Twenty years later, I am proud and humbled by what the community around WordPress has created, and jazzed about what we will create in the coming decades.
I’m also excited to mark this milestone by publicly launching the Audrey Scholars program. It is, like all things, an experiment, but I’m curious to see how it unfolds and perhaps one day an Audrey Scholar could even take the responsibility of leading WordPress, when my capacity to do so has passed.
My birthday is coming up soon so it’s that time of the year when friends start reaching out and asking where they should fly to and how we’re going to celebrate.
After a good run in the post-vaccinated-and-boosted part of 2020 that felt relatively “normal”, including traveling almost 200k miles, I’m going back into a pretty locked-down state of things. Omicron has just been catching too many friends and loved ones, even with fairly careful measures and testing. So what’s happening on January 11th?
What I’m asking for my birthday is for people to blog!
Whether professionally on WP.com, socially on Tumblr, or privately journaling with Day One, there’s never been a better time to stop being a passive consumer of the internet and join the class of creators.
If you’re a close friend that feels intimidated by the software at all or that you don’t know where to start, I’m happy to hop on a Zoom to go through everything on a screen share. That will also be a great learning for me for places we can improve things, which is also a fantastic gift!
Which brings to mind Betteridge’s law of headlines (née Hinchliffe’s rule), “Any headline that ends in a question mark can be answered by the word no.”
I can’t save the internet. But you know who can? A movement. A community of like-minded individuals, unified by a common philosophy, and working together to create tools of freedom.
It’s a human right to be able to see how that technology works and modify it. It’s as key to freedom as freedom of speech or freedom of religion. So that is what I plan to spend the rest of my life fighting for.
Working together we’ve created something special, unlike anything the internet has seen before, and I’m excited to continue.
Recording the solo version last year was actually one of the hardest things I’ve done in a long time. It’s funny, with a live audience I can comfortably present for an hour no problem, but recording that 25 minute presentation, alone in a room staring at a camera, was an excruciating process over two days and dozens of takes. I got the advice afterward that even if you’re just staring into a camera, it can be helpful to have an “audience” of a few friends in the room.
Even more than that, though, I’m positively giddy to see some of my friends from the WordPress community in person for the first time in several years. Please join via streaming on the 14th, and also there will also be at least 20 watch parties around the globe if there’s one in your neighborhood. Looking forward to catching up, celebrating the community’s accomplishments over the last year, and hopefully raising a torch for our march toward freedom on the web in 2022.
Today marks eighteen years since the very first release of WordPress. I consider myself so lucky to have co-founded the project alongside Mike Little. Who could have imagined that our nights and weekends hacking on blogging software, a fork of b2/cafelog, could turn into something powering over 40% of the web? Or that nearly twenty years in, it would be getting better faster than it ever has been?
I blogged these anniversaries when WordPress was five, ten, fifteen, and last year at seventeen, but as the project reaches an age that, if it were a child, it would be heading off to college, I’m uncharacteristically at a loss for words.
The overwhelming feeling is one of gratitude, so I want to say thank you to every person who has ever been involved with making WordPress as a contributor, a community organizer, or as an end-user of the software. It’s amazing what we can accomplish when we work together.
I noticed a few people happy that some previous pages and files on the old site were returning 404 errors, like the controversial 1776 report, but on this I think the webmasters of the United States of America should demand better, since Cool URIs Don’t Change. Previous websites are all saved by the National Archives, but there doesn’t appear to be any sort of norm for automatically redirecting links that went to any subdirectories or addresses under WhiteHouse.gov.
There are WP plugins that could help, like Redirection, but also perhaps the root domain itself could always redirect to a subdomain, like 46.whitehouse.gov, so we’d have a consistent domain and permalinks for everything, and then each new administration would get a new subdomain.
This tumultuous year, two things really helped me get through it: my colleagues at Automattic and the community of WordPress.
At the end of the year I usually deliver a speech to the WP community we call the State of the Word, that celebrates what we accomplished the previous year and shines a light on what we could focus on in the coming year. There’s always a great energy in the room and I love mixing with the audience before and after the talk. This year we did it online, which meant we could produce the talk a little more, and we made extra time for the Q&A afterward with answers not just from me but folks across the community.
One thing I’ll call out WordPress 5.6 had an all women and non-binary release squad of over 50 people, a first for WordPress and probably any large open source project. Also the market share of WordPress grew more in 2020 than it has in any year since it started being tracked!
If you’re curious about what’s next for WordPress, check it out:
The main feedback we got at the time was that the blogging software market was saturated and there wasn’t room or need for anything new.
WordPress did have a philosophy, an active blog, a license that protected the freedom of its users and developers, a love of typography, a belief that code is poetry, fantastic support forums and mailing lists and IRC, and firm sense that building software is more fun when you do it together as a community.
We have relentlessly iterated across 38 major releases since then, and here we are.
If you’d like to celebrate with me, put on some jazz, eat some BBQ, light a candle for the contributors who have passed on, help a friend or stranger less technical than you build a home online, and remember that technology is at its best when it brings people together.
In case you missed it, here’s the first-ever State of the Word… designed completely in Gutenberg:
WordCamp US was a fantastic experience, as always. Thank you again to the hundreds of organizers and volunteers who made it happen, to the thousands who attended, and to the city of St. Louis for hosting us. We’ll be back there again next year.
And special thanks to this next generation of WordPress contributors. So exciting to see KidsCamps continue to expand and thrive:
“Vague, but exciting.” Thirty years ago yesterday, Sir Tim Berners-Lee submitted his original proposal for an information management system to his boss at CERN — what would later become the World Wide Web (and, it turns out, a huge influence on my life and career).
To help celebrate, I tweeted WordPress’s contribution to the web’s grand timeline (above), and I got to participate in The Economist’s Babbage podcast looking back at the pioneers of the early web. Listen to the whole episode below:
It has over 130,000 views already! What I really love about this video in particular is that we get into the specifics of how a company can start to embrace a culture of letting employees work from anywhere, even if it started out as a traditional office with everyone in the same place. Automattic never started that way, so even as we’ve scaled up to more than 840 people in 68 countries, there’s never been a question — it’s now built in to our entire culture.
For distributed work to scale up, it’s going to require more CEOs, workers, and managers to test the waters. Any company can experiment with distributed work — just pick a day or two of the week in which everyone works from home, I suggest Tuesdays and Thursdays, then build the tools and systems to support it. Yes, that may require some shuffling of meetings, or more written documentation versus verbal real-time discussion. But I think companies will be surprised how quickly it will “just work.”
If the companies don’t experiment, workers may force them to do it anyway:
WordPress.com is partnering with Google and news industry leaders on a new platform for small- and medium-sized publishers, called Newspack. The team has raised $2.4 million in first-year funding from the Google News Initiative, Lenfest Journalism Institute, Civil funder ConsenSys, and the Knight Foundation, among others. We’re also still happy to talk to and engage other funders who want to get involved — I’d love to put even more resources into this.
It’s been a difficult climate for the news business, particularly at the local level. It also breaks my heart how much of their limited resources these organizations still sink into closed-source or dead-end technology. Open source is clearly the future, and if we do this right Newspack can be the technology choice that lasts with them through the decades, and hopefully our 15 years of growth lends some credibility to our orientation to build things for the long term.
The goal is to both make sure that the catalog of publishing tools as well as business tools they need to be able to run what one hopes is a sustainable news operation are addressed simultaneously. It’s not simply a CMS for a newsroom, but a full business system that enables publishing and monetization at the same time.
As you have come to expect from Automattic, everything will be open source and developed to the same standards WordPress itself is. We’re working with Spirited Media and the News Revenue Hub on the platform, and we will likely look for even more partnership opportunities from across the WordPress ecosystem. If you’d like to invest or get involved, drop us a line at email@example.com.
Over the weekend I was in Nashville with over a thousand other WordPress enthusiasts. I met a ton of people, learned a lot, and was able to share the annual State of the Word address with the audience, which is a big summary of what WordPress has been up to and where it’s going. This year we covered user testing, Gutenberg, 5.0, the future phases of Gutenberg, all the latest and greatest blocks, new minimum PHP requirements, the adoption of 5.0, and some event and community updates. You can also see just the slides. The Q&A is here in a separate video.
If you’d like a text summary and commentary on the speech, Post Status and WP Tavern both have good write-ups.
Update: On December 6th we released WordPress 5.0. It was definitely the most controversial release in a while, but the usage and adoption metrics are looking similar to previous releases. I’m looking forward to continuing to iterate on the new block editor!
We are nearing the release date for WordPress 5.0 and Gutenberg, one of the most important and exciting projects I’ve worked on in my 15 years with this community.
I knew we would be taking a big leap. But it’s a leap we need to take, and I think the end result is going to open up many new opportunities for everyone in the ecosystem, and for those being introduced to WordPress for the first time. It brings us closer to our mission of democratizing publishing for everyone.
I recently visited WordCamp Portland to talk about Gutenberg and WordPress 5.0, which will also include the new default theme Twenty Nineteen, which you’re seeing me test out on this very site. There were some great questions and testimonials about Gutenberg, so I’d urge you to watch the full video and read the WP Tavern recap. I’ve also visited meetups, responded to review threads, kept an eye on support, and I’m in the middle of office hours with the core community.
As we head toward the release date and WordCamp US, I’ve put many questions and answers into a Gutenberg FAQ below. For those who have other questions, I will be checking the comments here.
It’s an exciting time, and I’m thrilled to be working with y’all on this project.
What is Gutenberg?
Gutenberg, for those who aren’t actively following along, is a brand new Editor for WordPress — contributors have been working on it since January 2017 and it’s one of the most significant changes to WordPress in years. It’s built on the idea of using “blocks” to write and design posts and pages.
This will serve as the foundation for future improvements to WordPress, including blocks as a way not just to design posts and pages, but also entire sites.
The overall goal is to simplify the first-time user experience of WordPress — for those who are writing, editing, publishing, and designing web pages. The editing experience is intended to give users a better visual representation of what their post or page will look like when they hit publish. As I wrote in my post last year, “Users will finally be able to build the sites they see in their imaginations.”
Matías Ventura, team lead for Gutenberg, wrote an excellent post about the vision for Gutenberg, saying, “It’s an attempt to improve how users interact with their content in a fundamentally visual way, while at the same time giving developers the tools to create more fulfilling experiences for the people they are helping.”
Why do we need Gutenberg at all?
For many of us already in the WordPress community, it can be easy to forget the learning curve that exists for people being introduced to WordPress for the first time. Customizing themes, adding shortcodes, editing widgets and menus — there’s an entire language that one must learn behind the scenes in order to make a site or a post look like you want it to look.
The idea with blocks was to create a new common language across WordPress, a new way to connect users to plugins, and replace a number of older content types — things like shortcodes and widgets — that one had to be well-versed in the idiosyncrasies of WordPress to understand.
The block paradigm is not a new one — in fact many great plugins have already shown the promise of blocks with page design in WordPress. Elementor, one of the pioneers in this space, has now introduced a new collection of Gutenberg blocks to showcase what’s possible:
Why change the Editor?
The Editor is where most of the action happens in WordPress’s daily use, and it was a place where we could polish and perfect the block experience in a contained environment.
Additionally, the classic Editor was built primarily for text — articles have become increasingly multimedia, with social media embeds, maps, contact forms, photo collages, videos, and GIFs. It was time for a design paradigm that allowed us to move past the messy patchwork of shortcodes and text.
The Editor is just the start. In upcoming phases blocks will become a fundamental part of entire site templates and designs. It’s currently a struggle to use the Customizer and figure out how to edit sections like menus, headers, and footers. With blocks, people will be able to edit and manipulate everything on their site without having to understand where WordPress hides everything behind the scenes.
What does Automattic get out of this?
There have been posts recently asking questions about Automattic’s involvement in Gutenberg compared to other contributors and companies. There is no secret conspiracy here — as project lead I was able to enlist the help of dozens of my colleagues to contribute to this project, and I knew that a project of this size would require it. Automattic aims to have 5% of its people dedicated to WordPress community projects, which at its current size would be about 42 people full-time. The company is a bit behind that now (~35 full-time), and the company is growing a lot next year, so look for 10-15 additional people working on core and community projects.
In the end, Gutenberg is similar to many other open source projects — Automattic will benefit from it, but so will everyone else in the WordPress community (and even the Drupal community). It’s available for everyone under the GPL. If the goal was purely to benefit Automattic it would have been faster, easier, and created an advantage for Automattic to have Gutenberg just on WP.com. That wasn’t, and isn’t, the point.
Is Gutenberg ready?
Absolutely. Our original goal with Gutenberg was to get it on 100,000 sites to begin testing — it’s now already on more than 1 million sites, and it’s the fastest-growing plugin in WordPress history. There is a lot of user demand.
The goal was to both test Gutenberg on as many sites as possible before the 5.0 release, and also to encourage plugin developers to make sure their plugins and services will be ready. With everyone pitching in, we can make this the most anti-climactic release in WordPress history.
In the recent debate over Gutenberg readiness, I think it’s important to understand the difference between Gutenberg being ready code-wise (it is now), and whether the entire community is ready for Gutenberg.
It will take some time — we’ve had 15 years to polish and perfect core, after all — but the global WordPress community has some of the world’s most talented contributors and we can make it as good as we want to make it.
Someone described Gutenberg to me as “WordPress in 3D.” I like the sound of that. Blocks are like layers you can zoom in and out of. The question now is: What are we going to build with this new dimension?
Do I have to switch to Gutenberg when WordPress 5.0 is released?
Not at all. When it’s released, you get to choose what happens. You can install the Classic Editor plugin today and when 5.0 is released, nothing will change. We’ve commited to supporting and updating Classic Editor until 2022. If you’d like to install Gutenberg early, you can do that now too. The Classic Editor plugin has been available for 13 months now, and Gutenberg has been available for 18 months. Both have been heavily promoted since August 2018, and more than 1.3 million .org sites have opted-in already to either experience, so nothing will change for them when they update to 5.0.
How can I make sure I’m ready?
Before updating to 5.0, try out the Gutenberg plugin with your site to ensure it works with your existing plugins, and also to get comfortable with the new experience. Developers across the entire ecosystem are working hard to update their plugins, but your mileage and plugins may vary. And you can always use the Classic Editor to address any gaps.
As with every new thing, things might feel strange and new for a bit, but I’m confident once you start using it you’ll get comfy quickly and you won’t want to go back.
The release candidate of 5.0 is stable and fine to develop against and test.
When will 5.0 be released?
We have had a stable RC1, which stands for first release candidate, and about to do our second one. There is only currently one known blocker and it’s cosmetic. The stability and open issues in the release candidates thus far makes me optimistic we can release soon, but as before the primary driver will be the stability and quality of the underlying software. We made the mistake prior of announcing dates when lots of code was still changing, and had to delay because of regressions and bugs. Now that things aren’t changing, we’re approaching a time we can commit to a date soon.
Is it terrible to do a release in December?
Some people think so, some don’t. There have been 9 major WordPress releases in previous Decembers. December releases actually comprise 34% of our major releases in the past decade.
Can I set it up so only certain users get to use Gutenberg?
Yes, and soon. We’re going to be doing another update to the Classic Editor before the 5.0 release to give it a bit more fine-grained user control — we’ve heard requests for options that allow certain users or certain roles and post types to have Gutenberg while others have Classic Editor.
What happens after 5.0?
We’ve been doing a release of Gutenberg every two weeks, and 5.0 isn’t going to stop that. We’ll do minor release to 5.0 (5.0.1, 5.0.2) fortnightly, with occasional breaks, so if there’s feedback that comes in, we can address it quickly. Many of the previous bugs in updates were from juggling between updates in the plugin and core, now that Gutenberg is in core it’s much easier and safer to incrementally update.
What about Gutenberg and accessibility?
We’ve had some important discussions about accessibility over the past few weeks and I am grateful for those who have helped raise these questions in the community.
Accessibility has been core to WordPress from the very beginning. It’s part of why we started – the adoption of web standards and accessibility.
But where I think we fell down was with project management — specifically, we had a team of volunteers that felt like they were disconnected from the rapid development that was happening with Gutenberg. We need to improve that. In the future I don’t know if it makes sense to have accessibility as a separate kind of process from the core development. It needs to be integrated at every single stage.
Still, we’ve accomplished a lot, as Matías has written about. There have been more than 200 closed issues related to accessibility since the very beginning.
We’re also taking the opportunity to fix some things that have had poor accessibility in WordPress from the beginning. CodeMirror, which is a code editor for templates, is not accessible, so we have some parts of WordPress that we really need to work on to make better.
Speaking of which, CodeMirror was seeking funding for their next version — Automattic has now sponsored that funding and in return it will be made available under the GPL, and that the next version of CodeMirror will be fully accessible.
Finally, Automattic will be funding an accessibility study of WordPress, Gutenberg, and an evaluation of best practices across the web, to ensure WordPress is fully accessible and setting new standards for the web overall.
After WordPress 5.0, is the Gutenberg name going to stick around?
Sometimes code names can take on a life of their own. I think Gutenberg is still what we’ll call this project — it’s called that on GitHub, and you’re also seeing it adopted by other CMSes beyond WordPress — but for those outside the community I can see it simply being known as “the new WordPress editor.”
With the adoption of React for Gutenberg, what do you see as the future for React and WordPress?
The other beautiful thing is that because Gutenberg essentially allows for translation into many different formats — it can publish to your web page, it can publish your RSS feed, AMP, it can publish blocks that can be translated into email for newsletters — there’s so much in the structured nature of Gutenberg and the semantic HTML that it creates and the grammar that’s used to parse it, can enable for other applications.
And WordPress 5.0 is just the starting line. We want to get it to that place where it’s not just better than what we have today, but a world-class, web-defining experience. It’s what we want to create and what everyone deserves.
Was this post published with Gutenberg?
Of course. 😄 No bugs, but I do see lots of areas we can continue to improve and I’m excited to get to work on future iterations.
This weekend, May 27, marks the 15th anniversary of the first release of WordPress. It is an understatement to say that I am immensely proud of what this global community has become, and what it has created. More than 30% of the top sites on the web are now powered by WordPress, I’m writing this in our next-generation editor Gutenberg, and every day I meet someone who is building something interesting on WordPress or pushing our shared project in bold new directions. If you can believe it, growth has actually been accelerating.
I am thankful to Mike for helping make WordPress a reality, many dedicated folks in the years since, and to all of you who are dreaming up the next 15 years. 😄
Many in the open source world are like Moses in that they speak of the Promised Land but will never set foot there. If I spend the rest of my life working and we don’t reach almost all websites being powered by open source and the web being substantially open, I will die content because I already see younger generations picking up the banner.
Our decision to move away from React, based on their previous stance, has sparked a lot of interesting discussions in the WordPress world. Particularly with Gutenberg there may be an approach that allows developers to write Gutenberg blocks (Gutenblocks) in the library of their choice including Preact, Polymer, or Vue, and now React could be an officially-supported option as well.
I want to say thank you to everyone who participated in the discussion thus far, I really appreciate it. The vigorous debate and discussion in the comments here and on Hacker News and Reddit was great for the passion people brought and the opportunity to learn about so many different points of view; it was even better that Facebook was listening.
Today is 14 years from the very first release of WordPress. The interface I’m using to write this (Calypso) is completely unrecognizable from what WordPress looked and worked like even a few years ago. Fourteen years in, I’m waking up every day excited about what’s coming next for us. The progress of the editor and CLI so far this year is awesome, and I’m looking forward to that flowing into improvements for customization and the REST API. Thanks as always to Mike for kicking off this crazy journey, all the people chipping in to make WordPress better, and Konstantin and Erick for surprising me with the cool cake above.
In the WordPress world, when we look back an 2016 I think we’ll remember it as the year that we awoke to the importance of marketing. WordPress has always grown organically through word of mouth and its passionate community, but the hundreds of millions being spent advertising against WP has started to have an impact, especially for folks only lightly familiar with us.
I’ve started to hear about a number of folks across many WordPress companies and industries working on this from different angles, some approaching it from an enterprise point of view and some from a consumer point of view. There’s an opportunity for learning from each other, almost like a mastermind group. As the survey says:
Never have there been more threats to the open web and WordPress. Over three hundred million dollars has been spent in 2016 advertising proprietary systems, and even more is happening in investment. No one company in the WP world is large enough to fight this, nor should anyone need to do it on their own. We’d like to bring together organizations that would like to contribute to growing WordPress. It will be a small group, and if you or your organization are interested in being a part please fill out the survey below.
By working together we can amplify our efforts to bring open source to a wider audience, and fulfill WordPress’ mission to truly democratize publishing.
One of the hardest things to do in technology is disrupt yourself.
But we’re trying our darndest, and have some cool news to introduce today. When I took on the responsibility of CEO of Automattic January of last year, we faced two huge problems: our growth was constrained by lack of capital, and the technological foundations of the past decade weren’t strong enough for the demands of next one.
The first has a relatively straightforward answer. We found some fantastic partners, agreed on a fair price, issued new equity in the company to raise $160M, and started investing in areas we felt were high potential, like this year’s WooCommerce acquisition. This “war chest” gives us a huge array of options, especially given our fairly flat burn rate — we don’t need to raise money again to keep the company going, and any capital we raise in the future will be purely discretionary. (Since last May when the round happened we’ve only spent $3M of the investment on opex.)
The second is much harder to address. The WordPress codebase is actually incredible in many ways — the result of many thousands of people collaborating over 13 years — but some of WordPress’ greatest strengths were also holding it back.
The WordPress codebase contains a sea of institutional knowledge and countless bug fixes. It handles hundreds of edge cases. Integrates constant security improvements. Is coded to scale. Development moves at a fast clip, with six major releases over the past two years and more around the corner. Its power and flexibility is undeniable: WordPress just passed a huge milestone, and now powers 25% of the web. You can run it on a $5-a-month web host, or scale it up to serve billions of pageviews on one of the largest sites on the web, WordPress.com.
The basic paradigms of wp-admin are largely the same as they were five years ago. Working within them had become limiting. The time seemed ripe for something new, something big… but if you’re going to break back compat, it needs to be for a really good reason. A 20x improvement, not a 2x. Most open source projects fade away rather than make evolutionary jumps.
So we asked ourselves a big question. What would we build if we were starting from scratch today, knowing all we’ve learned over the past 13 years of building WordPress? At the beginning of last year, we decided to start experimenting and see.
Today we’re announcing something brand new, a new approach to WordPress, and open sourcing the code behind it. The project, codenamed Calypso, is the culmination of more than 20 months of work by dozens of the most talented engineers and designers I’ve had the pleasure of working with (127 contributors with over 26,000 commits!).
Incredibly fast. It’ll charm you.
100% API-powered. Those APIs are open, and now available to every developer in the world.
A great place to read, allowing you to follow sites across the web (even if they’re not using WordPress).
Social, with stats, likes, and notifications baked in.
Fully responsive. Make it small and put it in your sidebar, or go full-screen.
Really fun to write in, especially the drag-and-drop image uploads.
Fully multi-site for advanced users, so you can manage hundreds of WordPresses from one place.
Able to manage plugins and themes on Jetpack sites, including auto-upgrading them!
100% open source, with all future development happening in the open.
Available for anyone to adapt to make their own, including building custom interfaces, distributions, or working with web services besides WordPress.com.
This is a beginning, not an ending. (1.0 is the loneliest.) Better things are yet to come, as all of you dig in. Check out these links to read more about Calypso from different perpsectives:
This was a huge bet, incredibly risky, and difficult to execute, but it paid off. Like any disruption it is uncomfortable, and I’m sure will be controversial in some circles. What the team has accomplished in such a short time is amazing, and I’m incredibly proud of everyone who has contributed and will contribute in the future. This is the most exciting project I’ve been involved with in my career.
With core WordPress on the server and Calypso as a client I think we have a good chance to bring another 25% of the web onto open source, making the web a more open place, and people’s lives more free.
If you’re curious more about the before and after, what’s changed, here’s a chart:
There’s a thread on Quora asking “I am powering a bank’s website using WordPress. What security measures should I take?” The answers have mostly been ignorant junk along the lines of “Oh NOES WP is INSECURE! let me take my money out of that bank”, so I wrote one myself, which I’ve copied below.
I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.
In terms of security, there are a two simple points:
Make sure you’re on the latest version of core and all the plugins you run, and update as soon as new version become available.
Use strong passwords for all user accounts. For extra credit you could enable a 2-factor plugin, use Jetpack’s WordPress.com login system, or restrict logged-in users to a certain IP range (like behind a VPN).
If your host doesn’t handle it, make sure you stay up-to-date for everything in your stack as well from the OS on up. Most modern WP hosts handle this (and updates) for you, and of course you could always run your site on WordPress.com VIP alongside some of the top sites in the world. If you use any non-core third party code, no harm in having a security firm audit the source as well (an advantage of using open source).
For an example of a beautiful, responsive banking website built on WordPress, check out Gateway Bank of Mesa AZ. WordPress is also trusted to run sites for some of the largest and most security-conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures, NASA, and literally hundreds more.
As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.
If you wanted any help on this feel free to reach out to Automattic as well, we have a decade of experience now dealing with high-risk, high-scale deployments, and also addressing the sort of uninformed FUD you see in this thread.
If you’ve developed a major bank site in WordPress leave a link in the comments.