
WordPress now runs a quarter of the web - mustafauysal
http://w3techs.com/technologies/details/cm-wordpress/all/all
======
Dachande663
WordPress is like the Kalashnikov of the web. You can use it for pretty much
anything, run it anywhere, do god knows what to it and it'll still happy hum
along (albeit behind a very big varnish cache).

A few of our clients have millions of pageviews running off of a couple
t2.small instances and the single biggest factor for them is the UI and the
security of knowing they're not tied into a bespoke platform.

~~~
vonklaus
wordpress, and a t2.micro can handle >1 million pageviews?

~~~
pavs
nginx + varnish + cdn + pagespeed + php-apc. Most definately possible and you
will still have 400+mb memory to spare on a 1gb server, avg cpu usage is at
30-40%. Done it for few clients myself.

------
CM30
It's not that surprising to be honest. WordPress' success comes down to the
following:

1\. It was simple to use in an era where CMS meant 'large, complicated system
that was tailored towards technies rather than the general population'. It
didn't have a ton of features, but it was easy to use for the average blogger
wanting to write posts without worrying about all the setup and coding and
what not.

2\. You could pretty much install it anywhere without minimum technical skill,
since PHP and MySQL was (and is) supported by about 99.99% of shared hosts.
Its newer competitors tend to be written in languages that are usually only
available on a VPS or dedicated server.

3\. It has a very large ecosystem for themes, plugins and other such things,
so someone with no technical skill could find add ons for anything they wanted
without needing to call in a developer or know PHP.

It's not the best written software and its not the best optimised for anything
in particular, but it is one of the easiest to install and use for someone
without a technical background, which is why it's so widespread.

~~~
picozeta
I agree with your points, but always wonder why shared hosting is often
PHP/MySQL only. E.g. if you are using Python, say Django or Flask, and want to
outsource your devops (i.e. shared hosting) you do not have many options.

Of course, there is pythonanywhere or you might want to use PAAS like Heroku,
but I find it interesting non the less. Is it so much more work for shared
hosting providers to provide Python?

~~~
coliveira
PHP guys are very smart about not trying to reinvent the wheel. They always
supported the most common web setup: Apache running on its standard
configuration. That's why every shared host company in the world is confident
in deploying PHP and avoids like the plague more complex solutions based on
Python, Java, and Rubi.

~~~
pizzeys
I'd say it's actually the opposite - the users are comfortable with PHP and
not the more complex solutions. I'd love for us to support other stuff, but
anyone who is using anything else wants more control over their environment
than the average shared host can offer. We have as many deployment issues etc.
with PHP as we would anything else... possibly more.

That said, isn't 'IaaS' like Heroku basically 'shared hosting for other
stuff'?

------
netaustin
I agree entirely with the premise that WordPress is not the most impressive
codebase in the world — but that's not why people select it.

The reason that sites opt to use WordPress is that the editorial interface is
familiar and the plugin ecosystem is very robust. The reason that sites stay
on WordPress is that upgrades arrive for free every couple of months and do
not break backwards compatibility.

WordPress's performance has improved over the years largely as a result of the
rising tide of CPU and RAM upgrades and improvements to PHP and MySQL
themselves — and more recently through integrations with Elasticsearch, which
WordPress works particularly well with.

It's also possible to use WordPress as a framework and to develop elegant code
using its APIs, which is largely what my firm does (I run one of the handful
of agencies that partner with Automattic to provide WordPress consulting to
big companies). But that's the exception, not the rule, and most of the
prospective developers we interview who have WordPress experience can't use it
the way we want.

~~~
audessuscest
> the plugin ecosystem is very robust

It's not true, a lot of WP plugins are buggy and sometimes conflict each
other.

> upgrades arrive for free every couple of months and do not break backwards
> compatibility

But sometimes plugins break with upgrades

~~~
stevesearer
Paid plugins (with support) are the way to go for getting the highest quality
and I've had great experiences with them. Some of the ones I've had great luck
with on my site are Advanced Custom Fields, Gravity Forms, and most recently
FacetWP.

Edit: that said, there are also high quality free ones as well

------
sopooneo
Any consultants on here that have to deliver/maintain WordPress sites? If so,
mind sharing what your basic workflow is?

There are many articles on the web, but they are mostly for very entry level
users. The fundamental problem my company runs into with WP is that only a
theme can be meaningfully checked into version control. Everything else,
including installation of plugins is coupled with entries in the database. And
of course the database also includes changes necessarily made on the
production instance, like comments to blog posts.

Any thoughts or links to posts on this greatly appreciated.

~~~
neurostimulant
If you prefer git-based deployment for your wordpress project, bedrock is
probably for you: [https://roots.io/bedrock/](https://roots.io/bedrock/)

Also, wp-cli helps a lot in streamlining the project (enabling/disabling
plugins, updating site settings, etc, all from command line or deployment
script scripts)

------
rmdoss
And WordPress itself is NOT insecure. It is in fact the most secure CMS you
can find out there.

The issue is that its simplicity and easy installation, brought a lot of non-
technical people to use it and develop for it.

So you get a lot of bad written themes and plugins that lead to all sort of
security issues.

On the other hand, Drupal and Joomla, all had SQL injections on their core
discovered lately:

[https://www.drupal.org/SA-CORE-2014-005](https://www.drupal.org/SA-
CORE-2014-005)

[https://blog.sucuri.net/2015/10/joomla-3-4-5-released-
fixing...](https://blog.sucuri.net/2015/10/joomla-3-4-5-released-fixing-a-
serious-sql-injection-vulnerability.html)

~~~
jonesb6
I learned a lot about security on the web by poking around wordpress sites in
school. While I believe what you're saying is true it's hard to believe that
the perception alone of wordpress's 'hackability' doesn't make it much more of
a security risk.

"Oh they run wordpress? I can probably get into that."

"Runs wordpress vulnerability scanner script"

"Oh hey look ~wp-config.php!"

~~~
keithpeter
Yup: so I moved my low traffic vanity site back to static html when I worked
out that I was spending more time reinstalling WordPress because of security
advisories than actually writing anything.

As the chap who runs pinboard put it [1] people like me should not be running
web applications like WordPress on live server space.

So I ran WordPress _locally_ and harvested the html pages. Then realised that
I was using a poky little text area to write when I could just use a text
editor...

[1]
[http://idlewords.com/2009/09/how_to_not_get_your_blog_hacked...](http://idlewords.com/2009/09/how_to_not_get_your_blog_hacked.htm)

------
mbrock
The total economic activity attributable to WordPress must be staggering. How
many small businesses use it? How many consultants and design firms? Even the
business of creating WordPress themes must be very significant.

~~~
visakanv
> Even the business of creating WordPress themes must be very significant.

It is, lots of people make full-time livings doing it, and even have entire
companies set up to do it.

~~~
mbrock
Themes like Divi seem to compete directly with things like Squarespace,
including custom WYSIWYG layout tools etc.

[http://www.elegantthemes.com/gallery/divi/](http://www.elegantthemes.com/gallery/divi/)

Here's a testimonial from an independent web site creator that I found
interesting.

[http://www.elegantthemes.com/blog/customer-
spotlight/creatin...](http://www.elegantthemes.com/blog/customer-
spotlight/creating-my-own-web-design-business-helped-me-become-a-better-dad)

(I have no affiliation at all with this nor any other WordPress business, I
just think it's interesting—as a counterpoint to the stereotypical HN focus on
fancy new technology—how enormously productive this ecosystem really is.)

> One day, as I was in the process of writing a post for inspireddad.org, I
> had a sudden epiphany. I thought to myself, WordPress is not like any other
> website builder I have used before. It is powerful, simple, and can be used
> for almost anything… and I can see myself making a living off of this one
> day. It was this thought that set me into motion, and I began learning
> everything I possibly could about WordPress—I became obsessed. [...]

> I honestly believe I might have given up on this dream if it hadn’t been for
> the amazing support that the ET team gave to me early on. This support,
> coupled with my own growing WordPress knowledge, enabled me the opportunity
> to launch approximately two dozen websites in my first year—which gave me
> the confidence I needed to take my business to the next level. [...]

> The incredible support and products of [Elegant Themes] have enabled me the
> chance to do what I love—achieving an entrepreneurial lifestyle that has
> allowed me to truly help my clients, while also giving my family my time and
> attention as a husband and father.

I'm half tempted to abandon my current plans of startup world domination and
just make WordPress websites for local businesses.

~~~
e12e
It's a fascinating ecosystem, but a little confusing. I was hoping there was
an easy(ish) way to develop a custom theme, and use wp.com for hosting -- but
as far as I've been able to figure out, there's no way to do that -- to use
wp.com is to opt out of any serious customization. On the flip side, you get
(presumably) rock solid wp hosting, and few security issues.

Every time I've considered wp, I've ended up turning away - the code base is
quite awful for the basic features it provides, and as soon as you start
adding third party plugins (for added features), you need to be very careful
to avoid either breaking on updates, or security issues (with a plugin, or
cross section of plugins). It feels like half of the traffic to full-
disclosure is related to wp plugins.

I'm not the typical wp customer of course, but for me the ability to develop
some fairly static (html+js+css) themes along with wp hosting might have been
interesting. If I can't use custom themes, wp.com hosting isn't all that
interesting -- and if I have to host it myself, I want something that's a more
solid software design than wp (and hopefully maxes out at around a single db
query per page view. Something which is easier if you can assume the db has
proper views, for example (select * from anonymous_page_view where
page_id=?)).

I see that the same is true for the elegantthemes (which appear to be terrific
value at ~250 USD for a life-time, unlimited license, btw):

[https://www.elegantthemes.com/join.php#wp-
com](https://www.elegantthemes.com/join.php#wp-com) "Can I use your themes
with WP.com?"

"Unfortunately WordPress.com does not allow the use of custom themes. If you
would like to use a custom theme of any kind, you will need to purchase your
own hosting account and install the free software from WordPress.org. If you
are looking for great WordPress hosting, we recommend giving HostGator a try."

Yeah, I don't think I'll be suggesting clients to use HostGator as a web host.

Wrt. themes and wp.com -- I can see how I could make a few themes and sell
them at an affordable price -- I don't really see how the economics of support
works out when you need to deal with the entire gamut of outdated php/mysql
versions and the plethora of combinations of server+(f)cgi/php-
module+mysql/mariadb/otherdbs(?)+windows/solaris/bsd/linux for support and
testing. Not to mention interaction with hundreds of buggy third party wp
plugins.

> I'm half tempted to abandon my current plans of startup world domination and
> just make WordPress websites for local businesses.

Best of luck to you :-)

~~~
gkop
I think WPEngine has the same advantages as wp.com hosting but with more
flexibility.

------
mrfijal
i kind of wonder how did we get to this point. technologically speaking it's a
disaster - terrible slow and insecure language as a platform for bad practices
and codr base. i guess the answer is that technical excellence.is absolutely
secondary to other concerns, but it's a concerning view.

~~~
mschuster91
There may be other technical solutions that are better from a technology POV.

What WP did right is to choose a platform supported EVERYWHERE (PHP, and not
Ruby, Java or other crap only supported by few hosters), with a shitload of
developers (again, the massive advantage of PHP), and packed the installation
process in a way everyone from an 8-year old school kid to a 70-year old
grandpa can handle (and literally, I have seen both!).

Also add in that wordpress.com's free hosting platform... well... surpasses
any other blog solution by far.

~~~
PopeOfNope
> What WP did right is to choose a platform supported EVERYWHERE

When WP was created, their options were PHP or Perl. PHP was by far the
hottest thing back then, so what they actually did was use the hot tech of the
day and made it work. The reason PHP is supported everywhere is for the same
reason; back then it was PHP or Perl via CGI. Python was added later and was
also supported EVERYWHERE.

~~~
mschuster91
> Python was added later and was also supported EVERYWHERE.

Germanys big hosting player Strato doesn't offer Python in its cheap plans,
Hosteurope according to their FAQ is stuck at python 2.6.

Granted, a German-centered POV, but still. Python support is far from
mainstream.

------
mamon
That sounds scary considering the fact that Wordpress security flaws make it
"remote system administration tool" first, and blog platform second.

~~~
vatotemking
citation needed

~~~
johansch
[http://www.cvedetails.com/vulnerability-
list/vendor_id-2337/...](http://www.cvedetails.com/vulnerability-
list/vendor_id-2337/product_id-4096/)

~~~
Karunamon
200 vulns in 11 years? That doesn't sound awful in perspective. I bet you use
software every single day that has significantly more.

------
nogridbag
I recently looked at Hugo[1] as a WP alternative and have been very impressed.
It's a static website generator written in Go and features its own server with
live-reload so you can see changes to your content instantly in the browser. I
was looking for something that a non-techie might be able to maintain and
since Hugo offers prebuilt binaries the only requirements for the maintainer
is to drop hugo.exe into the working directory and type a few commands. In the
end though, it's still a bit more complicated for non-techies than maintaining
a website created via WordPress.

[1] [https://gohugo.io](https://gohugo.io)

~~~
PopeOfNope
Considering some of the people I've made wordpress sites for couldn't even
figure out the wordpress interface, command line anything is a no go for a
large percentage of wordpress's intended audience.

~~~
e12e
Yeah, I'm sure it'd be possible to build on top of Hugo (or many other static
site generators) to build something that might be usable for the typical wp
customer - but afaik none of them are that out of the box. The most likely
alternative I can think of is Ghost: [https://ghost.org/](https://ghost.org/)

But, I'm not sure how easy it is to customize along the lines that people
expect from wp (Now, that could be considered a feature - but it also means it
could be a hard sell to someone that just wants a wp site).

If what is needed really is a static site (a "web site"/"homepage") -- I think
netlifly looks quite promising:

[https://www.netlify.com/](https://www.netlify.com/)

------
teleclimber
Matt Mullenweg's post on this is interesting [1].

"The big opportunity is still the 57% of websites that don’t use any
identifiable CMS yet, and that’s where I think there is still a ton of growth
for us (and I’m also rooting for all the other open source CMSes)."

I wonder what currently runs the remaining 57%.

[1] [http://ma.tt/2015/11/seventy-five-to-go/](http://ma.tt/2015/11/seventy-
five-to-go/)

~~~
caseysoftware
Raw [programming language of choice] or custom CMS that someone's nephew
hacked together and they don't care enough or have the time/money to replace.

In 2005-2008, I made good money switching people from those systems to Drupal
with the simple pitch of plugging into a larger community and being able to
shop around for modules and developers who wouldn't have to learn a new
codebase.

------
rebootthesystem
I must admit ignorance here. I've installed WP a couple of times but never
went live with it or did anything past poking around.

Here's my hangup: I can't understand why one would start with a blogging
platform, pound at it with various plugins and transform it into, say, a
product/ecommerce website. It feels like starting with a shovel when you need
a pick (or some other more applicable analogy).

That's the part I don't quite understand. Carrying all of that baggage to
build something diametrically opposite what the original stated function of
the software may have been.

On the funny end of the scale, I've seen five page static websites with a
landing page, a few info pages and a form done with WP. Unbelievable. Are
developers that lazy today that they throw WP at everything? Or is it easier
at that level to charge X to do a WP site rather than charging the same for
straight-up PHP/HTML/JS?

~~~
SHIT_TALKER
_On the funny end of the scale, I 've seen five page static websites with a
landing page, a few info pages and a form done with WP. Unbelievable. Are
developers that lazy today that they throw WP at everything? Or is it easier
at that level to charge X to do a WP site rather than charging the same for
straight-up PHP/HTML/JS?_

When the client says they want to be able to update site content
themselves.... okay, here's your five page WordPress site with a single form.

~~~
rebootthesystem
Yeah, that's probably the scenario with the least friction.

------
kmfrk
One wonders what the world would look like if Google hadn't dropped the ball
on Blogger.

~~~
josephagoss
Can you self host Blogger and download the code?

------
pahael
not surprised. I've seen my html illiterate friends make full websites using
wordpress. The power of php I guess.

------
pinkunicorn
Is this some kind of a pipe dream? WordPress runs a quarter of the web?

~~~
jqm
No it's not a pipe dream. It's a pipe nightmare.

------
Mithaldu
A quarter of all websites includes a LOT of tiny websites nobody visits.

How many users/hits/bandwidth of the web does WP get?

~~~
bruceallmighty
It's worth looking at what the stat actually is:
[http://w3techs.com/technologies](http://w3techs.com/technologies)

tl;dr: It's 25% of the top 10 million websites according to Alexa over the
last 3 months, and only includes top-level domains (So skips counting the
millions of WordPress.com subdomains).

If it were all websites, it'd surely include tens of millions of low-traffic
WordPress sites - but none of those are used in this calculation.

~~~
CydeWeys
> tl;dr: It's 25% of the top 10 million websites according to Alexa over the
> last 3 months, and only includes top-level domains (So skips counting the
> millions of WordPress.com subdomains).

Nit, from someone in this industry: A top-level domain is .com, .net, .org,
etc. The Alexa statistics only include second-level domains, which is what
fully qualified domain names without hostnames are called.

------
lohengramm
Recently built a blog on Bolt ([http://bolt.cm](http://bolt.cm)), just because
WP seemed too ugly. I do not regret.

~~~
velmu
I share your feeling. Bolt is excellent: [https://www.symfony.fi/entry/bolt-
is-wordpress-done-right-er](https://www.symfony.fi/entry/bolt-is-wordpress-
done-right-er)

------
chris_wot
I have to say, setting up blogger was just far too hard. Maybe something has
changed, but back in the day I was trying to find a math renderer for
[http://randomtechnicalstuff.blogspot.com.au](http://randomtechnicalstuff.blogspot.com.au)
\- but couldn't find anything.

I haven't bothered since, and my latest blog at
[http://sherlockchrisblog.wordpress.com](http://sherlockchrisblog.wordpress.com)
is just working with LaTeX markup. It's honestly a breath of fresh air.

~~~
jgillich
Blogger hasn't seen any development in years. I expect Google to shut it down
when enough users have left.

------
late2part
and at least 1/10th of the exploits?

------
jjuhl
Putting all eggs in one basket is scary. Putting all eggs in a PHP powered
basket is terrifying beyond words.

We're doomed :-(

------
jachob
... And still no decoupling and no real API. Wordpress is locked down by its
own mass of users and just can't evolve. Too big to fail ?

~~~
andrebalza1
V2 Api ([http://v2.wp-api.org](http://v2.wp-api.org)) will be merged into
wordpress 4.4 core, planned for december 2015

~~~
DrewAPicture
It's already been merged into trunk ;)

------
mtgx
Can we get a Wordpress alternative written in Go, though?

~~~
MaxKK
Why? (Serious)

