
The Next WordPress - wsvincent
https://wsvincent.com/the-next-wordpress/
======
tmikaeld
First of all, Wordpress is known to fix security issues quickly and platforms
with many developers have more eyes on the code so it's only natural that they
have a LOT of reported vulnerabilities. This does not mean that it's
"inherently" insecure.

A static site can't enable...

\- User management (Members)

\- On-site-comments (That Search engines can find)

\- Voting (Polls & Ratings are very popular on Wordpress!)

\- Carts (For selling products)

\- Any user submitted content

...without 3rd party services that rely on JS.

This means that you rely on several external services for the site to have
these features and in the end, the costs will be higher than running it on
Wordpress.

But it could possibly be easier to maintain, be more secure, have higher
performance and the dynamic parts wouldn't all fail at the same time so the
uptime of the core site could be better.

~~~
_greim_
> This does not mean that it's "inherently" insecure.

It's a pretty strong indicator though.

~~~
RandomInteger4
Not really. Sometimes you hear about the WordPress security vulnerabilities
that are patched, but still exploited, and this is mostly a problem with
people not keeping an eye on security updates.

Combine that with the popularity that WordPress has drawing in people who know
enough to program themes and plugins, but not enough to program said themes
and plugins securely (avoiding simple SQLi and XSS) and you get the perception
of an insecure system that WordPress has.

~~~
kyriakos
Also the blame falls on actual users not keeping plugins up to date or using
one's from dodgy sources.

------
markgavalda
The most uninformative article I've ever read that was on the home page of HN.
It's full of misconceptions and assumptions (that every WP based site can be
be replicated with static site generators, that 'WP is inherently insecure'
and so on).

~~~
flocial
The article simply doesn't meet the standards of HN and only spreads popular
misconceptions.

------
johnvaluk
I would love to maintain our websites with a static site generator and manage
updates via pull requests to our version control system.

I don't have a single user who would understand that sentence. That's why we
use WordPress.

~~~
tmikaeld
Maybe with a pre-configured, cross-platform App - It might be "easier", but
then you'd have to have it auto-update as well.

While with any dynamic CMS, it's just - go to this site and login.

------
jackreichert
> WordPress itself is an inherently insecure platform.

Linking to regular security updates for a system is proof that that system
takes security seriously, not that it is insecure. I'd worry about an open
source project that didn't have regular security updates.

Also, "inherent" is silly to use in this context.

------
jms18
> Static Site Generators are a new, hybrid approach to web development

It's like Movable Type never existed.

------
andygcook
I generally disagree with most of the arguments here, but the last part of
this article makes a good point that the business owner (person buying
website) usually doesn't make the decisions about the technology that gets
used. This is especially true for SMBs (I'm excluding the DIY/hacker-types
here).

I built a WordPress plugin inside of HubSpot called Leadin (it's now their
HubSpot Marketing Free product). The idea was to build light weight marketing
automation for Very Small Businesses. We started on WordPress because most
small businesses use it. We incorrectly assumed in the beginning the business
owners would be the decision makers on whether or not to use our product. We
quickly found out it was usually the web development agency/consultant they
worked with who would install it for them, then explain the value of the
product. We eventually shifted our marketing to focus heavily on agencies
which became our main acquisition source.

Agencies like to use WordPress because it's customizable enough to easily
build what their clients need, is the same interface across every site and has
a huge ecosystem of the add-ons that their clients what. Until you can
replicate the WordPress 3rd party developer ecosystem it will remain the
dominant player. Also, static sites can't do all the things WordPress does,
like polling, comments, shopping carts, etc. you'd have to rely on a third
party for those components and when you add up all those, I'd think that would
be more than $100/year in subscriptions. It's easier and cheaper to have it
all centralized in WordPress which is why agencies choose to use it. If you
can charge a retainer too, the holy grail for agencies because it's
reoccurring, predictable revenue, you're essentially getting paid to just keep
things updated and make sure they don't break or get hacked.

------
ivanoats
I wrote a post about a Serverless CMS architecture that is a good follow up to
this article: [https://www.aerobatic.com/blog/a-serverless-cms-
architecture...](https://www.aerobatic.com/blog/a-serverless-cms-
architecture/)

------
return0
I think the author assumes that all wordpress sites are simple blogs.
Woocommerce alone powers 30% of e-commerce sites.

~~~
gk1
What makes you think that? The word "blog" is nowhere in the article. It's
clear to me they're talking about WP the platform.

~~~
return0
wonder how one does a static e-commerce site.

~~~
wsvincent
Author here. Snipcart is one option for e-commerce for static sites.

[https://snipcart.com/](https://snipcart.com/)

------
Entangled
I believe Medium is the next Wordpress because not only allows you to publish
but also to consume in an elegant and productive way. The recommendation
engine is quite good and the daily newsletter sent by email is good enough to
make me want to check the stories right away. They make an extensive use of
images that really adds to the user experience.

I used to be a Wordpress fan but now Medium has caught my attention.

So in essence it is not about the technical platform, it is about effective
production and consumption, and Medium hits the nail on both.

~~~
thinkling
The context is sites with custom features. Medium isn't in that market. Medium
is the new Blogspot.

~~~
joecool1029
Or xanga, or livejournal, etc.

------
_greim_
Wordpress isn't just a thing that people use. It's a gravity well of
humanity's non-technical web authoring aspirations; matter keeps accreting
there in the form of plugins and feature additions. Escaping it at this point
is going to be difficult for most people, similar to how sending satellites
into orbit is infeasible for most small businesses.

------
combatentropy
It's more precise to say "problem" when you mean something bad, and not
"issue," which is neutral. I am pretty sure that "issue" is a bureaucratic
euphemism.

It seems the higher up you go, the worse language gets:

    
    
      Technician: "The server is on fire!"
      Manager: "Uh . . . the server has a 'problem.'"
      Senior Director: "Ahem, the service has an 'issue.'"
      Owner: "You mean my server is on fire?"
    

Actually, maybe it's middle management.

------
onnimonni
I would like to see a simple but extendable cms which would be mostly static
but the non static parts would be handled by aws lambda or gce functions or
something similiar.

~~~
dageshi
Seems a lot more complicated than Wordpress for not a lot of gain?

------
steffoz
Just adding DatoCMS ([https://www.datocms.com/](https://www.datocms.com/)) to
the list of CMS specifically designed for static websites (shameless plug)!

Here Netlify is listing all the available products in this niche, both
commercial and open-source:
[https://headlesscms.org/](https://headlesscms.org/) Things are moving..
slowly :)

------
lewisjoe
> Lektor is file-based by default, so updating content does not require a
> cloud server at all but merely access to the root file itself, which can be
> stored on a service like Dropbox or Google Drive. A developer can use a
> local server to generate dynamic content and a full-featured site, but the
> CMS, which is currently a simple Mac app, simply updates the original file.

This. This would be something phenomenal. The problem with WordPress and
services like it, is that they take your content, package them into something
they can understand and hides them under their pillows.

Inverting the control, like what the OP says -- where the user _owns_ the
content, that can be plugged into layers like WordPress, looks like the path
towards the future.

I made [http://hexopress.com](http://hexopress.com) with a similar vision. It
is not yet a full blown shape of what I have in mind, but it cuts the concept
well.

------
KayL
whatever static site has a backend for your clients, it's potential security
problem.

------
dizzydes
I was recently considering creating an IDE specifically for WordPress with
built-in completion, tips and mapping for people who are skilled at
programming but new to WP development. Would anyone use it?

~~~
xemoka
Have you tried Pinegrow?

~~~
dizzydes
I had seen it before but didn't realize it included a WP theme builder. Thanks
for the heads up!

------
rco8786
$100 a year is too costly?

