies and industries working on this from different angles, some approaching it from an enterprise point of view and some from a consumer point of view. There’s an opportunity for learning from each other, almost like a mastermind group. As the survey says:

Never have there been more threats to the open web and WordPress. Over three hundred million dollars has been spent in 2016 advertising proprietary systems, and even more is happening in investment. No one company in the WP world is large enough to fight this, nor should anyone need to do it on their own. We’d like to bring together organizations that would like to contribute to growing WordPress. It will be a small group, and if you or your organization are interested in being a part please fill out the survey below.

By working together we can amplify our efforts to bring open source to a wider audience, and fulfill WordPress’ mission to truly democratize publishing.

If this sounds interesting to you, apply using this survey.

Dance to Calypso

Automattic, WordPress

One of the hardest things to do in technology is disrupt yourself.

But we’re trying our darndest, and have some cool news to introduce today. When I took on the responsibility of CEO of Automattic January of last year, we faced two huge problems: our growth was constrained by lack of capital, and the technological foundations of the past decade weren’t strong enough for the demands of next one.

The first has a relatively straightforward answer. We found some fantastic partners, agreed on a fair price, issued new equity in the company to raise $160M, and started investing in areas we felt were high potential, like this year’s WooCommerce acquisition. This “war chest” gives us a huge array of options, especially given our fairly flat burn rate — we don’t need to raise money again to keep the company going, and any capital we raise in the future will be purely discretionary. (Since last May when the round happened we’ve only spent $3M of the investment on opex.)

The second is much harder to address. The WordPress codebase is actually incredible in many ways — the result of many thousands of people collaborating over 13 years — but some of WordPress’ greatest strengths were also holding it back.

The WordPress codebase contains a sea of institutional knowledge and countless bug fixes. It handles hundreds of edge cases. Integrates constant security improvements. Is coded to scale. Development moves at a fast clip, with six major releases over the past two years and more around the corner. Its power and flexibility is undeniable: WordPress just passed a huge milestone, and now powers 25% of the web. You can run it on a $5-a-month web host, or scale it up to serve billions of pageviews on one of the largest sites on the web, WordPress.com.

The interface, however, has been a struggle. Many of us attempted to give it a reboot with the MP6 project and the version 3.8 release, but what that release made clear to me is that an incremental approach wouldn’t give us the improvements we needed, and that two of the things that helped make WordPress the strong, stable, powerful tool it is — backward compatibility and working without JavaScript — were actually holding it back.

The basic paradigms of wp-admin are largely the same as they were five years ago. Working within them had become limiting. The time seemed ripe for something new, something big… but if you’re going to break back compat, it needs to be for a really good reason. A 20x improvement, not a 2x. Most open source projects fade away rather than make evolutionary jumps.

So we asked ourselves a big question. What would we build if we were starting from scratch today, knowing all we’ve learned over the past 13 years of building WordPress? At the beginning of last year, we decided to start experimenting and see.

Today we’re announcing something brand new, a new approach to WordPress, and open sourcing the code behind it. The project, codenamed Calypso, is the culmination of more than 20 months of work by dozens of the most talented engineers and designers I’ve had the pleasure of working with (127 contributors with over 26,000 commits!).

gm-2015-final

Calypso is…

  • Incredibly fast. It’ll charm you.
  • Written purely in JavaScript, leveraging libraries like Node and React.
  • 100% API-powered. Those APIs are open, and now available to every developer in the world.
  • A great place to read, allowing you to follow sites across the web (even if they’re not using WordPress).
  • Social, with stats, likes, and notifications baked in.
  • Fully responsive. Make it small and put it in your sidebar, or go full-screen.
  • Really fun to write in, especially the drag-and-drop image uploads.
  • Fully multi-site for advanced users, so you can manage hundreds of WordPresses from one place.
  • Able to manage plugins and themes on Jetpack sites, including auto-upgrading them!
  • 100% open source, with all future development happening in the open.
  • Available for anyone to adapt to make their own, including building custom interfaces, distributions, or working with web services besides WordPress.com.

A lot of people thought we should keep this proprietary, but throughout my life I’ve learned that the more you give away, the more you get back. We still have a ton to figure out around plugins, extensibility, contributions, Windows and Linux releases, API speed, localization, and harmonizing the WordPress.com API and WP-API so it can work with core WordPress. Thousands more PHP developers will need to become fluent with JavaScript to recreate their admin interfaces in this fashion. I’m also really excited to revisit and redesign many more screens now that we have this first version out the door.

This is a beginning, not an ending. (1.0 is the loneliest.) Better things are yet to come, as all of you dig in. Check out these links to read more about Calypso from different perpsectives:

This was a huge bet, incredibly risky, and difficult to execute, but it paid off. Like any disruption it is uncomfortable, and I’m sure will be controversial in some circles. What the team has accomplished in such a short time is amazing, and I’m incredibly proud of everyone who has contributed and will contribute in the future. This is the most exciting project I’ve been involved with in my career.

With core WordPress on the server and Calypso as a client I think we have a good chance to bring another 25% of the web onto open source, making the web a more open place, and people’s lives more free.

If you’re curious more about the before and after, what’s changed, here’s a chart:

Whats-New-WPcom@2x

 

A Bank Website on WordPress

WordPress

There’s a thread on Quora asking “I am powering a bank’s website using WordPress. What security measures should I take?” The answers have mostly been ignorant junk along the lines of “Oh NOES WP is INSECURE! let me take my money out of that bank”, so I wrote one myself, which I’ve copied below.

I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.

In terms of security, there are a two simple points:

  1. Make sure you’re on the latest version of core and all the plugins you run, and update as soon as new version become available.
  2. Use strong passwords for all user accounts. For extra credit you could enable a 2-factor plugin, use Jetpack’s WordPress.com login system, or restrict logged-in users to a certain IP range (like behind a VPN).

If your host doesn’t handle it, make sure you stay up-to-date for everything in your stack as well from the OS on up. Most modern WP hosts handle this (and updates) for you, and of course you could always run your site on WordPress.com VIP alongside some of the top sites in the world. If you use any non-core third party code, no harm in having a security firm audit the source as well (an advantage of using open source).

For an example of a beautiful, responsive banking website built on WordPress, check out Gateway Bank of Mesa AZ. WordPress is also trusted to run sites for some of the largest and most security-conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures, NASA, and literally hundreds more.

As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.

If you wanted any help on this feel free to reach out to Automattic as well, we have a decade of experience now dealing with high-risk, high-scale deployments, and also addressing the sort of uninformed FUD you see in this thread.

If you’ve developed a major bank site in WordPress leave a link in the comments.

State of the Word 2014

WordPress

Yesterday I delivered the State of the Word address to the WordPress community, and the video is already up on WordPress.tv.

Here are the slides if you’d like to view them on their own:

If you just want the bullet points, here are the big things I discussed and announced:

  • There will be 81 WordCamps in 2014.
  • This was the 9th and final WordCamp San Francisco in its current form. We’ve maxed out the venue for years, so next year we’ll do a WordCamp US at a location and date to be determined.
  • Milestone: 2014 was the first year non-English downloads surpassed English downloads of WordPress.
  • 33k took our survey: 7,539 (25%) of survey participants make their living from WordPress. Over 90% of people build more than one site, and spend less than 200 hours building one.
  • We’ve done five major and seven minor releases since the last WCSF, and have had 785 contributors across them.
  • WordPress market share has risen from 19% in 2013 to 23% now.
  • We now have 34k plugins and 2.7k themes, and have enjoyed record activity on both — including plugins passing 1,000,000 commits.
  • 16 releases of our mobile apps, Android and iOS.
  • Code Reference launched.
  • 105 active meetup groups in 21 countries, with over 100 meetup and WordCamp organizers present at the event.
  • Internationalization will be a big focus of the coming year, including fully-localized plugin and theme directories on language sites and embedded on dashboard in version 4.1, which is coming out December 10th.
  • Better stats coming for plugin and theme authors.
  • Version fragmentation is a big challenge for WordPress, only a quarter of users are currently on the latest release.
  •  This is also a problem for PHP — we’ll be working with hosts to help with version fragmentation, as well as to get as many WordPress sites as possible running PHP 5.5 or better.
  • Showed off 2015 theme.
  • We will be testing a workflow for accepting pull requests on our official WordPress Github repository before the end of the year.
  • For the first time in 11 years we’re switching away from IRC as our primary communication method. We’ll be moving to Slack, which has helped us set up so that every member of WordPress.org can use it. (During the keynote address the number of people on Slack surpassed our IRC channels, and is currently over 800 people.) Sign up at chat.wordpress.org.
  • Five for the Future, with Gravity Forms and WPMU Dev committing to donate, and Automattic now at 14 full-time contributors to core and community.
  • We need to work hard to harmonize the REST API plugin and the WordPress.com REST API.
  • The mission of WordPress is to democratize publishing, which means access for everyone regardless of language, geography, gender, wealth, ability, religion, creed, or anything else people might be born with. To do that we need our community to be inclusive and welcoming. There is a sublime beauty in our differences, and they’re as important as the principles that bring us together, like the GPL.

Five for the Future

Essays, WordPress

On Sunday at WordCamp Europe I got a question about how companies contribute back to WordPress, how they’re doing, and what companies should do more of.

First on the state of things: there are more companies genuinely and altruistically contributing to growing WordPress than ever before. In our ecosystem web hosts definitely make the most revenue and profits, and it’s been great to see them stepping up their game, but also the consultancies and agencies around WordPress have been pretty amazing about their people contributions, as demonstrated most recently by the fact the 4.0 and 4.1 release leads both hail from WP agencies (10up and Code for the People, respectively).

I think a good rule of thumb that will scale with the community as it continues to grow is that organizations that want to grow the WordPress pie (and not just their piece of it) should dedicate 5% of their people to working on something to do with core — be it development, documentation, security, support forums, theme reviews, training, testing, translation or whatever it might be that helps move WordPress mission forward.

Five percent doesn’t sound like much, but it adds up quickly. As of today Automattic is 277 people, which means we should have about 14 people contributing full-time. That’s a lot of people to not have on things that are more direct or obvious drivers of the business, and we’re not quite there today, but I’m working on it and hope Automattic can set a good example for this in the community. I think it’s just as hard for a 20-person organization to peel 1 person off.

It’s a big commitment, but I can’t think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.

Further reading: There’s been a number of nice blog follow-ups. Post Status has a nice post on Contribution Culture. Ben Metcalf responded but I disagree with pretty much everything even though I’m glad he wrote it. Tony Perez wrote The Vision of Five and What it Means. Dries Buytaert, the founder of Drupal, pointed out his essay Scaling Open Source Communities which I think is really good.

WordPress & Techmeme 100

WordPress

Whenever I visit a site I can usually tell whether it’s WordPress or not within an instant — there’s just something about a WordPress site that is distinctive. Super-clean permalinks are usually a dead giveaway. One thing I’ve been noticing a lot lately is on my guilty pleasure for tech news, Techmeme, it seems like almost every link I click is to a WordPress-powered site. Fortunately Techmeme provides a leaderboard showing both rank and % of space a site has taken up in headlines in the past thirty days.

The list changes almost every day but went ahead and took a snapshot of the top 100 as of January 16th and ran down the platform for each one, here’s how it ended up:

techmeme-100-cms

WordPress comes in at 43%, custom or bespoke systems at 42%, and then the others. When you take into effect Techmeme’s “presence” factor WP jumps to 48.8% of presence in the top 100 and all Blogsmith, Drupal, Blogspot, Tumblr, and Typepad combined are 8.4%. If you curious of the raw data, here’s the spreadsheet with the platforms.

This is just a snapshot, it’d be interesting to see how this evolves over time. It’s a small slice of the world of websites, but a very influential one. I’ve actually reached out to Gabe Rivera a few times to sponsor the leaderboard page, putting a W logo next to the ones that run WordPress in the table, but nothing has come of it yet.

Thanks to Krutal, Paolo, and MT for help with this.