Categories
WordPress

State of the Word 2020

This tumultuous year, two things really helped me get through it: my colleagues at Automattic and the community of WordPress.

At the end of the year I usually deliver a speech to the WP community we call the State of the Word, that celebrates what we accomplished the previous year and shines a light on what we could focus on in the coming year. There’s always a great energy in the room and I love mixing with the audience before and after the talk. This year we did it online, which meant we could produce the talk a little more, and we made extra time for the Q&A afterward with answers not just from me but folks across the community.

One thing I’ll call out WordPress 5.6 had an all women and non-binary release squad of over 50 people, a first for WordPress and probably any large open source project. Also the market share of WordPress grew more in 2020 than it has in any year since it started being tracked!

If you’re curious about what’s next for WordPress, check it out:

Categories
WordPress

Celebrate Seventeen

May 27th, 17 years ago, the first release of WordPress was put into the world by Mike Little and myself. It did not have an installer, upgrades, WYSIWYG editor (or hardly any Javascript), comment spam protection, clean permalinks, caching, widgets, themes, plugins, business model, or any funding.

The main feedback we got at the time was that the blogging software market was saturated and there wasn’t room or need for anything new.

WordPress did have a philosophy, an active blog, a license that protected the freedom of its users and developers, a love of typography, a belief that code is poetry, fantastic support forums and mailing lists and IRC, and firm sense that building software is more fun when you do it together as a community.

We have relentlessly iterated across 38 major releases since then, and here we are.

If you’d like to celebrate with me, put on some jazz, eat some BBQ, light a candle for the contributors who have passed on, help a friend or stranger less technical than you build a home online, and remember that technology is at its best when it brings people together.

Categories
WordCamp WordPress

State of the Word 2019

In case you missed it, here’s the first-ever State of the Word… designed completely in Gutenberg:

WordCamp US was a fantastic experience, as always. Thank you again to the hundreds of organizers and volunteers who made it happen, to the thousands who attended, and to the city of St. Louis for hosting us. We’ll be back there again next year.

And special thanks to this next generation of WordPress contributors. So exciting to see KidsCamps continue to expand and thrive:

As you can see, my site is now featuring the new WordPress Twenty Twenty theme. And for more coverage from my State of the Word, check out the recaps from WP Tavern and Post Status. Here’s my full audience Q&A below:

You can see my previous State of the Word keynotes here.

Categories
Open Source WordPress

The Web Turns 30

“Vague, but exciting.” Thirty years ago yesterday, Sir Tim Berners-Lee submitted his original proposal for an information management system to his boss at CERN — what would later become the World Wide Web (and, it turns out, a huge influence on my life and career).

To help celebrate, I tweeted WordPress’s contribution to the web’s grand timeline (above), and I got to participate in The Economist’s Babbage podcast looking back at the pioneers of the early web. Listen to the whole episode below:

Categories
Automattic Future of Work WordPress wordpress.com

My TED Video on the Future of Work

I was thrilled to participate in TED’s new video series, The Way We Work, and not surprisingly I made the case that distributed work is where everything is headed.

It has over 130,000 views already! What I really love about this video in particular is that we get into the specifics of how a company can start to embrace a culture of letting employees work from anywhere, even if it started out as a traditional office with everyone in the same place. Automattic never started that way, so even as we’ve scaled up to more than 840 people in 68 countries, there’s never been a question — it’s now built in to our entire culture.

For distributed work to scale up, it’s going to require more CEOs, workers, and managers to test the waters. Any company can experiment with distributed work — just pick a day or two of the week in which everyone works from home, I suggest Tuesdays and Thursdays, then build the tools and systems to support it. Yes, that may require some shuffling of meetings, or more written documentation versus verbal real-time discussion. But I think companies will be surprised how quickly it will “just work.”

If the companies don’t experiment, workers may force them to do it anyway:

Categories
Automattic Open Source Software WordPress press wordpress.com

Journalism and Newspack

WordPress.com is partnering with Google and news industry leaders on a new platform for small- and medium-sized publishers, called Newspack. The team has raised $2.4 million in first-year funding from the Google News Initiative, Lenfest Journalism Institute, Civil funder ConsenSys, and the Knight Foundation, among others. We’re also still happy to talk to and engage other funders who want to get involved — I’d love to put even more resources into this.

It’s been a difficult climate for the news business, particularly at the local level. It also breaks my heart how much of their limited resources these organizations still sink into closed-source or dead-end technology. Open source is clearly the future, and if we do this right Newspack can be the technology choice that lasts with them through the decades, and hopefully our 15 years of growth lends some credibility to our orientation to build things for the long term.

Here’s Kinsey in Nieman Lab:

The goal is to both make sure that the catalog of publishing tools as well as business tools they need to be able to run what one hopes is a sustainable news operation are addressed simultaneously. It’s not simply a CMS for a newsroom, but a full business system that enables publishing and monetization at the same time.

Nieman Lab interview

As you have come to expect from Automattic, everything will be open source and developed to the same standards WordPress itself is. We’re working with Spirited Media and the News Revenue Hub on the platform, and we will likely look for even more partnership opportunities from across the WordPress ecosystem. If you’d like to invest or get involved, drop us a line at newspack@automattic.com.

Categories
Automattic WordPress

WordPress 5.0: A Gutenberg FAQ

Update: On December 6th we released WordPress 5.0. It was definitely the most controversial release in a while, but the usage and adoption metrics are looking similar to previous releases. I’m looking forward to continuing to iterate on the new block editor!

We are nearing the release date for WordPress 5.0 and Gutenberg, one of the most important and exciting projects I’ve worked on in my 15 years with this community.

I knew we would be taking a big leap. But it’s a leap we need to take, and I think the end result is going to open up many new opportunities for everyone in the ecosystem, and for those being introduced to WordPress for the first time. It brings us closer to our mission of democratizing publishing for everyone.

I recently visited WordCamp Portland to talk about Gutenberg and WordPress 5.0, which will also include the new default theme Twenty Nineteen, which you’re seeing me test out on this very site. There were some great questions and testimonials about Gutenberg, so I’d urge you to watch the full video and read the WP Tavern recap. I’ve also visited meetups, responded to review threads, kept an eye on support, and I’m in the middle of office hours with the core community.

As we head toward the release date and WordCamp US, I’ve put many questions and answers into a Gutenberg FAQ below. For those who have other questions, I will be checking the comments here.

It’s an exciting time, and I’m thrilled to be working with y’all on this project.

Not the ship of Theseus

What is Gutenberg?

Gutenberg, for those who aren’t actively following along, is a brand new Editor for WordPress — contributors have been working on it since January 2017 and it’s one of the most significant changes to WordPress in years. It’s built on the idea of using “blocks” to write and design posts and pages.

This will serve as the foundation for future improvements to WordPress, including blocks as a way not just to design posts and pages, but also entire sites.

The overall goal is to simplify the first-time user experience of WordPress — for those who are writing, editing, publishing, and designing web pages. The editing experience is intended to give users a better visual representation of what their post or page will look like when they hit publish. As I wrote in my post last year, “Users will finally be able to build the sites they see in their imaginations.”

Matías Ventura, team lead for Gutenberg, wrote an excellent post about the vision for Gutenberg, saying, “It’s an attempt to improve how users interact with their content in a fundamentally visual way, while at the same time giving developers the tools to create more fulfilling experiences for the people they are helping.”

Why do we need Gutenberg at all?

For many of us already in the WordPress community, it can be easy to forget the learning curve that exists for people being introduced to WordPress for the first time. Customizing themes, adding shortcodes, editing widgets and menus — there’s an entire language that one must learn behind the scenes in order to make a site or a post look like you want it to look.

Over the past several years, JavaScript-based applications have created opportunities to simplify the user experience in consumer apps and software. Users’ expectations have changed, and the bar has been raised for simplicity. It is my deep belief that WordPress must evolve to improve and simplify its own user experience for first-time users.

Why blocks?

The idea with blocks was to create a new common language across WordPress, a new way to connect users to plugins, and replace a number of older content types — things like shortcodes and widgets — that one had to be well-versed in the idiosyncrasies of WordPress to understand.

The block paradigm is not a new one — in fact many great plugins have already shown the promise of blocks with page design in WordPress. Elementor, one of the pioneers in this space, has now introduced a new collection of Gutenberg blocks to showcase what’s possible:

Why change the Editor?

The Editor is where most of the action happens in WordPress’s daily use, and it was a place where we could polish and perfect the block experience in a contained environment.

Additionally, the classic Editor was built primarily for text — articles have become increasingly multimedia, with social media embeds, maps, contact forms, photo collages, videos, and GIFs. It was time for a design paradigm that allowed us to move past the messy patchwork of shortcodes and text.

The Editor is just the start. In upcoming phases blocks will become a fundamental part of entire site templates and designs. It’s currently a struggle to use the Customizer and figure out how to edit sections like menus, headers, and footers. With blocks, people will be able to edit and manipulate everything on their site without having to understand where WordPress hides everything behind the scenes.

What does Automattic get out of this?

There have been posts recently asking questions about Automattic’s involvement in Gutenberg compared to other contributors and companies. There is no secret conspiracy here — as project lead I was able to enlist the help of dozens of my colleagues to contribute to this project, and I knew that a project of this size would require it. Automattic aims to have 5% of its people dedicated to WordPress community projects, which at its current size would be about 42 people full-time. The company is a bit behind that now (~35 full-time), and the company is growing a lot next year, so look for 10-15 additional people working on core and community projects. 

In the end, Gutenberg is similar to many other open source projects — Automattic will benefit from it, but so will everyone else in the WordPress community (and even the Drupal community). It’s available for everyone under the GPL. If the goal was purely to benefit Automattic it would have been faster, easier, and created an advantage for Automattic to have Gutenberg just on WP.com. That wasn’t, and isn’t, the point.

Is Gutenberg ready?

Absolutely. Our original goal with Gutenberg was to get it on 100,000 sites to begin testing — it’s now already on more than 1 million sites, and it’s the fastest-growing plugin in WordPress history. There is a lot of user demand.

The goal was to both test Gutenberg on as many sites as possible before the 5.0 release, and also to encourage plugin developers to make sure their plugins and services will be ready. With everyone pitching in, we can make this the most anti-climactic release in WordPress history.  

In the recent debate over Gutenberg readiness, I think it’s important to understand the difference between Gutenberg being ready code-wise (it is now), and whether the entire community is ready for Gutenberg.

It will take some time — we’ve had 15 years to polish and perfect core, after all — but the global WordPress community has some of the world’s most talented contributors and we can make it as good as we want to make it.

There is also a new opportunity to dramatically expand the WordPress contributor community to include more designers and JavaScript engineers. With JavaScript apps there are also new opportunities for designing documentation and support right on the page, so that help arrives right where you need it.

Someone described Gutenberg to me as “WordPress in 3D.” I like the sound of that. Blocks are like layers you can zoom in and out of. The question now is: What are we going to build with this new dimension?

Do I have to switch to Gutenberg when WordPress 5.0 is released?

Not at all. When it’s released, you get to choose what happens. You can install the Classic Editor plugin today and when 5.0 is released, nothing will change. We’ve commited to supporting and updating Classic Editor until 2022. If you’d like to install Gutenberg early, you can do that now too. The Classic Editor plugin has been available for 13 months now, and Gutenberg has been available for 18 months. Both have been heavily promoted since August 2018, and more than 1.3 million .org sites have opted-in already to either experience, so nothing will change for them when they update to 5.0.

How can I make sure I’m ready?

Before updating to 5.0, try out the Gutenberg plugin with your site to ensure it works with your existing plugins, and also to get comfortable with the new experience. Developers across the entire ecosystem are working hard to update their plugins, but your mileage and plugins may vary. And you can always use the Classic Editor to address any gaps.

As with every new thing, things might feel strange and new for a bit, but I’m confident once you start using it you’ll get comfy quickly and you won’t want to go back.

The release candidate of 5.0 is stable and fine to develop against and test.

When will 5.0 be released?

We have had a stable RC1, which stands for first release candidate, and about to do our second one. There is only currently one known blocker and it’s cosmetic. The stability and open issues in the release candidates thus far makes me optimistic we can release soon, but as before the primary driver will be the stability and quality of the underlying software. We made the mistake prior of announcing dates when lots of code was still changing, and had to delay because of regressions and bugs. Now that things aren’t changing, we’re approaching a time we can commit to a date soon.

Is it terrible to do a release in December?

Some people think so, some don’t. There have been 9 major WordPress releases in previous Decembers. December releases actually comprise 34% of our major releases in the past decade.

Can I set it up so only certain users get to use Gutenberg?

Yes, and soon. We’re going to be doing another update to the Classic Editor before the 5.0 release to give it a bit more fine-grained user control — we’ve heard requests for options that allow certain users or certain roles and post types to have Gutenberg while others have Classic Editor.

What happens after 5.0?

We’ve been doing a release of Gutenberg every two weeks, and 5.0 isn’t going to stop that. We’ll do minor release to 5.0 (5.0.1, 5.0.2) fortnightly, with occasional breaks, so if there’s feedback that comes in, we can address it quickly. Many of the previous bugs in updates were from juggling between updates in the plugin and core, now that Gutenberg is in core it’s much easier and safer to incrementally update.

What about Gutenberg and accessibility?

We’ve had some important discussions about accessibility over the past few weeks and I am grateful for those who have helped raise these questions in the community.

Accessibility has been core to WordPress from the very beginning. It’s part of why we started – the adoption of web standards and accessibility.

But where I think we fell down was with project management — specifically, we had a team of volunteers that felt like they were disconnected from the rapid development that was happening with Gutenberg. We need to improve that. In the future I don’t know if it makes sense to have accessibility as a separate kind of process from the core development. It needs to be integrated at every single stage.

Still, we’ve accomplished a lot, as Matías has written about. There have been more than 200 closed issues related to accessibility since the very beginning.

We’re also taking the opportunity to fix some things that have had poor accessibility in WordPress from the beginning. CodeMirror, which is a code editor for templates, is not accessible, so we have some parts of WordPress that we really need to work on to make better.

Speaking of which, CodeMirror was seeking funding for their next version — Automattic has now sponsored that funding and in return it will be made available under the GPL, and that the next version of CodeMirror will be fully accessible.

Finally, Automattic will be funding an accessibility study of WordPress, Gutenberg, and an evaluation of best practices across the web, to ensure WordPress is fully accessible and setting new standards for the web overall.

After WordPress 5.0, is the Gutenberg name going to stick around?

Sometimes code names can take on a life of their own. I think Gutenberg is still what we’ll call this project — it’s called that on GitHub, and you’re also seeing it adopted by other CMSes beyond WordPress — but for those outside the community I can see it simply being known as “the new WordPress editor.”

With the adoption of React for Gutenberg, what do you see as the future for React and WordPress?

In 2015 I said “Learn JavaScript deeply” — then in 2016 we brought the REST API into Core. Gutenberg is the first major feature built entirely on the REST API, so if you are learning things today, learn JavaScript, and I can imagine a future wp-admin that’s 100% JavaScript talking to APIs. I’m excited to see that happen.

Now, switching to a pure JavaScript interface could break some backward compatibility, but a nice thing about Gutenberg is that it provides an avenue for all plugins to work through — it gives them a way to plug in to that. It can eliminate the need for what’s currently done in custom admin screens.  

The other beautiful thing is that because Gutenberg essentially allows for translation into many different formats — it can publish to your web page, it can publish your RSS feed, AMP, it can publish blocks that can be translated into email for newsletters — there’s so much in the structured nature of Gutenberg and the semantic HTML that it creates and the grammar that’s used to parse it, can enable for other applications.

It becomes a little bit like a lingua franca that even crosses CMSes. There’s now these new cross-CMS Gutenberg blocks that will be possible. It’s not just WordPress anymore — it might be a JavaScript block that was written for Drupal that you install on your WordPress site. How would that have ever happened before? That’s why we took two years off — it’s why we’ve had everyone in the world working on this thing. It’s because we want it to be #WorthIt.

And WordPress 5.0 is just the starting line. We want to get it to that place where it’s not just better than what we have today, but a world-class, web-defining experience. It’s what we want to create and what everyone deserves.

Was this post published with Gutenberg?

Of course. 😄 No bugs, but I do see lots of areas we can continue to improve and I’m excited to get to work on future iterations.

Categories
WordPress

WordPress at 15

This weekend, May 27, marks the 15th anniversary of the first release of WordPress. It is an understatement to say that I am immensely proud of what this global community has become, and what it has created. More than 30% of the top sites on the web are now powered by WordPress, I’m writing this in our next-generation editor Gutenberg, and every day I meet someone who is building something interesting on WordPress or pushing our shared project in bold new directions. If you can believe it, growth has actually been accelerating.

There’s so much: A group of high school students bands together to build a national movement on WordPress; a president builds the foundation for his own next chapter on WordPress; the current WhiteHouse.gov switches over; or when someone like Hajj Flemings brings thousands of small businesses onto the open web for the first time, with WordPress.

To celebrate #WP15, hundreds of local WordPress communities around the world will be throwing parties. Go here to find a meetup in your area.

I am thankful to Mike for helping make WordPress a reality, many dedicated folks in the years since, and to all of you who are dreaming up the next 15 years. 😄

Many in the open source world are like Moses in that they speak of the Promised Land but will never set foot there. If I spend the rest of my life working and we don’t reach almost all websites being powered by open source and the web being substantially open, I will die content because I already see younger generations picking up the banner.

Categories
WordPress

Facebook Dropping Patent Clause

I am surprised and excited to see the news that Facebook is going to drop the patent clause that I wrote about last week. They’ve announced that with React 16 the license will just be regular MIT with no patent addition. I applaud Facebook for making this move, and I hope that patent clause use is re-examined across all their open source projects.

Our decision to move away from React, based on their previous stance, has sparked a lot of interesting discussions in the WordPress world. Particularly with Gutenberg there may be an approach that allows developers to write Gutenberg blocks (Gutenblocks) in the library of their choice including Preact, Polymer, or Vue, and now React could be an officially-supported option as well.

I want to say thank you to everyone who participated in the discussion thus far, I really appreciate it. The vigorous debate and discussion in the comments here and on Hacker News and Reddit was great for the passion people brought and the opportunity to learn about so many different points of view; it was even better that Facebook was listening.

Categories
WordPress

WordPress 14

IMG_7931.JPG

Today is 14 years from the very first release of WordPress. The interface I’m using to write this (Calypso) is completely unrecognizable from what WordPress looked and worked like even a few years ago. Fourteen years in, I’m waking up every day excited about what’s coming next for us. The progress of the editor and CLI so far this year is awesome, and I’m looking forward to that flowing into improvements for customization and the REST API. Thanks as always to Mike for kicking off this crazy journey, all the people chipping in to make WordPress better, and Konstantin and Erick for surprising me with the cool cake above.

Categories
WordPress

WP Growth Council

In the WordPress world, when we look back an 2016 I think we’ll remember it as the year that we awoke to the importance of marketing. WordPress has always grown organically through word of mouth and its passionate community, but the hundreds of millions being spent advertising against WP has started to have an impact, especially for folks only lightly familiar with us.

I’ve started to hear about a number of folks across many WordPress companies and industries working on this from different angles, some approaching it from an enterprise point of view and some from a consumer point of view. There’s an opportunity for learning from each other, almost like a mastermind group. As the survey says:

Never have there been more threats to the open web and WordPress. Over three hundred million dollars has been spent in 2016 advertising proprietary systems, and even more is happening in investment. No one company in the WP world is large enough to fight this, nor should anyone need to do it on their own. We’d like to bring together organizations that would like to contribute to growing WordPress. It will be a small group, and if you or your organization are interested in being a part please fill out the survey below.

By working together we can amplify our efforts to bring open source to a wider audience, and fulfill WordPress’ mission to truly democratize publishing.

If this sounds interesting to you, apply using this survey.

Categories
Automattic WordPress

Dance to Calypso

One of the hardest things to do in technology is disrupt yourself.

But we’re trying our darndest, and have some cool news to introduce today. When I took on the responsibility of CEO of Automattic January of last year, we faced two huge problems: our growth was constrained by lack of capital, and the technological foundations of the past decade weren’t strong enough for the demands of next one.

The first has a relatively straightforward answer. We found some fantastic partners, agreed on a fair price, issued new equity in the company to raise $160M, and started investing in areas we felt were high potential, like this year’s WooCommerce acquisition. This “war chest” gives us a huge array of options, especially given our fairly flat burn rate — we don’t need to raise money again to keep the company going, and any capital we raise in the future will be purely discretionary. (Since last May when the round happened we’ve only spent $3M of the investment on opex.)

The second is much harder to address. The WordPress codebase is actually incredible in many ways — the result of many thousands of people collaborating over 13 years — but some of WordPress’ greatest strengths were also holding it back.

The WordPress codebase contains a sea of institutional knowledge and countless bug fixes. It handles hundreds of edge cases. Integrates constant security improvements. Is coded to scale. Development moves at a fast clip, with six major releases over the past two years and more around the corner. Its power and flexibility is undeniable: WordPress just passed a huge milestone, and now powers 25% of the web. You can run it on a $5-a-month web host, or scale it up to serve billions of pageviews on one of the largest sites on the web, WordPress.com.

The interface, however, has been a struggle. Many of us attempted to give it a reboot with the MP6 project and the version 3.8 release, but what that release made clear to me is that an incremental approach wouldn’t give us the improvements we needed, and that two of the things that helped make WordPress the strong, stable, powerful tool it is — backward compatibility and working without JavaScript — were actually holding it back.

The basic paradigms of wp-admin are largely the same as they were five years ago. Working within them had become limiting. The time seemed ripe for something new, something big… but if you’re going to break back compat, it needs to be for a really good reason. A 20x improvement, not a 2x. Most open source projects fade away rather than make evolutionary jumps.

So we asked ourselves a big question. What would we build if we were starting from scratch today, knowing all we’ve learned over the past 13 years of building WordPress? At the beginning of last year, we decided to start experimenting and see.

Today we’re announcing something brand new, a new approach to WordPress, and open sourcing the code behind it. The project, codenamed Calypso, is the culmination of more than 20 months of work by dozens of the most talented engineers and designers I’ve had the pleasure of working with (127 contributors with over 26,000 commits!).

gm-2015-final

Calypso is…

  • Incredibly fast. It’ll charm you.
  • Written purely in JavaScript, leveraging libraries like Node and React.
  • 100% API-powered. Those APIs are open, and now available to every developer in the world.
  • A great place to read, allowing you to follow sites across the web (even if they’re not using WordPress).
  • Social, with stats, likes, and notifications baked in.
  • Fully responsive. Make it small and put it in your sidebar, or go full-screen.
  • Really fun to write in, especially the drag-and-drop image uploads.
  • Fully multi-site for advanced users, so you can manage hundreds of WordPresses from one place.
  • Able to manage plugins and themes on Jetpack sites, including auto-upgrading them!
  • 100% open source, with all future development happening in the open.
  • Available for anyone to adapt to make their own, including building custom interfaces, distributions, or working with web services besides WordPress.com.

A lot of people thought we should keep this proprietary, but throughout my life I’ve learned that the more you give away, the more you get back. We still have a ton to figure out around plugins, extensibility, contributions, Windows and Linux releases, API speed, localization, and harmonizing the WordPress.com API and WP-API so it can work with core WordPress. Thousands more PHP developers will need to become fluent with JavaScript to recreate their admin interfaces in this fashion. I’m also really excited to revisit and redesign many more screens now that we have this first version out the door.

This is a beginning, not an ending. (1.0 is the loneliest.) Better things are yet to come, as all of you dig in. Check out these links to read more about Calypso from different perpsectives:

This was a huge bet, incredibly risky, and difficult to execute, but it paid off. Like any disruption it is uncomfortable, and I’m sure will be controversial in some circles. What the team has accomplished in such a short time is amazing, and I’m incredibly proud of everyone who has contributed and will contribute in the future. This is the most exciting project I’ve been involved with in my career.

With core WordPress on the server and Calypso as a client I think we have a good chance to bring another 25% of the web onto open source, making the web a more open place, and people’s lives more free.

If you’re curious more about the before and after, what’s changed, here’s a chart:

Whats-New-WPcom@2x

 

Categories
WordPress

A Bank Website on WordPress

There’s a thread on Quora asking “I am powering a bank’s website using WordPress. What security measures should I take?” The answers have mostly been ignorant junk along the lines of “Oh NOES WP is INSECURE! let me take my money out of that bank”, so I wrote one myself, which I’ve copied below.

I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.

In terms of security, there are a two simple points:

  1. Make sure you’re on the latest version of core and all the plugins you run, and update as soon as new version become available.
  2. Use strong passwords for all user accounts. For extra credit you could enable a 2-factor plugin, use Jetpack’s WordPress.com login system, or restrict logged-in users to a certain IP range (like behind a VPN).

If your host doesn’t handle it, make sure you stay up-to-date for everything in your stack as well from the OS on up. Most modern WP hosts handle this (and updates) for you, and of course you could always run your site on WordPress.com VIP alongside some of the top sites in the world. If you use any non-core third party code, no harm in having a security firm audit the source as well (an advantage of using open source).

For an example of a beautiful, responsive banking website built on WordPress, check out Gateway Bank of Mesa AZ. WordPress is also trusted to run sites for some of the largest and most security-conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures, NASA, and literally hundreds more.

As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.

If you wanted any help on this feel free to reach out to Automattic as well, we have a decade of experience now dealing with high-risk, high-scale deployments, and also addressing the sort of uninformed FUD you see in this thread.

If you’ve developed a major bank site in WordPress leave a link in the comments.

Categories
WordPress

State of the Word 2014

Yesterday I delivered the State of the Word address to the WordPress community, and the video is already up on WordPress.tv.

Here are the slides if you’d like to view them on their own:

State of the Word 2014 from photomatt

If you just want the bullet points, here are the big things I discussed and announced:

  • There will be 81 WordCamps in 2014.
  • This was the 9th and final WordCamp San Francisco in its current form. We’ve maxed out the venue for years, so next year we’ll do a WordCamp US at a location and date to be determined.
  • Milestone: 2014 was the first year non-English downloads surpassed English downloads of WordPress.
  • 33k took our survey: 7,539 (25%) of survey participants make their living from WordPress. Over 90% of people build more than one site, and spend less than 200 hours building one.
  • We’ve done five major and seven minor releases since the last WCSF, and have had 785 contributors across them.
  • WordPress market share has risen from 19% in 2013 to 23% now.
  • We now have 34k plugins and 2.7k themes, and have enjoyed record activity on both — including plugins passing 1,000,000 commits.
  • 16 releases of our mobile apps, Android and iOS.
  • Code Reference launched.
  • 105 active meetup groups in 21 countries, with over 100 meetup and WordCamp organizers present at the event.
  • Internationalization will be a big focus of the coming year, including fully-localized plugin and theme directories on language sites and embedded on dashboard in version 4.1, which is coming out December 10th.
  • Better stats coming for plugin and theme authors.
  • Version fragmentation is a big challenge for WordPress, only a quarter of users are currently on the latest release.
  •  This is also a problem for PHP — we’ll be working with hosts to help with version fragmentation, as well as to get as many WordPress sites as possible running PHP 5.5 or better.
  • Showed off 2015 theme.
  • We will be testing a workflow for accepting pull requests on our official WordPress Github repository before the end of the year.
  • For the first time in 11 years we’re switching away from IRC as our primary communication method. We’ll be moving to Slack, which has helped us set up so that every member of WordPress.org can use it. (During the keynote address the number of people on Slack surpassed our IRC channels, and is currently over 800 people.) Sign up at chat.wordpress.org.
  • Five for the Future, with Gravity Forms and WPMU Dev committing to donate, and Automattic now at 14 full-time contributors to core and community.
  • We need to work hard to harmonize the REST API plugin and the WordPress.com REST API.
  • The mission of WordPress is to democratize publishing, which means access for everyone regardless of language, geography, gender, wealth, ability, religion, creed, or anything else people might be born with. To do that we need our community to be inclusive and welcoming. There is a sublime beauty in our differences, and they’re as important as the principles that bring us together, like the GPL.
Categories
Essays WordPress

Five for the Future

On Sunday at WordCamp Europe I got a question about how companies contribute back to WordPress, how they’re doing, and what companies should do more of.

First on the state of things: there are more companies genuinely and altruistically contributing to growing WordPress than ever before. In our ecosystem web hosts definitely make the most revenue and profits, and it’s been great to see them stepping up their game, but also the consultancies and agencies around WordPress have been pretty amazing about their people contributions, as demonstrated most recently by the fact the 4.0 and 4.1 release leads both hail from WP agencies (10up and Code for the People, respectively).

I think a good rule of thumb that will scale with the community as it continues to grow is that organizations that want to grow the WordPress pie (and not just their piece of it) should dedicate 5% of their people to working on something to do with core — be it development, documentation, security, support forums, theme reviews, training, testing, translation or whatever it might be that helps move WordPress mission forward.

Five percent doesn’t sound like much, but it adds up quickly. As of today Automattic is 277 people, which means we should have about 14 people contributing full-time. That’s a lot of people to not have on things that are more direct or obvious drivers of the business, and we’re not quite there today, but I’m working on it and hope Automattic can set a good example for this in the community. I think it’s just as hard for a 20-person organization to peel 1 person off.

It’s a big commitment, but I can’t think of a better long-term investment in the health of WordPress overall. I think it will look incredibly modest in hindsight. This ratio is probably the bare minimum for a sustainable ecosystem, avoiding the tragedy of the commons. I think the 5% rule is one that all open source projects and companies should follow, at least if they want to be vibrant a decade from now.

Further reading: There’s been a number of nice blog follow-ups. Post Status has a nice post on Contribution Culture. Ben Metcalf responded but I disagree with pretty much everything even though I’m glad he wrote it. Tony Perez wrote The Vision of Five and What it Means. Dries Buytaert, the founder of Drupal, pointed out his essay Scaling Open Source Communities which I think is really good.

Categories
WordPress

WordPress & Techmeme 100

Whenever I visit a site I can usually tell whether it’s WordPress or not within an instant — there’s just something about a WordPress site that is distinctive. Super-clean permalinks are usually a dead giveaway. One thing I’ve been noticing a lot lately is on my guilty pleasure for tech news, Techmeme, it seems like almost every link I click is to a WordPress-powered site. Fortunately Techmeme provides a leaderboard showing both rank and % of space a site has taken up in headlines in the past thirty days.

The list changes almost every day but went ahead and took a snapshot of the top 100 as of January 16th and ran down the platform for each one, here’s how it ended up:

techmeme-100-cms

WordPress comes in at 43%, custom or bespoke systems at 42%, and then the others. When you take into effect Techmeme’s “presence” factor WP jumps to 48.8% of presence in the top 100 and all Blogsmith, Drupal, Blogspot, Tumblr, and Typepad combined are 8.4%. If you curious of the raw data, here’s the spreadsheet with the platforms.

This is just a snapshot, it’d be interesting to see how this evolves over time. It’s a small slice of the world of websites, but a very influential one. I’ve actually reached out to Gabe Rivera a few times to sponsor the leaderboard page, putting a W logo next to the ones that run WordPress in the table, but nothing has come of it yet.

Thanks to Krutal, Paolo, and MT for help with this.

Categories
WordPress

3.6 and State of the Word

3.6 has been released and has a groovy video to go with it:

It’s been a busy week, WordCamp San Francisco 2013 went off without a hitch. Here’s the State of the Word presentation, which covered quite a bit of material and talks about the plans for WordPress 3.7 and 3.8:

And here’s the question and answer session:

There was a pretty good summary of the presentation in infographic form. A bit more about this next week, and some more announcements in store as well.

Categories
WordPress

This Week in Startups

While at the D Conference last month I did an interview with Jason Calacanis for his This Week in Startups show, which I was actually last on in 2009. We went a little long so it was broken into two, here it is (WP Daily has an index of the questions):

Categories
WordPress

Dear WordPress,

Has it really been 10 years? It seems just yesterday we were playing around on my blog, and the blogs of a few high school friends. Two of those friends are married, one isn’t anymore, two are still figuring things out, and one has passed away.

You were cute before you became beautiful. Wearing black and white, afraid of color, trying to be so unassuming. I know you got jealous when I wore those Blogger t-shirts. They were the cool kids at SxSW and I thought maybe you could grow up to be like them.

You wouldn’t have shirts of your own for a few more years. We didn’t know what we were doing when we made them and the logo printed ginormous. People called them the Superman shirt and made fun of them. But, oh, that logo — the curves fit you so well.

You showed the world you were growing up, and how much you cared about design and typography and other platonic ideals. You knew that open source didn’t have to be homely. I stretched myself too thin trying to get you there, and I did a stupid thing to pay for it. I hurt you, but instead of casting me away you held me closer, supported me, gave me another chance. I will never forget that. Akismet made me feel less guilty. I wouldn’t change anything, because the mistake made me understand how important it is to fly straight and take your time.

You’re so beautiful… I’m continually amazed and delighted by how you’ve grown. Your awkward years are behind you. Best of all, through it all, you’ve stuck with the principles that got you started in the first place. You’re always changing but that never changes. You’re unafraid to try new things that may seem wacky or unpopular at first.

I see you all over the world now, glowing from screens, bringing people together at meetups and WordCamps — you’re at your best when you do that. You’re my muse; you inspire me, and I’ve seen you inspire others. You become a part of their life and they become a part of yours. I hope we grow old together.

Cheers to ten years, and here’s to a hundred more.

Love,
Matt

Categories
WordPress

Neil Leifer on WordPress

One of my favorite photographers, Neil Leifer, has a beautiful new WordPress.com-powered site. For the past few years I’ve had this photo in my office:

Ali - Williams (Overhead)

The story behind it is pretty interesting, taken from this interview with Larry Berman and Chris Maher:

Chris/Larry: It’s actually quite a different question to say what are your favorites verses what do you feel are your best photographs.

Neil: I know, and my best picture ever, in my opinion, is my Ali Cleveland Williams picture that I shot from overhead. I don’t usually hang my own photos, I collect other people’s pictures. But that picture’s been hanging in my living room as long as I can remember. I have a 40×40 print of it which is hung in a diamond shape with Williams at the top. That’s the guy that’s on the canvas on his back.

Chris/Larry: It’s remarkably abstract for a sports picture.

Neil: I think it’s the only picture in my career that there’s nothing I would do different with it. You look at pictures and think that you can always improve them no matter how successful the shoot is. Part of what motivates you to go on to the next shoot is every once in a while you get a picture, whether it’s the cover of the magazine or an inside spread, that’s as good as you think you could have made it. And then a week later you see a couple of things that you could improve slightly. A month later you might see a few more things. It doesn’t diminish the quality of that picture. It simply means that there’s always room for improvement.

Chris/Larry: You’re learning for the future?

Neil: Exactly. It’s sort of what motivates you to go on. If I were to do the Cleveland Williams Ali picture again, I would do it exactly the same. And more important is that no one will ever do it better because it can’t be done like that anymore. Today the ring is different and the fighters dress in multi colored outfits like wrestlers. Back then the champ wore white and the challenger wore black.  Today, when you look down at the ring from above, you see the Budweiser Beer logo in the center and around it is the network logo that’s televising the fight. Whether it’s Showtime or HBO, they have their logo two or three times on the canvas. The logo of promoter of the fight, Don King Presents, is also visible. That’s why that picture couldn’t be taken today. So not only did the picture work out better than any I’ve ever taken, but it’s one that’ll never be taken again.

©Neil Leifer

Chris/Larry: Where are you in this picture?

Neil: I’m at 11:00 o’clock, as I remember it. I’m in a blue shirt leaning on the canvas with a camera in each hand.

It’s always an honor to have a great creator make their home on the web with WordPress.