Recording the solo version last year was actually one of the hardest things I’ve done in a long time. It’s funny, with a live audience I can comfortably present for an hour no problem, but recording that 25 minute presentation, alone in a room staring at a camera, was an excruciating process over two days and dozens of takes. I got the advice afterward that even if you’re just staring into a camera, it can be helpful to have an “audience” of a few friends in the room.
Even more than that, though, I’m positively giddy to see some of my friends from the WordPress community in person for the first time in several years. Please join via streaming on the 14th, and also there will also be at least 20 watch parties around the globe if there’s one in your neighborhood. Looking forward to catching up, celebrating the community’s accomplishments over the last year, and hopefully raising a torch for our march toward freedom on the web in 2022.
After you’ve watched the amazing poem from Amanda Gorman, check out the new WhiteHouse.gov that re-launched today using WordPress & Gutenberg with a number of cool features including dark mode, text zoom, a totally responsive layout, and a Spanish version of the site. The site is clean, fast, and accessible. It’s exciting and an honor that the online home for the Executive branch is on Open Source software, and I’m proud WordPress can carry the torch that Drupal lit in 2009.
Besides Gutenberg, poking around I noticed a HTTP header and HTML comment encouraging people to join USDS, and this great #46 easter egg in the theme file:
Anyone notice any other plugins? I haven’t spoken to him directly but I’d be shocked if Nacin wasn’t involved with this one. I’m also curious if any of the WP agencies were involved, it has touches of 10up but I don’t see any mention of it on their site or Twitter. Hoefler&Co creditsWide Eye Creative with the design.
I noticed a few people happy that some previous pages and files on the old site were returning 404 errors, like the controversial 1776 report, but on this I think the webmasters of the United States of America should demand better, since Cool URIs Don’t Change. Previous websites are all saved by the National Archives, but there doesn’t appear to be any sort of norm for automatically redirecting links that went to any subdirectories or addresses under WhiteHouse.gov.
There are WP plugins that could help, like Redirection, but also perhaps the root domain itself could always redirect to a subdomain, like 46.whitehouse.gov, so we’d have a consistent domain and permalinks for everything, and then each new administration would get a new subdomain.
This tumultuous year, two things really helped me get through it: my colleagues at Automattic and the community of WordPress.
At the end of the year I usually deliver a speech to the WP community we call the State of the Word, that celebrates what we accomplished the previous year and shines a light on what we could focus on in the coming year. There’s always a great energy in the room and I love mixing with the audience before and after the talk. This year we did it online, which meant we could produce the talk a little more, and we made extra time for the Q&A afterward with answers not just from me but folks across the community.
One thing I’ll call out WordPress 5.6 had an all women and non-binary release squad of over 50 people, a first for WordPress and probably any large open source project. Also the market share of WordPress grew more in 2020 than it has in any year since it started being tracked!
If you’re curious about what’s next for WordPress, check it out:
May 27th, 17 years ago, the first release of WordPress was put into the world by Mike Little and myself. It did not have an installer, upgrades, WYSIWYG editor (or hardly any Javascript), comment spam protection, clean permalinks, caching, widgets, themes, plugins, business model, or any funding.
The main feedback we got at the time was that the blogging software market was saturated and there wasn’t room or need for anything new.
WordPress did have a philosophy, an active blog, a license that protected the freedom of its users and developers, a love of typography, a belief that code is poetry, fantastic support forums and mailing lists and IRC, and firm sense that building software is more fun when you do it together as a community.
We have relentlessly iterated across 38 major releases since then, and here we are.
If you’d like to celebrate with me, put on some jazz, eat some BBQ, light a candle for the contributors who have passed on, help a friend or stranger less technical than you build a home online, and remember that technology is at its best when it brings people together.
In case you missed it, here’s the first-ever State of the Word… designed completely in Gutenberg:
WordCamp US was a fantastic experience, as always. Thank you again to the hundreds of organizers and volunteers who made it happen, to the thousands who attended, and to the city of St. Louis for hosting us. We’ll be back there again next year.
And special thanks to this next generation of WordPress contributors. So exciting to see KidsCamps continue to expand and thrive:
As you can see, my site is now featuring the new WordPress Twenty Twenty theme. And for more coverage from my State of the Word, check out the recaps from WP Tavern and Post Status. Here’s my full audience Q&A below:
“Vague, but exciting.” Thirty years ago yesterday, Sir Tim Berners-Lee submitted his original proposal for an information management system to his boss at CERN — what would later become the World Wide Web (and, it turns out, a huge influence on my life and career).
To help celebrate, I tweeted WordPress’s contribution to the web’s grand timeline (above), and I got to participate in The Economist’s Babbage podcast looking back at the pioneers of the early web. Listen to the whole episode below:
It has over 130,000 views already! What I really love about this video in particular is that we get into the specifics of how a company can start to embrace a culture of letting employees work from anywhere, even if it started out as a traditional office with everyone in the same place. Automattic never started that way, so even as we’ve scaled up to more than 840 people in 68 countries, there’s never been a question — it’s now built in to our entire culture.
For distributed work to scale up, it’s going to require more CEOs, workers, and managers to test the waters. Any company can experiment with distributed work — just pick a day or two of the week in which everyone works from home, I suggest Tuesdays and Thursdays, then build the tools and systems to support it. Yes, that may require some shuffling of meetings, or more written documentation versus verbal real-time discussion. But I think companies will be surprised how quickly it will “just work.”
If the companies don’t experiment, workers may force them to do it anyway:
WordPress.com is partnering with Google and news industry leaders on a new platform for small- and medium-sized publishers, called Newspack. The team has raised $2.4 million in first-year funding from the Google News Initiative, Lenfest Journalism Institute, Civil funder ConsenSys, and the Knight Foundation, among others. We’re also still happy to talk to and engage other funders who want to get involved — I’d love to put even more resources into this.
It’s been a difficult climate for the news business, particularly at the local level. It also breaks my heart how much of their limited resources these organizations still sink into closed-source or dead-end technology. Open source is clearly the future, and if we do this right Newspack can be the technology choice that lasts with them through the decades, and hopefully our 15 years of growth lends some credibility to our orientation to build things for the long term.
The goal is to both make sure that the catalog of publishing tools as well as business tools they need to be able to run what one hopes is a sustainable news operation are addressed simultaneously. It’s not simply a CMS for a newsroom, but a full business system that enables publishing and monetization at the same time.
As you have come to expect from Automattic, everything will be open source and developed to the same standards WordPress itself is. We’re working with Spirited Media and the News Revenue Hub on the platform, and we will likely look for even more partnership opportunities from across the WordPress ecosystem. If you’d like to invest or get involved, drop us a line at newspack@automattic.com.
Update: On December 6th we released WordPress 5.0. It was definitely the most controversial release in a while, but the usage and adoption metrics are looking similar to previous releases. I’m looking forward to continuing to iterate on the new block editor!
We are nearing the release date for WordPress 5.0 and Gutenberg, one of the most important and exciting projects I’ve worked on in my 15 years with this community.
I knew we would be taking a big leap. But it’s a leap we need to take, and I think the end result is going to open up many new opportunities for everyone in the ecosystem, and for those being introduced to WordPress for the first time. It brings us closer to our mission of democratizing publishing for everyone.
I recently visited WordCamp Portland to talk about Gutenberg and WordPress 5.0, which will also include the new default theme Twenty Nineteen, which you’re seeing me test out on this very site. There were some great questions and testimonials about Gutenberg, so I’d urge you to watch the full video and read the WP Tavern recap. I’ve also visited meetups, responded to review threads, kept an eye on support, and I’m in the middle of office hours with the core community.
As we head toward the release date and WordCamp US, I’ve put many questions and answers into a Gutenberg FAQ below. For those who have other questions, I will be checking the comments here.
It’s an exciting time, and I’m thrilled to be working with y’all on this project.
What is Gutenberg?
Gutenberg, for those who aren’t actively following along, is a brand new Editor for WordPress — contributors have been working on it since January 2017 and it’s one of the most significant changes to WordPress in years. It’s built on the idea of using “blocks” to write and design posts and pages.
This will serve as the foundation for future improvements to WordPress, including blocks as a way not just to design posts and pages, but also entire sites.
The overall goal is to simplify the first-time user experience of WordPress — for those who are writing, editing, publishing, and designing web pages. The editing experience is intended to give users a better visual representation of what their post or page will look like when they hit publish. As I wrote in my post last year, “Users will finally be able to build the sites they see in their imaginations.”
Matías Ventura, team lead for Gutenberg, wrote an excellent post about the vision for Gutenberg, saying, “It’s an attempt to improve how users interact with their content in a fundamentally visual way, while at the same time giving developers the tools to create more fulfilling experiences for the people they are helping.”
Why do we need Gutenberg at all?
For many of us already in the WordPress community, it can be easy to forget the learning curve that exists for people being introduced to WordPress for the first time. Customizing themes, adding shortcodes, editing widgets and menus — there’s an entire language that one must learn behind the scenes in order to make a site or a post look like you want it to look.
Over the past several years, JavaScript-based applications have created opportunities to simplify the user experience in consumer apps and software. Users’ expectations have changed, and the bar has been raised for simplicity. It is my deep belief that WordPress must evolve to improve and simplify its own user experience for first-time users.
Why blocks?
The idea with blocks was to create a new common language across WordPress, a new way to connect users to plugins, and replace a number of older content types — things like shortcodes and widgets — that one had to be well-versed in the idiosyncrasies of WordPress to understand.
The block paradigm is not a new one — in fact many great plugins have already shown the promise of blocks with page design in WordPress. Elementor, one of the pioneers in this space, has now introduced a new collection of Gutenberg blocks to showcase what’s possible:
Why change the Editor?
The Editor is where most of the action happens in WordPress’s daily use, and it was a place where we could polish and perfect the block experience in a contained environment.
Additionally, the classic Editor was built primarily for text — articles have become increasingly multimedia, with social media embeds, maps, contact forms, photo collages, videos, and GIFs. It was time for a design paradigm that allowed us to move past the messy patchwork of shortcodes and text.
The Editor is just the start. In upcoming phases blocks will become a fundamental part of entire site templates and designs. It’s currently a struggle to use the Customizer and figure out how to edit sections like menus, headers, and footers. With blocks, people will be able to edit and manipulate everything on their site without having to understand where WordPress hides everything behind the scenes.
What does Automattic get out of this?
There have been posts recently asking questions about Automattic’s involvement in Gutenberg compared to other contributors and companies. There is no secret conspiracy here — as project lead I was able to enlist the help of dozens of my colleagues to contribute to this project, and I knew that a project of this size would require it. Automattic aims to have 5% of its people dedicated to WordPress community projects, which at its current size would be about 42 people full-time. The company is a bit behind that now (~35 full-time), and the company is growing a lot next year, so look for 10-15 additional people working on core and community projects.
In the end, Gutenberg is similar to many other open source projects — Automattic will benefit from it, but so will everyone else in the WordPress community (and even the Drupal community). It’s available for everyone under the GPL. If the goal was purely to benefit Automattic it would have been faster, easier, and created an advantage for Automattic to have Gutenberg just on WP.com. That wasn’t, and isn’t, the point.
Is Gutenberg ready?
Absolutely. Our original goal with Gutenberg was to get it on 100,000 sites to begin testing — it’s now already on more than 1 million sites, and it’s the fastest-growing plugin in WordPress history. There is a lot of user demand.
The goal was to both test Gutenberg on as many sites as possible before the 5.0 release, and also to encourage plugin developers to make sure their plugins and services will be ready. With everyone pitching in, we can make this the most anti-climactic release in WordPress history.
In the recent debate over Gutenberg readiness, I think it’s important to understand the difference between Gutenberg being ready code-wise (it is now), and whether the entire community is ready for Gutenberg.
It will take some time — we’ve had 15 years to polish and perfect core, after all — but the global WordPress community has some of the world’s most talented contributors and we can make it as good as we want to make it.
There is also a new opportunity to dramatically expand the WordPress contributor community to include more designers and JavaScript engineers. With JavaScript apps there are also new opportunities for designing documentation and support right on the page, so that help arrives right where you need it.
Someone described Gutenberg to me as “WordPress in 3D.” I like the sound of that. Blocks are like layers you can zoom in and out of. The question now is: What are we going to build with this new dimension?
Do I have to switch to Gutenberg when WordPress 5.0 is released?
Not at all. When it’s released, you get to choose what happens. You can install the Classic Editor plugin today and when 5.0 is released, nothing will change. We’ve commited to supporting and updating Classic Editor until 2022. If you’d like to install Gutenberg early, you can do that now too. The Classic Editor plugin has been available for 13 months now, and Gutenberg has been available for 18 months. Both have been heavily promoted since August 2018, and more than 1.3 million .org sites have opted-in already to either experience, so nothing will change for them when they update to 5.0.
How can I make sure I’m ready?
Before updating to 5.0, try out the Gutenberg plugin with your site to ensure it works with your existing plugins, and also to get comfortable with the new experience. Developers across the entire ecosystem are working hard to update their plugins, but your mileage and plugins may vary. And you can always use the Classic Editor to address any gaps.
As with every new thing, things might feel strange and new for a bit, but I’m confident once you start using it you’ll get comfy quickly and you won’t want to go back.
The release candidate of 5.0 is stable and fine to develop against and test.
When will 5.0 be released?
We have had a stable RC1, which stands for first release candidate, and about to do our second one. There is only currently one known blocker and it’s cosmetic. The stability and open issues in the release candidates thus far makes me optimistic we can release soon, but as before the primary driver will be the stability and quality of the underlying software. We made the mistake prior of announcing dates when lots of code was still changing, and had to delay because of regressions and bugs. Now that things aren’t changing, we’re approaching a time we can commit to a date soon.
Is it terrible to do a release in December?
Some people think so, some don’t. There have been 9 major WordPress releases in previous Decembers. December releases actually comprise 34% of our major releases in the past decade.
Can I set it up so only certain users get to use Gutenberg?
Yes, and soon. We’re going to be doing another update to the Classic Editor before the 5.0 release to give it a bit more fine-grained user control — we’ve heard requests for options that allow certain users or certain roles and post types to have Gutenberg while others have Classic Editor.
What happens after 5.0?
We’ve been doing a release of Gutenberg every two weeks, and 5.0 isn’t going to stop that. We’ll do minor release to 5.0 (5.0.1, 5.0.2) fortnightly, with occasional breaks, so if there’s feedback that comes in, we can address it quickly. Many of the previous bugs in updates were from juggling between updates in the plugin and core, now that Gutenberg is in core it’s much easier and safer to incrementally update.
What about Gutenberg and accessibility?
We’ve had some important discussions about accessibility over the past few weeks and I am grateful for those who have helped raise these questions in the community.
Accessibility has been core to WordPress from the very beginning. It’s part of why we started – the adoption of web standards and accessibility.
But where I think we fell down was with project management — specifically, we had a team of volunteers that felt like they were disconnected from the rapid development that was happening with Gutenberg. We need to improve that. In the future I don’t know if it makes sense to have accessibility as a separate kind of process from the core development. It needs to be integrated at every single stage.
Still, we’ve accomplished a lot, as Matías has written about. There have been more than 200 closed issues related to accessibility since the very beginning.
We’re also taking the opportunity to fix some things that have had poor accessibility in WordPress from the beginning. CodeMirror, which is a code editor for templates, is not accessible, so we have some parts of WordPress that we really need to work on to make better.
Speaking of which, CodeMirror was seeking funding for their next version — Automattic has now sponsored that funding and in return it will be made available under the GPL, and that the next version of CodeMirror will be fully accessible.
Finally, Automattic will be funding an accessibility study of WordPress, Gutenberg, and an evaluation of best practices across the web, to ensure WordPress is fully accessible and setting new standards for the web overall.
After WordPress 5.0, is the Gutenberg name going to stick around?
Sometimes code names can take on a life of their own. I think Gutenberg is still what we’ll call this project — it’s called that on GitHub, and you’re also seeing it adopted by other CMSes beyond WordPress — but for those outside the community I can see it simply being known as “the new WordPress editor.”
With the adoption of React for Gutenberg, what do you see as the future for React and WordPress?
In 2015 I said “Learn JavaScript deeply” — then in 2016 we brought the REST API into Core. Gutenberg is the first major feature built entirely on the REST API, so if you are learning things today, learn JavaScript, and I can imagine a future wp-admin that’s 100% JavaScript talking to APIs. I’m excited to see that happen.
Now, switching to a pure JavaScript interface could break some backward compatibility, but a nice thing about Gutenberg is that it provides an avenue for all plugins to work through — it gives them a way to plug in to that. It can eliminate the need for what’s currently done in custom admin screens.
The other beautiful thing is that because Gutenberg essentially allows for translation into many different formats — it can publish to your web page, it can publish your RSS feed, AMP, it can publish blocks that can be translated into email for newsletters — there’s so much in the structured nature of Gutenberg and the semantic HTML that it creates and the grammar that’s used to parse it, can enable for other applications.
It becomes a little bit like a lingua franca that even crosses CMSes. There’s now these new cross-CMS Gutenberg blocks that will be possible. It’s not just WordPress anymore — it might be a JavaScript block that was written for Drupal that you install on your WordPress site. How would that have ever happened before? That’s why we took two years off — it’s why we’ve had everyone in the world working on this thing. It’s because we want it to be #WorthIt.
And WordPress 5.0 is just the starting line. We want to get it to that place where it’s not just better than what we have today, but a world-class, web-defining experience. It’s what we want to create and what everyone deserves.
Was this post published with Gutenberg?
Of course. 😄 No bugs, but I do see lots of areas we can continue to improve and I’m excited to get to work on future iterations.
This weekend, May 27, marks the 15th anniversary of the first release of WordPress. It is an understatement to say that I am immensely proud of what this global community has become, and what it has created. More than 30% of the top sites on the web are now powered by WordPress, I’m writing this in our next-generation editor Gutenberg, and every day I meet someone who is building something interesting on WordPress or pushing our shared project in bold new directions. If you can believe it, growth has actually been accelerating.
I am thankful to Mike for helping make WordPress a reality, many dedicated folks in the years since, and to all of you who are dreaming up the next 15 years. 😄
Many in the open source world are like Moses in that they speak of the Promised Land but will never set foot there. If I spend the rest of my life working and we don’t reach almost all websites being powered by open source and the web being substantially open, I will die content because I already see younger generations picking up the banner.
I am surprised and excited to see the news that Facebook is going to drop the patent clause that I wrote about last week. They’ve announced that with React 16 the license will just be regular MIT with no patent addition. I applaud Facebook for making this move, and I hope that patent clause use is re-examined across all their open source projects.
Our decision to move away from React, based on their previous stance, has sparked a lot of interesting discussions in the WordPress world. Particularly with Gutenberg there may be an approach that allows developers to write Gutenberg blocks (Gutenblocks) in the library of their choice including Preact, Polymer, or Vue, and now React could be an officially-supported option as well.
I want to say thank you to everyone who participated in the discussion thus far, I really appreciate it. The vigorous debate and discussion in the comments here and on Hacker News and Reddit was great for the passion people brought and the opportunity to learn about so many different points of view; it was even better that Facebook was listening.
Today is 14 years from the very first release of WordPress. The interface I’m using to write this (Calypso) is completely unrecognizable from what WordPress looked and worked like even a few years ago. Fourteen years in, I’m waking up every day excited about what’s coming next for us. The progress of the editor and CLI so far this year is awesome, and I’m looking forward to that flowing into improvements for customization and the REST API. Thanks as always to Mike for kicking off this crazy journey, all the people chipping in to make WordPress better, and Konstantin and Erick for surprising me with the cool cake above.
In the WordPress world, when we look back an 2016 I think we’ll remember it as the year that we awoke to the importance of marketing. WordPress has always grown organically through word of mouth and its passionate community, but the hundreds of millions being spent advertising against WP has started to have an impact, especially for folks only lightly familiar with us.
I’ve started to hear about a number of folks across many WordPress companies and industries working on this from different angles, some approaching it from an enterprise point of view and some from a consumer point of view. There’s an opportunity for learning from each other, almost like a mastermind group. As the survey says:
Never have there been more threats to the open web and WordPress. Over three hundred million dollars has been spent in 2016 advertising proprietary systems, and even more is happening in investment. No one company in the WP world is large enough to fight this, nor should anyone need to do it on their own. We’d like to bring together organizations that would like to contribute to growing WordPress. It will be a small group, and if you or your organization are interested in being a part please fill out the survey below.
By working together we can amplify our efforts to bring open source to a wider audience, and fulfill WordPress’ mission to truly democratize publishing.
One of the hardest things to do in technology is disrupt yourself.
But we’re trying our darndest, and have some cool news to introduce today. When I took on the responsibility of CEO of Automattic January of last year, we faced two huge problems: our growth was constrained by lack of capital, and the technological foundations of the past decade weren’t strong enough for the demands of next one.
The first has a relatively straightforward answer. We found some fantastic partners, agreed on a fair price, issued new equity in the company to raise $160M, and started investing in areas we felt were high potential, like this year’s WooCommerce acquisition. This “war chest” gives us a huge array of options, especially given our fairly flat burn rate — we don’t need to raise money again to keep the company going, and any capital we raise in the future will be purely discretionary. (Since last May when the round happened we’ve only spent $3M of the investment on opex.)
The second is much harder to address. The WordPress codebase is actually incredible in many ways — the result of many thousands of people collaborating over 13 years — but some of WordPress’ greatest strengths were also holding it back.
The WordPress codebase contains a sea of institutional knowledge and countless bug fixes. It handles hundreds of edge cases. Integrates constant security improvements. Is coded to scale. Development moves at a fast clip, with six major releases over the past two years and more around the corner. Its power and flexibility is undeniable: WordPress just passed a huge milestone, and now powers 25% of the web. You can run it on a $5-a-month web host, or scale it up to serve billions of pageviews on one of the largest sites on the web, WordPress.com.
The interface, however, has been a struggle. Many of us attempted to give it a reboot with the MP6 project and the version 3.8 release, but what that release made clear to me is that an incremental approach wouldn’t give us the improvements we needed, and that two of the things that helped make WordPress the strong, stable, powerful tool it is — backward compatibility and working without JavaScript — were actually holding it back.
The basic paradigms of wp-admin are largely the same as they were five years ago. Working within them had become limiting. The time seemed ripe for something new, something big… but if you’re going to break back compat, it needs to be for a really good reason. A 20x improvement, not a 2x. Most open source projects fade away rather than make evolutionary jumps.
So we asked ourselves a big question. What would we build if we were starting from scratch today, knowing all we’ve learned over the past 13 years of building WordPress? At the beginning of last year, we decided to start experimenting and see.
Today we’re announcing something brand new, a new approach to WordPress, and open sourcing the code behind it. The project, codenamed Calypso, is the culmination of more than 20 months of work by dozens of the most talented engineers and designers I’ve had the pleasure of working with (127 contributors with over 26,000 commits!).
Calypso is…
Incredibly fast. It’ll charm you.
Written purely in JavaScript, leveraging libraries like Node and React.
100% API-powered. Those APIs are open, and now available to every developer in the world.
A great place to read, allowing you to follow sites across the web (even if they’re not using WordPress).
Social, with stats, likes, and notifications baked in.
Fully responsive. Make it small and put it in your sidebar, or go full-screen.
Really fun to write in, especially the drag-and-drop image uploads.
Fully multi-site for advanced users, so you can manage hundreds of WordPresses from one place.
Able to manage plugins and themes on Jetpack sites, including auto-upgrading them!
100% open source, with all future development happening in the open.
Available for anyone to adapt to make their own, including building custom interfaces, distributions, or working with web services besides WordPress.com.
A lot of people thought we should keep this proprietary, but throughout my life I’ve learned that the more you give away, the more you get back. We still have a ton to figure out around plugins, extensibility, contributions, Windows and Linux releases, API speed, localization, and harmonizing the WordPress.com API and WP-API so it can work with core WordPress. Thousands more PHP developers will need to become fluent with JavaScript to recreate their admin interfaces in this fashion. I’m also really excited to revisit and redesign many more screens now that we have this first version out the door.
This is a beginning, not an ending. (1.0 is the loneliest.) Better things are yet to come, as all of you dig in. Check out these links to read more about Calypso from different perpsectives:
This was a huge bet, incredibly risky, and difficult to execute, but it paid off. Like any disruption it is uncomfortable, and I’m sure will be controversial in some circles. What the team has accomplished in such a short time is amazing, and I’m incredibly proud of everyone who has contributed and will contribute in the future. This is the most exciting project I’ve been involved with in my career.
With core WordPress on the server and Calypso as a client I think we have a good chance to bring another 25% of the web onto open source, making the web a more open place, and people’s lives more free.
If you’re curious more about the before and after, what’s changed, here’s a chart:
There’s a thread on Quora asking “I am powering a bank’s website using WordPress. What security measures should I take?” The answers have mostly been ignorant junk along the lines of “Oh NOES WP is INSECURE! let me take my money out of that bank”, so I wrote one myself, which I’ve copied below.
I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.
In terms of security, there are a two simple points:
Make sure you’re on the latest version of core and all the plugins you run, and update as soon as new version become available.
Use strong passwords for all user accounts. For extra credit you could enable a 2-factor plugin, use Jetpack’s WordPress.com login system, or restrict logged-in users to a certain IP range (like behind a VPN).
If your host doesn’t handle it, make sure you stay up-to-date for everything in your stack as well from the OS on up. Most modern WP hosts handle this (and updates) for you, and of course you could always run your site on WordPress.com VIP alongside some of the top sites in the world. If you use any non-core third party code, no harm in having a security firm audit the source as well (an advantage of using open source).
For an example of a beautiful, responsive banking website built on WordPress, check out Gateway Bank of Mesa AZ. WordPress is also trusted to run sites for some of the largest and most security-conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures, NASA, and literally hundreds more.
As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.
If you wanted any help on this feel free to reach out to Automattic as well, we have a decade of experience now dealing with high-risk, high-scale deployments, and also addressing the sort of uninformed FUD you see in this thread.
If you’ve developed a major bank site in WordPress leave a link in the comments.
This was the 9th and final WordCamp San Francisco in its current form. We’ve maxed out the venue for years, so next year we’ll do a WordCamp US at a location and date to be determined.
Milestone: 2014 was the first year non-English downloads surpassed English downloads of WordPress.
33k took our survey: 7,539 (25%) of survey participants make their living from WordPress. Over 90% of people build more than one site, and spend less than 200 hours building one.
We’ve done five major and seven minor releases since the last WCSF, and have had 785 contributors across them.
Internationalization will be a big focus of the coming year, including fully-localized plugin and theme directories on language sites and embedded on dashboard in version 4.1, which is coming out December 10th.
Better stats coming for plugin and theme authors.
Version fragmentation is a big challenge for WordPress, only a quarter of users are currently on the latest release.
This is also a problem for PHP — we’ll be working with hosts to help with version fragmentation, as well as to get as many WordPress sites as possible running PHP 5.5 or better.
For the first time in 11 years we’re switching away from IRC as our primary communication method. We’ll be moving to Slack, which has helped us set up so that every member of WordPress.org can use it. (During the keynote address the number of people on Slack surpassed our IRC channels, and is currently over 800 people.) Sign up at chat.wordpress.org.
Five for the Future, with Gravity Forms and WPMU Dev committing to donate, and Automattic now at 14 full-time contributors to core and community.
The mission of WordPress is to democratize publishing, which means access for everyone regardless of language, geography, gender, wealth, ability, religion, creed, or anything else people might be born with. To do that we need our community to be inclusive and welcoming. There is a sublime beauty in our differences, and they’re as important as the principles that bring us together, like the GPL.
On Sunday at WordCamp Europe I got a question about how companies contribute back to WordPress, how they’re doing, and what companies should do more of.
First on the state of things: there are more companies genuinely and altruistically contributing to growing WordPress than ever before. In our ecosystem web hosts definitely make the most revenue and profits, and it’s been great to see them stepping up their game, but also the consultancies and agencies around WordPress have been pretty amazing about their people contributions, as demonstrated most recently by the fact the 4.0 and 4.1 release leads both hail from WP agencies (10up and Code for the People, respectively).
I think a good rule of thumb that will scale with the community as it continues to grow is that organizations that want to grow the WordPress pie (and not just their piece of it) should dedicate 5% of their people to working on something to do with core — be it development, documentation, security, support forums, theme reviews, training, testing, translation or whatever it might be that helps move WordPress mission forward.
Five percent doesn’t sound like much, but it adds up quickly. As of today Automattic is 277 people, which means we should have about 14 people contributing full-time. That’s a lot of people to not have on things that are more direct or obvious drivers of the business, and we’re not quite there today, but I’m working on it and hope Automattic can set a good example for this in the community. I think it’s just as hard for a 20-person organization to peel 1 person off.
It’s a big commitment, but I can’t think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.
Whenever I visit a site I can usually tell whether it’s WordPress or not within an instant — there’s just something about a WordPress site that is distinctive. Super-clean permalinks are usually a dead giveaway. One thing I’ve been noticing a lot lately is on my guilty pleasure for tech news, Techmeme, it seems like almost every link I click is to a WordPress-powered site. Fortunately Techmeme provides a leaderboard showing both rank and % of space a site has taken up in headlines in the past thirty days.
The list changes almost every day but went ahead and took a snapshot of the top 100 as of January 16th and ran down the platform for each one, here’s how it ended up:
WordPress comes in at 43%, custom or bespoke systems at 42%, and then the others. When you take into effect Techmeme’s “presence” factor WP jumps to 48.8% of presence in the top 100 and all Blogsmith, Drupal, Blogspot, Tumblr, and Typepad combined are 8.4%. If you curious of the raw data, here’s the spreadsheet with the platforms.
This is just a snapshot, it’d be interesting to see how this evolves over time. It’s a small slice of the world of websites, but a very influential one. I’ve actually reached out to Gabe Rivera a few times to sponsor the leaderboard page, putting a W logo next to the ones that run WordPress in the table, but nothing has come of it yet.
It’s been a busy week, WordCamp San Francisco 2013 went off without a hitch. Here’s the State of the Word presentation, which covered quite a bit of material and talks about the plans for WordPress 3.7 and 3.8: