Hacker News new | comments | show | ask | jobs | submit login
WordPress 5.0: A Gutenberg FAQ (ma.tt)
194 points by se7entime 9 days ago | hide | past | web | favorite | 140 comments





I know a lot of people dislike PHP and WordPress, but I haven't found _anything_ that comes close to it in terms of sheer extensibility and plugin ecosystem. There's a plugin for pretty much anything you might want to do with a platform. I even moved my personal Jekyll-powered blog to WordPress a few years ago.

My favorite thing about WordPress is that it's a known quantity. There's an easy to follow tutorial teaching you pretty much anything you might want to do with the software. PHP isn't the prettiest language, and WordPress itself feels a bit creaky at times. But it's a practical tool. It does the job, and does it very well.

Since I'm a JavaScript developer, I was optimistic about Ghost becoming a viable alternative to WordPress. Sadly, Ghost's plugin API still doesn't seem to be complete. Without that, it can't replace WordPress for anything besides basic blogging. That seems to be the niche the Ghost developers are interested in, though, so I don't think it's coming anytime soon.

I'm really excited to see this release. Gutenberg is certainly a step in the right direction for the editor, and I'm planning to upgrade all my websites over the next few weeks!


You're absolutely right. The big issue (for me, at least), is that it's a security nightmare. At least last I used it. It seemed there were security exploits popping up every day. Either from the core codebase, or from some random plugin everyone seemed to be using. I think that was just the nature of how their plugin system works? I'm not sure if anything's changed, but _maintaining_ a WordPress install is not fun and requires constant - almost tiring - oversight.

I used to help artists with setting up Wordpress portfolio sites. But the constant maintenance required (updating Wordpress & plugins, making sure that all plugins are secure and maintained, and checking after each update to make sure nothing was broken), as well as the rise of platforms like Squarespace, Wix & Weebly, means that I no longer recommend Wordpress for those types of clients. Artists just want to show and sell their work, not deal with whether or not a plugin update is compatible with their version of Woocommerce.

Is this a WordPress thing or a software with a developer ecosystem thing?

Because that's always the catch with any script really. If you're using third party themes and plugins for anything, then you're putting trust in the developers of said themes and plugins that they know what they're doing coding and security wise.

The exact same situation is true of everything from WordPress to Drupal to vBulletin and XenForo to MediaWiki and Magento.


With something like squarespace or wix (or even WP hosted), you're putting more power in the hands of the centralizing host, which is both limiting but also can reduce security issues.

The "sheer breadth of the ecosystem" in self-hosted WP is also where so many of the problems come in (compatibility between products, security issues, etc).

I'd argue it really is worse in the WP scene vs Drupal, partially because of the 'ease' of the code for newbs to get started. There's no culture of automated testing in the WP community at large, but some other platforms at least allow for that. There are people who write clean and well-tested WP products, but they're likely a minority, if you're looking at the ocean of stuff released over the last 5-10 years in the WP space.


It's not exclusively a Wordpress problem, but in my experience it's especially bad with Wordpress.

Indeed. Staff at the hosting service I use for professional purposes have always been very down on WP. My understanding from our various conversations is that for any systems where they were providing some sort of managed security service, it was a time sink to keep everything up to date. For any shared hosting systems where they weren't also managing the security, there would be frequent compromises and then that would get things blacklisted, so potentially other customers using the same shared resources could be negatively affected in at least two different ways. They don't seem to have become noticeably more positive about any of this in recent times despite the arguments about WP security being better these days, which suggests that there is still enough of a problem to be concerned about.

Check out Jetpack, it can auto-update all your plugins, and has a "Rewind" feature with real-time backups so you can one-click take your site back to a previous state if anything didn't work.

Jetpack has some nice features, the comments form especially. It is, however, very bloated - especially since you'll often only use 2 or 3 features on any one site.

Since Jetpack code is also what we run on WP.com (tens of billions of pageviews) it goes through a huge amount of performance tuning and optimization. The way modules work when you turn them off they don't have any overhead, similar to turning off a plugin. If you were using literally one thing it might feel like a lot, but as soon as you use 2-3+ things Jetpack does it's a lot more efficient than separate individual plugins to accomplish the same task.

Can you give a couple examples of when / how Jetpack has to be a single plugin, instead itself being a suite of individual plugins?

If the knock on that product is bloats, and the compromises adoption, how is X a benefit to those who refuses to abopt the whole alphabet?


It's not like features you don't use slow you down, or that the < 1 MB of code they take on disk is important.

I did a lot of WP dev from 2007 to 2011 or so, and I still run my businesses on Wordpress today. I hadn't really dug into Gutenberg yet, but I just played with https://wordpress.org/gutenberg/ and I think a lot of people are overreacting. It's a very big change, but it feels like the right move for the future of Wordpress. I'm sure it's not easy to move a community forward in a new direction when there is a global ecosystem comprised of tens (hundreds?) of millions of websites, developers, designers, users, and entire companies invested in the status quo. I don't envy you!

Also, appreciate you still stopping into HN to chat :)


Hi Matt. Maybe not assume everyone here knows who you are? And instead at some point make note of the bias in your recommendation?

HN =/= WordCamp etc.

Tia :)


The only way to ensure your wordpress sites don't break is to reduce reliance on plugins. A decent host like DigitalOcean doesn't hurt either. Squarespace is ok for simple sites, but once clients start requesting additional features it becomes a nightmare.

As a free market tends to do, this has been largely solved. Perfect Dashboard, iThemes/Liquid Web and others now offer technology that auto updates core and plugins and rolls them back if anything breaks. 95% of the old pain of updating and patching is solved with these tools.

> but _maintaining_ a WordPress install is not fun and requires constant - almost tiring - oversight.

This isn't true. I've been running and managing 15+ WordPress websites for over 5 years now and not once run into any issues like you're describing, and I certainly haven't lost sleep or become 'tired' over it.

Using a good tool like ManageWP (or InfiniteWP, or any of the others, take your pick) makes managing multiple WordPress websites a breeze (e.g., it alerts you every morning with what updates are available), and with their paid backup/restore functionality there's really nothing to worry about if something did go wrong. Combine all this with a nice WAF or security plugin and you're fine. Or you can use a service like MalCare that combines both.

If you go months and years without updating, then yes you're asking for trouble like any other piece of software.

Too many people used WordPress over 10+ years ago and just stick to the same speech about PHP and WordPress and security and all that and how everything is so bad, and that a different CMS that nobody uses in a obscure language is sooo much better and secure (that won't be here in a couple of years in all likelihood.)


The fact that you even mention that you get security updates "every morning" is an indication of how much work keeping a WordPress site secure can be.

I think it is just wordpress' ubiquiti that has made it a security issue though. Attackers are quick to build exploit bots the moment a new vulnerability is found and they scour the web for unpatched sites.

So if you don't stay on your toes, you will get pwned sooner or later with a wp site.


> The fact that you even mention that you get security updates "every morning" is an indication of how much work keeping a WordPress site secure can be.

Sorry for the confusion; I mean if there's a WP/Plugin/Theme update, I get notified every morning so I can go in and update (if needed.)


Your last paragraph is wrong. WordPress is a headache for people who keep their CMSes up to date. The speech about why Wordpress is a poor choice for a lot of projects has changed over the last decade, but it’s still true to say — possibly truer than ever. PHP is a lot better than it used to be, but not Wordpress-style PHP. There are great CMS alternatives that are also written in PHP and are better, secure, and set up so that they will be around for years.

My answer to this problem has been the plugin Wordfence. It's primary feature is a WAF whose rules update continuously and intercepts every request. Having worked at several agencies I've seen and inherited many hacked sites. I have never had a site be infected with a clean install using Wordfence. knocks on wood

Same here. WordFence has been a god-send. My agency offers fully custom sites, WordPress sites, and even builds on sites like Squarespace for people and I always differentiate them for clients. If it's a site that we'll end up managing, I always install WordFence and the developer license for it is incredibly reasonably priced. It's a 100% recommend from me for anyone considering it.

I use Wordfence and always thought it was good. But good to know that a lot of others find value in it too. Btw, looks like wordfence is getting killed with all the traffic from HN. Hopefully the increased sales will make it up to them :)

Wow. Founder here. Thank you!

I'm a lone developer in a marketing agency. I manage hundreds of WordPress sites. Some are my own work, many are not. As someone who has inherited more than his fair share of compromised sites, thank YOU! WordFence is the immediate fix for 99% of the hacks I see. It stops malicious activity in its tracks until I can patch the issues. There are simply no other plugins even close to the quality of WordFence.

Well thank you. I'm a big fan of your newsletter as well :)

I used to do sysadmin work as a web hosting company and security nightmare is exactly the phrase I think of when I think of WordPress.

Many mom and pop type businesses find the lowest cost web designer they can find to build them a WordPress site then get upset with the hosting company when "the server gets hacked" and their site is redirecting to a malicious site.

WordPress is certainly a powerful platform but the fact that it is so easy for someone to get started is also a weakness because those people don't understand it isn't just set it and forget it.


Don't forget about the 'low cost web design' market. If you're buying a web design for south of $500, you're PROBABLY getting a WordPress next next finish install with a default template and some minor tweaking.

I've screened / interviewed so many jr web "developers" who don't actually know how to develop a web app and they claim that installing WordPress plugins is development experience.


That's a fair point. I usually spend some time hardening my WordPress installs, and keep all of them updated. I also disable a few features of the WordPress dashboard, including updating WordPress core and installing themes/plugins. I do these tasks from the command line using WP-CLI.

This setup lets me do 99% of my everyday work using the WordPress UI. For the remaining 1%, I can SSH and use the command line. I've had a scare or two in the past, but in general my websites haven't been large enough to be lucrative targets. Maybe someone who's running larger blogs can chime in on the security issues.

If you want a one click solution, DigitalOcean's WordPress droplet has a lot of security stuff pre-configured for you. They even integrate fail2ban with the WordPress login screen, which is something I never even considered of doing.


I agree security issues are the main drawback. This can be mitigated by using managed hosting providers. I've had several wordpress sites running on managed hosts for years with little oversight and no issues.

The main advantage of Wordpress and what makes it unique is that it‘s a real ecosystem, it scales from normal users, or business users/marketers who operate on a very high level, web designers, down to full stack developers and infrastructure devs, covering the whole business - design - dev continuum.

There‘s like a guaranteed influx of new clients downstream, who start small with a site builder, and get snatched up as clients as they grow.

Other “competing“ solutions just don‘t support a similar continuum in their ecosystems. Either they‘re missing the “normal people DIY level“, like most JS and Jamstack solutions, and/or they miss the lower levels and have proprietary hosting and devops solutions.

Having this continuum or diverse market also means that the‘re many people depending on that ecosystem, trying to increase the influx of new people. Not only to the level they operate on, but also the top non dev level. Normal people who ask experts (devs) for advice get directed towards WP as a result.

It‘s basically self promotional.


> There‘s like a guaranteed influx of new clients downstream, who start small with a site builder, and get snatched up as clients as they grow.

I like your point here, can you elaborate?


There's also a lot of situations where updates can break custom themes or other custom code. Sometimes it's an old plugin that is left not-updated that causes a break or a hack and the site is broken. Many times these are setup and look nice for the client, by someone who is not maintaining any longer.

Then the site breaks they go online looking for help. This is not always a wordpress fault, sometimes it's a plugin issue for example.

However with the Gutenberg thing being forced in, I expect there will be a lot of broken custom themes and lots of people without backups. If their site is set to auto update core, there may be lots of work in the coming weeks.

I'm glad WP is not abandoned, but again (for the umpteenth time) wish new features were added as plugins and not forced into core. Akismet is added in backend as a plugin for people who want to use it, but it's not running by default during an update (as far as I can remember) for example.

At least automattic had notices in the backend dashboard warning about a new editor coming - not sure the notice warned that it may break some custom things - not that the average client would know that they have a custom thing.

Should be an interesting few weeks ahead.


People who outgrow the solutions they‘ve built themselves, and then look for better designs, custom plugins, hosting etc. and fall into the hands of businesses that provide those solutions. And these businesses fall themselves into the hands of other businesses further down the WP food-chain.

The “guarantee“ comes from the growth hacking minded ecosystem. People who set up their own WP businesses read up about it and usually follow the advice they find, what plugins to use, how to FB ads etc.


> I know a lot of people dislike PHP and WordPress, but I haven't found _anything_ that comes close to it in terms of sheer extensibility and plugin ecosystem. There's a plugin for pretty much anything you might want to do with a platform. I even moved my personal Jekyll-powered blog to WordPress a few years ago.

That's exactly what I dislike about WordPress. Yes, it's extensible, yes, it has a shit ton of plugins, but it's also exactly why it's so unsecure, slow and bloated. People want to do with WordPress things that it _should not be doing_. It's a CMS, but its blog engine roots still show to this day.

> My favorite thing about WordPress is that it's a known quantity. There's an easy to follow tutorial teaching you pretty much anything you might want to do with the software. PHP isn't the prettiest language, and WordPress itself feels a bit creaky at times. But it's a practical tool. It does the job, and does it very well.

It's a very decent blog or simple presentational site engine, but as soon as you stray too far from its base functionality, you end up stuck with shit plugins that break every couple of updates. Their biggest multi-lingual plugin (WPML) slows down every request by a full second just by turning on the plugin. Yeah, you can optimize some settings and gain some of it back, but almost nobody does. Access to tutorials is nice, but the vast majority of them are actually garbage and filled with bad practices.

> Since I'm a JavaScript developer, I was optimistic about Ghost becoming a viable alternative to WordPress. Sadly, Ghost's plugin API still doesn't seem to be complete. Without that, it can't replace WordPress for anything besides basic blogging. That seems to be the niche the Ghost developers are interested in, though, so I don't think it's coming anytime soon.

The thing is, people want a new WordPress. But a new "CMS that does everything" is bound to have the same issues : being tolerable at most things, but not very good at anything.

Disclaimer : I worked at a web agency for some time where half the sites were WP. People want things done with WordPress because they know the admin panel, then get surprised when their site ends up being a huge bloated hack that holds together with duct tape. Oh, and Jesus Christ does it get hit by bots all the freaking time...


Ever try redesigning a Wordpress site?

All those plugins are just a Big Ball of Mud, and trying to figure out how to apply a design to it, without breaking everything is kind of impossible. Change a theme? Lose settings, styles, major layout choices, menu locations. I can go on.

You basically have to develop your theme, apply it to the LIVE site, and fix the fires you find. Maybe a needed plugin now isn't compatible with whatever tech the new theme brings in. Well, you're hosed.

This is fine if you're just a blogger, but if you're running a business off your Wordpress site, it's a complete disaster. Like - we hosed a live Wordpress site simply by making duplicate dev site. I don't know how I'm supposed to work with that sort of environment.

But any suggestions are welcome.


>Ever try redesigning a Wordpress site?

Yes, me and tons of others people over the years.

>* All those plugins are just a Big Ball of Mud, and trying to figure out how to apply a design to it, without breaking everything is kind of impossible. Change a theme? Lose settings, styles, major layout choices, menu locations. I can go on.*

Depends on how you wrote the theme (or which theme you've bought) and what you want to change. Like on any other platform. It could also be a totally seamless experience. If your whole IA was based on the way the theme did things (custom post types, meta boxes and so on), then you need to port that too.


We do themes semi frequently enough to have a sort of process down. Never any problems here really. We just opt to not use much of the Wordpress ui helpers and make sure we’re not using plugins that generate their own ui. Then again they mostly end up being hosted with Wordpress VIP and they hold everything to a fairly high standard.

I’ll admit though, it’s a bit weird having a prod and dev environment with how many tweaks Wordpress can have. Haven’t really come up with a good solution for that.


> I know a lot of people dislike PHP and WordPress, but I haven't found _anything_ that comes close to it in terms of sheer extensibility and plugin ecosystem

You're right about everything there except one word: "extensibility".

Wordpress has a comprehensive hooks system that makes it seem like it's very extensible, but that's only there to make up for the godawful mess that is the codebase itself. PHP (which is a fine language and owes much of its bad press to wordpress tbh), like most modern programming languages, is designed for building easy to extend applications, where devs can leverage simple, testable, reliable language features instead of hooking into the tacked on callbacks API of a core app that's so inconsistent that you never really know for sure if anything's going to work long term.

There's three types of devs who interact with WordPress:

1. people who build "spec-and-deliver" sites for clients, with no ongoing maintenance, and love wordpress because they never see the mess their website turns into.

2. plugin devs who typically don't have to deal with client website maintenance, and definitely don't have to deal first-hand with their own plugins' incompatibilities with other plugins

3. people who have spent time actually maintaining wordpress sites and never want to touch it again

4. (non-dev) amateur bloggers who throw up an install with some plugins, and never look at code, and never update, and don't need any features, and are really the only appropriate audience for this platform... until their site gets hacked for the 15th time...


> PHP (which is a fine language

No it isn't. The language itself is awful. The PHP ecosystem is great though: easy deployments, good dependency management, healthy community, and the most pleasant framework I've ever worked with - Symfony.


"I was optimistic about Ghost becoming a viable alternative to WordPress. Sadly, Ghost's plugin API still doesn't seem to be complete."

To me, it felt like Ghost is simply WordPress in JavaScript and I don't think anyone wants that.

Why switch away from PHP just to get the same things and as you mentioned not even get the same things but less?

Ghost, Sails, Ember, they all try to emulate principles from projects of the past.

Gatsby, Amplify and React are doing things differently and aren't copies of Wordpress or Rails, that's why changing to them is a good idea if the different approaches are worth it. Not just because it's cool to use JavaScript...


Just don't look into plugin sources. Maybe it improved since, but in 2011 it was frightening. hundred line long nested for loops with an almost exact copy just below but not really. Then commented code in the published source. In a top 20 plugin at the time.

Still the same

Even after the symfony bundle era ? I was hoping too much maybe.

I like the work Ghost has done, but I'm moving away from it in favor of Craft, in part because I feel like my needs are moving faster than that project is.

I think you'd find Craft (https://craftcms.com/) to cover most of your needs and desires from the ecosystem standpoint. It's PHP-based but it's also well-designed and its approach allows for the kind of flexibility that you have to work really hard to get elsewhere.

I was able to set it up with a Markdown editor, shortcodes, Imgix, and a bunch of other must-haves for my use case very quickly thanks to the existing plugin community. And the issues I did run into, I found help from the community almost immediately.

The only downside, really, is that its license isn't open in the way WordPress is, though it's free to use for single-user projects.


If you're a PHP dev looking for a good solid CMS framework that (in my opinion helps you out tremendously while also staying out of the way). Check out kirby at https://getkirby.com.

Has a very large plugin eco system and a no database CMS system similar to jekyll/hugo.


I'm not sure why you are "excited" to see this release. For those of us who create Wordpress sites for clients, this is a mess. A comparison of Gutenberg to any of the major Page builders (Visual Composer, Divi, Enfold etc.) shows that Gutenberg is simply not ready for production. Features are missing, and there simply isn't the finesse you get from a page builder.

Gutenberg should have been offered as an extension, leaving core Wordpress alone. Now, we are going into the situation where an inferior page builder is part of core. That can only cause trouble.


I hate to start this off this way but this comment makes me feel like you're either a very novice WP user or simply a designer that likes to advertise themselves as a dev but doesn't actually do a lot of coding. Divi and Visual Composer are both absolute messes from every aspect except for ease of use and they're incredibly bloated even for simple page layouts. Everything ends up as an inline style, the actual load time for pages is astronomical, and making any kind of theme changes are impossibly inconsistent because these page builders inextricably link all styles to the HTML instead of in proper CSS where they belong.

Gutenberg, on the other hand, while not perfect, is several times better than these systems, in my opinion. There's still some messiness to it but it's much easier to set up a theme for a client and have comfort that, when you come back to edit something for them, they haven't borked it all to hell requiring you to dig through a slow and clunky interface just to reset a font-color.


The whole point of WordPress is that you don't need to do much coding, so that point is moot. The vast majority of WordPress developers are designers or non-technical people who either don't know how to code, or who can hack a bit of code now and then.

When I make a site for a client I have to balance many options 1) how fast can I do it 2) including how many bits and bobs do I have to add in to even make it work 3) What it will look like 4) will the client be able to update it afterwards. Speed and underlying tech is way down the list.

I generally use Enfold [1] to build client sites. Divi's interface is too complex and slow to navigate. VC is faster, and I have used it on occasion. Gutenberg also has a slow interface. Gutenberg also requires the download of loads of blocks or block packages, which surely bloat the page, and cause confusion. I've tried Atomic blocks [2] etc, which only works well when you pair it with the Atomic Blocks theme. But sometimes I might need a different blocks. So now, you've now got multiple hero sections, each with different parameters, css and coding. That's bloat and inconsistency.

Gutenberg simply doesn't give designers the level of control over existing page builders. Read this comparison of Gutenberg vs Elementor [3]. I don't use Elementor, but the author concludes -- like me -- that Gutenberg is no match for exiting page builders. To paraphrase, he concludes that Gutenberg is for unsophisticated users who are creating single page layouts with low precision.

BTW, I don't know what themes or clients you have, but Enfold allows all the elements to be locked so that the clients can't mess with the layout. It's also very easy for them to login and see the page structure so that they know where they are. I'm not saying it's perfect, but it's far better than Gutenberg.

IMHO, instead of finding out what developers actually wanted and were using, WordPress decided to roll its own system, which would be fine if it was optional. But, now that it's core, it's just an inferior, anti-competitive PITA.

[1]https://themeforest.net/item/enfold-responsive-multipurpose-... [2]https://wordpress.org/plugins/atomic-blocks/ [3]https://createandcode.com/gutenberg-vs-elementor-comparison/


>The vast majority of WordPress developers are designers or non-technical people who either don't know how to code, or who can hack a bit of code now and then.

That's what I thought. There's a reason why WordPress has a reputation for being insanely insecure and a terrible platform and it mostly has to do with the fact that it's made things easy for people who have no idea what they're doing. Existing page builders allow you to make something easily while completely ignoring the affect of page load times, proper syntactic code, and quality. They're meant for people who don't invest the time to actually learn what they're doing so they can throw crap together that they can charge clients who don't know any better.


We had it as an extension for a year and a half, and in that time it became the fastest growing plugin in WP's history. User tests also showed significant issues with our current editor approach and much better results with Gutenberg enabled, that's why some hosts have had it on by default since the summer.

I agree it's not for everyone, that's why there's an opt-out, but it is an improved experience for the vast majority of current and potential future users. It's shipped, and now we can continue to iterate on it.


It might be fine for casual users, but it's really not good enough for those using WP to make sites for clients. That said, I wish you the best of success with it, and will continue to evaluate it as you progress.

If Gutenberg isn't an improvement for you with regard to client sites, then you're not actually developing your client sites correctly per the WordPress specs. You're relying on builders to do too much of the work for you.

Be serious. If I use a page builder, such as Enfold or Visual Composer, I can get a client site completed in much less time, with a consistent design, and with more precision than with Gutenberg. You're saying that I should use Gutenberg because simply because it is the WordPress Spec. But, as it stands, Gutenberg is simply inferior to page builders. IMHO that goes against the ethos of WordPress, which was always for extensibility i.e I can take my choice of competing plugins, themes and page builders according to the needs of my client and the project. Now, it looks increasingly like we're stuck with a system that is slower to use, delivers imprecise results, requires the download of overlapping blocks, is barely out of beta, AND that will destroy competition in the space. Even if it conforms to the "WordPress specs" that's not a good result.

If Gutenberg isn't an improvement for you with regard to client sites - NO, it is not an improvement for 50 out of 50 of our client sites. Not one person cares not 1 iota about it. It may actually break some of the custom themes some of them run, so it's the opposite.

"correctly per the WordPress specs" - this is like windows rolling out an update that breaks atom, sublime text, and others that were working well. Seriously.

We don't rely on page builders on 100 out of 120 sites. Some sites do have custom themes that incorporated rows for design, which may break with this update.

The sites that did rely on page builders were working great and had no need for Guten.


I wish people in the tech bubble would realize that "why there's an opt-out" - is like saying 'you can stop the beating by.." - why not just make it 'opt in" - when there is consent, side effects can be considered easier, and then there is more of a chance someone actually knows how to opt out / change the consent of this thing running.

advertising it to everyone probably helped :)

> For those of us who create Wordpress sites for clients, this is a mess

We use Gutenberg extensively with clients (and have for some time), so I don't think that blanket statement is fair. There's been a learning curve but the business value speaks for itself at the end of the day.

Agree with @photomatt's comments.


Thank you for pointing this out. We are in a simlar position. Have you noticed any compatibility issues between Gutenberg and VC?

John from Ghost here - Firstly, big congrats to WP team for launching 5.0!

We have lots of ideas around extensibility for Ghost, they just increasingly don't look very much like plugins. We've always been hesitant to ship something which developers would rely on and end up creating yet-another-janky-bloated-CMS, so we've admittedly held back on that front.

The thing about a lot of plugins is, the most popular ones feel like they really shouldn't be plugins. Many plugins are popular simply because they're things which should be in core, while others should simply be tutorials. You shouldn't need a plugin for good SEO, and you shouldn't need a plugin to insert a Mailchimp embed.

To that end we've got a large directory of integrations which show how to make 3rd party services work with Ghost: https://docs.ghost.org/integrations

As for the more advanced platform-specific functionality: I think the long term view of how all platforms will need to work looks a lot more like external APIs and microservices than locally installed hooks and filters.


I've had the misfortune of having to maintain and extend a new WP install now, where we used Umbraco before. Literally everything about Umbraco was better except for two things: 1) the requirement to run on Windows 2) the number of available plugins was smaller

The number of plugins thing is offset by the reality that Umbraco plugins were generally higher quality across the board.

What you gain, though, is a sensible way to create a content structure/ component blocks and templates that work in a standard MVC way with a data model and views. WordPress on the other hand... I want to cry every time I look at a WordPress template, even when using improvements over the core like Roots provides with Bedrock and Sage. It's all imperative functions that modify state, global vars and functions, exceptions to remove all sorts of random bundled scripts and an outdated version of jQuery, just barf-ola.

And that's not even getting into the fact that by default it runs basically everything on every single request unless you install a third party caching plugin. Good luck loading config values or whatever on "startup" because the concept doesn't exist. Umbraco had a much higher level of performance out of the box, and could use generally the same additional caching techniques and performance techniques if you want to.

I truly think these types of CMSes are on their way out, as they tie the presentation layer directly to content management. The future, to me, is looking like Headless CMSes linked to a static site generator like Gatsby or React Static.


Isn't drupal better though if you're just wanting to take advantage of its API despite the php-ness?

Gutenberg Rocks!!

WordPress is very nice until you hit a niche problem: the media library has a lot of hooks that are not applied on the backend (and the media library itself is seriously dated); the XML library that can't handle a newline before <xml; while there are option for custom comment types, it's not actually supported; the REST API is a gigantic security hole; no database abstraction layer; etc.

I'm having high hopes for the ClassicPress fork to eliminate these bumps, but the future of WordPress.org will be interesting, especially that gutenberg breaks backwards compatibility, which breaks a lot of plugins, meaning you either go Classic Editor and your plugins, or Gutenberg and, maybe, some of your plugins.


The big problem with 5.0 is that it's not actually ready and they are shipping because of Wordcamp.

There are 152 open issues that they conveniently allocated 1 to 5.0, 28 to 5.0.1 and the rest to future point releases. https://make.wordpress.org/core/2018/12/06/5-0-gutenberg-sta...

The introduction of Gutenberg is a huge change and yes if you've been following the development, you're probably ready for the major changes but if you weren't following along you're in for a nasty, buggy, surprise.


100% agree. Gutenberg should not given a public release until it is at least as well formed as the various page builders that are already out there.

"if you weren't following along you're in for a nasty, buggy, surprise. " this scares me and may bring tears. I don't have time to backup all the sites I have with custom themes and plugins.

Hope someone writes a tutorial on how to undo this update, including the database and change over to the class press fork.


Yeah, I think it deleted all my plugins this morning. Yay.

As someone who hosts over 150 WordPress websites for small businesses ... I'm not thrilled about this release and the work it will entail given the editor overhaul.

Another user posted this: https://make.wordpress.org/core/2018/12/06/5-0-gutenberg-sta...

Also this posted by the author of Advanced Custom Fields, a very popular plugin: https://twitter.com/wp_acf/status/1070089217479307264


Supposedly, you just install this and you're good to go: https://wordpress.org/plugins/classic-editor/

I just tried updating to 5 on a test copy, as far as I can tell it didn't break anything.


The drop in boxes on 5 were too small on my system to edit (looked like it had a max width of 600px. This essentially forced my hand for the classic-editor because I couldn't drop in images and what not. Really strange error to have on the first day.

The boxes for editing should be based on percent (I shouldn't have to edit them).


For as long as that plugin is supported..

2022 at the earliest.

I manage a fair amount of WordPress sites. You need to add all your websites to a WordPress manager like ManageWP. Install the classic editor. That will give you time. We will not use Gutenberg for now. I'm creating a training to help everybody use it.

Have you tried managing it using https://managewp.com? I was in your shoes and it saved me a lot of headache

So you allow managewp to login to your sites?

It uses official WordPress Rest API: https://developer.wordpress.org/rest-api/

ManageWP uses the WordPress api to update plugins and themes

I know this is not for everyone, but sometimes it makes sense to jump off the CMS bandwagon and build a custom site. First I used Drupal but got tired of rewriting the site on every major release and jumped on WordPress. Then on WordPress I realized I could not create the user experience I was after without committing massive amounts of time and resources in custom plugins/themes. Leaving me too dependent on a moving target that might take a direction I don't agree with. It looks like there is a plugin for everything, but having them all play nice together is difficult. The more plugins the bigger the security risk, and the greater the risk of an update breaking your site.

I rewrote the site in Node.js/Express with Vue.js and server side rendering. The ecosystem is ready with so many libraries to quickly get up and running. Another major benefit is being able to design your own database instead of having everything stored as a post (WordPress).


I've been using this exact structure too, via Nuxt: Node/Express + Vue on the front end (with templates written in pug via pug-loader).

The benefit is that I can use scoped CSS on any given article I write to better match its content. And writing in pug is, to me, equivalent to writing in Markdown.

I import in packages if/when I need them, instead of relying on a plugin ecosystem.

But this is not a CMS: it's me writing pug, compiling, and generating static pages.

If this were client-facing, I'd need to drop in a CMS/db. But since it's only me, this system has been ideal.


I would love to do something like this. Drupal was a nightmare for me as a designer. Wordpress is much more manageable, but HTML/CSS/Javascript are king for me to have full control. What I'd like to learn next is implementing a database to cover the CMS side of things. Any resources you care to share that would put me on that path?

I believe that the static site generators of this day are the next step in custom web development. I'm currently working on a Gatsby.js project using Contentful as the content provider and it really feels like the stack of the future - build with all the shiny tools but send a fast, static website to the end user.

If you're interested in full stack serverless solutions, AWS Amplify looks really good. It handles a lot of the provisioning of resources and creation of GQL resolvers, etc. I spent an afternoon with it a few weeks ago and it completely changed my outlook on the future of the web and CMSs.

https://aws-amplify.github.io


For what it's worth, I went with PostgreSQL, decided not to use an ORM but a query builder (knex.js). Knex.js gives you database migrations and is good for basic querying. It is easy to drop down to raw SQL if you need something more complex or optimized.

Apples and oranges. If you needed a comprehensive client accessible CMS then how did you replicate that side of things in Node etc?

If you didn't need a CMS then I'm not sure why you were using Drupal/Wordpress in the first place. The only reason I can think to use them is if you want to hand off content editing to a non-developer.


I agree that I did not replicate the theme and plugin system of WordPress. But the beauty is that you probably don't have to. WordPress has to cater to all, which is probably the source of all the issues people face.

But neither is my website a simple brochure site. Members create their own content, upload photos, enter their location on a map, enter available dates, have the ability to chat with other members. When I tried to do al this with custom and available plugins, it never felt as a coherent experience. Then there is a lot of automation in the background, notifying members of unanswered messages, expiring profiles, notifying members of expiring memberships. Getting all this properly done with the CMS provided API's is more work then writing it from scratch yourself. With the benefit of not having to worry about CMS API deprecation.


You're making a completely different distinction to the one I was making.

I was saying "client-editable content" vs "not" and you seem to be saying "brochure site" vs "dynamic site".

Brochure sites sometimes need to be client editable. And sometimes complex, dynamic sites don't. It's an orthogonal point.


Will Gutenberg actually help Wordpress? I don't think so. Why? Most site owners aren't designers and don't do layout or content building well at all. Maybe I am short sighted on this though.

Much of my business has been replacing sites that run on Wordpress with my own CMS Archetype. Even though it lacks a lot of the power of mass of WP plugins, it makes up for it with simplicity of production and ease of use.

Some site owners want more control/power over layout building, and others would be overwhelmed by the extra features of Gutenberg.

Will Gutenberg become a core complaint of WP in the future? Maybe. The biggest complaints I've gotten about Wordpress are these:

1. Can't hand it off to clients to edit their own content, because it's too hard to learn. Or if you do train someone, it turns into a cycle of retraining. (though this seems to be Gutenberg's real target goal)

2. Updating is painful. Plugins break on a regular basis.

3. Security, WP sites get hacked alot. Think this is primarily because most WP sites aren't run by professionals, but individuals.

But also, #2 applies here, there's motivation to _not_ upgrade because of the possibility of breaking the site.

There are others, but Gutenberg would not solve these 3 largest problems with WP that I have run into.


> Will Gutenberg actually help Wordpress? I don't think so. Why? Most site owners aren't designers and don't do layout or content building well at all. Maybe I am short sighted on this though.

I agree! I use wordpress.com because I DON'T WANT TO DESIGN MY SİTE. Nor do I want to design each individual post. I want my blog to have a uniform look. I may make some tweaks to CSS and that's all. I don't want to think about design.

WP is arrogantly pushing the new editor but I tried it and I see no use for it. I think it should only be an option for people who want to design their own site.

It's true that there is no other place I can take my blog to. WP knows this and they know they can get away with it.


Here's the holy land:

- React components (Gutenberg)

- You can visually edit react components (Gutenberg)

- You can render the site with anything (Gatsby?)

Wordpress made some insane decisions with Gutenberg, like 1. storing the parameters (data you enter visually into the component) in an HTML comment (!!!) alongside the rendered HTML and 2. deciding to show the equivalent of "FATAL ERROR IN THIS COMPONENT" when the component author makes any adjustment to the markup output. Their idea for the latter was for you, the component author, to keep a deprecated version of any change alongside the new version.

They have the start of something great but crippled it with laughably bad decisions. Feels like... well, developing in the PHP ecosystem again.

More specific discussion: https://github.com/WordPress/gutenberg/issues/10444


No mention here about Gutenberg's lack of support for accessibility standards. They pretty much went full steam ahead and left the accessibility team behind. See: https://rianrietveld.com/2018/10/09/i-have-resigned-the-word...

I also found it pretty shocking to learn (https://www.smashingmagazine.com/2018/12/gutenberg-accessibi...) that @photomat did hold a potential professional engagement hostage over Marcy Sutton’s personal blog decision... although he seemingly did reverse that, but still, the whole attitude is fairly disturbing in doesn’t help where there already are lots of emotions involved.

There's a whole paragraph in the linked article talking about accessibility - it looks to me that they're mostly planning to improve it in the next few point releases. It's too bad they couldn't bake it in from the start, but at least they seem to acknowledge it

not "couldn't" but "refused to"

Is the summary of that article basically "No one on the accessibility team knows React so we can't help?". If so, then that's more the accessibility team's fault than it is the rest of the dev team. Granted, accessibility should be a priority for the whole team, but when it's your team's job to do that singular part of the development, maybe you should be resigning and let someone who knows what they're doing take over...

That article is now two months old and a lot has changed and improved since then. You also have to compare apples to apples: don't just compare writing in a single text area to manipulating complex blocks, try to accomplish the same task (like putting two captioned images side by side) in both interfaces.

You guys need to check the 1 star reviews for Gutenberg on the link below for some good comedy. Most reviews are 1 star.

https://wordpress.org/support/plugin/gutenberg/reviews/?filt...


Maybe I’m in the minority here. Is this the “new editor coming soon” on wordpress.com blogs? If yes, I tried it and was left more confused than before (features like copying an existing post with its categories, tags and content in order to create a new post were missing). So I switched back. I’ve found WordPress becoming more complicated to administer and use over the years. I hope aiming towards simplicity doesn’t inadvertently add more complexity.

The move seems aimed more at website building (ex. Wix) than blogging. These should be two different products because the blocks-based idea makes WP.com unusable for blogging, IMO. As a 10-year user, if they remove the option to revert, I'll be taking my blogs elsewhere.

Gutenberg, and this whole medium.com style look to websites layouts and interactivity just makes me think it is about time for an Apocalypse. Probably starting with silicon valley going down in a sink hole (make it goolag first).. like real soon please.

I'd rather go back to reading sites off geocities with starry backgrounds and little animated gif's everywhere..at least those looked like someone had fun putting them together, than this automated fking pile of readability styled over sized fonts design for people who can't see good shit that is getting spewed out from so called website 'designers' and 'content writers' if you in anyway like this style of a website design and user experience for readers, just kys... I mean at least think about it, perhaps reflect on how awful you are as a human.


Imagine getting this worked up about black text on white backgrounds.

Could you describe your online reading conditions? Device, distance to screen etc.?

This reminds me of Drupal 8 which was a massive departure from previous versions. As a part-time Drupal user with a handful of sites. The changes in Drupal 8 were just too much for me. Suddenly I had to learn Composer before I could do anything. Nothing wrong with Composer but if you aren't fulltime PHP developer this is just too much to learn to use a CMS. Installing Drupal changed from just unzipping a file to a whole convoluted process (I know I exaggerate).

The technologists were happy but the hobbyists not so much.


Composer mostly replaces 'drush make'. You can still download zip files (for core, themes and modules).

Composer helps if you have to manage complicated modules. For example, CiviCRM is CMS-agnostic and bundles its own versions of Symfony, Guzzle, etc. If we only used zip files, we would end up with library conflicts. Composer helps fix that.

(However, I agree that Drupal tends to make things insanely complicated, and the upgrade process is underwhelming.)


For what Automattic want WordPress to be, WP 5 seems to be a sensible move. WP is a viable choice for the Squarespace and Wix crowd that want to build a website without knowing anything about how to design or code. These services are eating their (lucrative) lunch, and a move toward ease of building makes real sense.

Sadly, this isn't the reason WP is popular. People use it because it's the most popular CMS, because of the marketed belief that it's the easiest to use, and because there is a perceived belief that it's quick to develop features because "we'll just use a plugin for that". While there are many teams out there that do WP "right", I'd say they are in a small minority. Most WP sites I've used have been a total mess.

I've used a lot of content management systems and frameworks in the past, and while it's on a framework many refuse to use, I'd say the best open-source CMS available for user experience and extensibility is Umbraco. While the core community can be a bit reclusive to outsiders, and HQ eager to push profitable products, Umbraco is easy to use, easy to install, and has a rich ecosystem of plugins to allow developers to build stuff easily. I liken it a bit to the early Rails community in how it acts.

As far as WP is concerned, I feel that WP is too big to simply be a site builder to some, and a framework to others, making Gutenberg a knee-jerk reaction that doesn't really solve either problem. The best thing they could do is accept that WP developers are analogous to React developers or Rails developers in that they define themselves by their framework of choice, and to do that WordPress needs to expand into its own PHP framework. Gutenberg can be a part of that, but it would be a part of the framework, not the driving force behind page creation.

Disclaimer: A few years ago, I was making a tidy side income from porting WP sites to Umbraco, and if I weren't too busy I'd continue to do it because there is no shortage of pissed off clients with crappy WP sites that want a usable CMS.


Is anyone else impressed with WordPress/Automattic's willingness to "just ship" despite things not being perfect?

As someone who struggles shipping software that basically nobody uses, I don't know if I'd have the guts to say "it's good enough" on a project as big & widely used as WordPress.


Quite the contrary. "Just ship" is a great approach for individuals or startups. WordPress is a behemoth that powers a significant portion of the web, including numerous enterprise corporations, and is the lifeblood of thousands of freelancers and agencies. They should hold themselves to a much higher standard.

When WordPress ships a bug, or a security vulnerability, or drastically and negatively alters the user experience the repercussions are vast and long-lasting.

I can't imagine how many man-hours and how many millions (billions?) of dollars it costs every time this happens.


I know what you're saying, but on the flip side: How many billions (trillions?) of dollars has been created by WordPress? And it keeps growing!

I feel that this "shipment" has been fairly responsible, with the Classic Editor plugin as a fallback for people who don't want Gutenberg.


This looks very similar to Sir Trevor:

http://madebymany.github.io/sir-trevor-js/example.html


I updated a test sight to 5.0. I activated Gutenburg. I played with the blocks. I looked for - having just done some Shopify work for a friend - a way in WP to preview page (while on desktop) that simulated mobile. Again, like Shopify.

Afaik there is no such preview. I'm aware "the WordPress way" is fond of turning its back on industry standards. But ignoring "mobile first"? If the dev team missed that, what else did they miss?



surprised no one has mentioned the fork, https://www.classicpress.net/

I brought up similar issues times ago when WP was rolling out major changes that were likely to break things and not add any value to a majority of WP users. Glad to see enough others have banded together to actually make a good fork a serious option now.

I have already begun using a couple of plugins that convert WP sites to static html /css - so no updates needed, no more breaking things from auttomatic.

Unfortunately some of WP sites I'm running need to stay open to udpates regularly, fingers crossed I can revert them when the update rolls out.


If you have ever used Medium.com or the inspired niche of editors that followed, you will love Gutenberg.

It's in this niche of editors where other names would be Dropbox Paper, and obviously the best in niche Notion.so - but Gutenberg is quite decent so far.


I seriously dislike the fact that an exteremely wide-spread open source project - wordpress.org - is driven by a for-profit company, wordpress.com. I guess there's no way around it, given Automattic employs most contributors, but this is not the first time when community requests and doubts are ignored (see emojis, half-baked media library refactoring, etc).

On the other hand, I'd welcome if these forced changes would revive half-forgotten CMS systems - Typo3, Silverstripe, concrete5, or boost newcomers, like Grav, ProcessWire. Maybe this will break the WordPress monoculture.

(downvoting an opinion, that is not how discussions should be made.)


I seriously dislike the fact that an exteremely wide-spread open source project - wordpress.org - is driven by a for-profit company, wordpress.com.

Every major open source project from the Linux kernel to a popular web framework has corporate sponsors that profit from the work done on it. Profit is a powerful motivator.


There's a difference when there are multiple contributors, as such with the linux kernel; in that case, the power is not with one single entity.

And in WordPress' case, the issue isn't just that so much power is with one entity, but that said entity seems to be trying to push the software in a direction and at a pace that's convenient for them, regardless of what the rest of the community think about it.

For example, Gutenberg is being pushed into core quite a bit before it's really ready, and to some degree it feels like it was designed for WordPress.com to compete with Wix and Squarespace rather than WordPress.org users.

The problem isn't WordPress having a large company contribute it to it, nor just that Automattic has so much power. It's because Automattic are running WordPress to solve their business needs at their pace, everyone else be damned.


WordPress also has multiple contributors — it's just mostly under the control of Automattic, just like React is Facebook, TypeScript is Microsoft, and Go is Google.

I think the difference is the latter three had internal projects the OSS'ed them. On the other hand, WordPress was built on the back of a "community." There is a lot of distrust, and rightfully so, from how Automattic put itself first and the WP community a distant third.

I've been looking hard for an open source replacement for the backend that would let my users edit as simply as with WordPress, but not tie my hands with PHP and an odd API for creating the front end. But so far, I haven't found anything that meets users needs like WordPress does. I wish there were more competition in this space. The closest I've seen--different services that let you create content and provide a GraphQL API--are all SaaS and not very cheap. Maybe the financial incentives to create a viable WordPress competitor that's open source just aren't there anymore...

Hi, check out Ghost.

https://ghost.org/

- It's a blog engine with support for static pages.

- It's open source (NodeJS)

- It's self-hostable.

- It's beautiful out of the box.

- It's entirely customizable.

- It's markdown-powered with a great WYSIWYG editor.

- There's no data lock in; excellent import/export support.

I could go on. Just give it a shot. "Ghost Pro" (https://ghost.org/pricing/) from the official team is a bit pricy if you're saying you want something cheap, but Digital Ocean has a two-click-setup droplet for a self-hosted version (seriously, I tried it, it's ridiculously simple). Referral link with $100 DO credit if you are interested: https://m.do.co/c/ea4165209ae0

Some examples of small customizations of the default "Casper" theme:

https://articles.hsreplay.net/

https://spreadprivacy.com/

https://blog.mozvr.com/

More of their customers: https://ghost.org/customers/


When you say "not very cheap", you're illustrating the problem: people don't want to spend money in their CMS.

Companies spend hundreds (or more) a month on various SaaS services but are looking for dirt cheap for something as critical as their public facing website.


I don't think that's it, though. I think the issue is moreso that they have to pay for the CMS and then, typically, for someone to customize it for them to make it what they want it to be. You're essentially paying a very high price for the development and paying another cost on top of that for just the platform might seem excessive to those who don't really know how it all works. People don't mind spending money on a CMS as long as they know how it fits into the project. The issue is that most developers just pick a CMS and don't pay for it because they want to keep more of the money from the client rather than because they know what they're doing and it's the best choice for the project.

If you want it cheap, you self-host it, don't you..?

There are a lot of companies with a proprietary CMS in the general publishing space (TownNews, GTXcel are both popular), but you can bet that their customers and prospects are always considering a switch to WordPress for various reasons. Financial, extensibility, the fact that most people just know how to use it, not being tied into a 3 year contract, feature list, great reputation, existing users, etc.

It's not easy doing what WordPress did. Other major CMSs like Drupal and Joomla came and mostly went because maintaining the level of product quality and community is harder than it looks.


Check out WriteFreely: https://writefreely.org/

It's written in Go, is federated (ActivityPub), and is easy to set up and run.


There are loads of content management systems that follow the same model.

My favourite is Umbraco, which to date is still my favourite editing experience. If you can stomach .NET, it's probably the best choice for an open-source CMS available right now.


Check this: https://appdrag.com It's a cloud CMS and backend It's also crazy fast and serverless.

Have you looked at wagtail.io ?

I use Wagtail CMS for my sites. It’s the best CMS I have found so far. It’s built on Django. Instead of looking for plugins you just integrate with other services with Python libraries or standard REST calls.

It has something similar to Gutenburg’s block based content editor called Streamfield. Which makes it easier to theme rich content compared to rich text editors. Craft CMS has something similar.

One thing that is missing in Django though is asset digests you find in Rails - anytime an asset like an image updates it should give it a new name so it’s not served by the cache.


It’s not the opinion that is being downvoted, but the implication— that open source backed by service driven companies is a bad thing. Without the enterprise Linux companies, Linux would likely be more of a niche since developers at their day jobs wouldn’t typically be using it, so you necessarily reduce the talent pool of people willing to contribute or adopt. Also, developing software takes money. WordPress in my opinion is a good model. The idea that for profit support is bad doesn’t seem to be supported by evidence. Look at Swift for example, or Go, or React or Redis. Even Rails gets substantial intellectual and practical support from Basecamp and wouldn’t even have existed if it weren’t for a for-profit company. Many of the great features of Rails came out of a Basecamp business need. Wordpress is similar. Wordpress isn’t perfect, but thank you Automatic for working on it.

I up-voted you because you mentioned Processwire. Holy God is that a wonderful piece of work. We're getting ready to deploy an enormous amount of content using this platform and it's been a real pleasure working with it.

Driving an open-source project is not the same as controlling it. WordPress has already been forked as ClassicPress and calmPress. If you don't like the direction WordPress is going, you have plenty of options.

For anyone who is managing multiple wordless sites and is scared of the amount of work it will take to update and check compatibility of each of them, I strongly recommend trying https://managewp.com, it made my life so much easier with managin our company blogs

Are they ditching php? Webhosts have the most to gain financially from a switch to node.js powered WordPress.

Care to explain how webhosts would gain financially by switching to node.js?

This makes no sense at all.

No, it's all frontend as far as I can tell.

This isn't node powered at all.

I think we are ditching WordPress...



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: