My favorite thing about WordPress is that it's a known quantity. There's an easy to follow tutorial teaching you pretty much anything you might want to do with the software. PHP isn't the prettiest language, and WordPress itself feels a bit creaky at times. But it's a practical tool. It does the job, and does it very well.
I'm really excited to see this release. Gutenberg is certainly a step in the right direction for the editor, and I'm planning to upgrade all my websites over the next few weeks!
Because that's always the catch with any script really. If you're using third party themes and plugins for anything, then you're putting trust in the developers of said themes and plugins that they know what they're doing coding and security wise.
The exact same situation is true of everything from WordPress to Drupal to vBulletin and XenForo to MediaWiki and Magento.
The "sheer breadth of the ecosystem" in self-hosted WP is also where so many of the problems come in (compatibility between products, security issues, etc).
I'd argue it really is worse in the WP scene vs Drupal, partially because of the 'ease' of the code for newbs to get started. There's no culture of automated testing in the WP community at large, but some other platforms at least allow for that. There are people who write clean and well-tested WP products, but they're likely a minority, if you're looking at the ocean of stuff released over the last 5-10 years in the WP space.
If the knock on that product is bloats, and the compromises adoption, how is X a benefit to those who refuses to abopt the whole alphabet?
Also, appreciate you still stopping into HN to chat :)
HN =/= WordCamp etc.
This isn't true. I've been running and managing 15+ WordPress websites for over 5 years now and not once run into any issues like you're describing, and I certainly haven't lost sleep or become 'tired' over it.
Using a good tool like ManageWP (or InfiniteWP, or any of the others, take your pick) makes managing multiple WordPress websites a breeze (e.g., it alerts you every morning with what updates are available), and with their paid backup/restore functionality there's really nothing to worry about if something did go wrong. Combine all this with a nice WAF or security plugin and you're fine. Or you can use a service like MalCare that combines both.
If you go months and years without updating, then yes you're asking for trouble like any other piece of software.
Too many people used WordPress over 10+ years ago and just stick to the same speech about PHP and WordPress and security and all that and how everything is so bad, and that a different CMS that nobody uses in a obscure language is sooo much better and secure (that won't be here in a couple of years in all likelihood.)
I think it is just wordpress' ubiquiti that has made it a security issue though. Attackers are quick to build exploit bots the moment a new vulnerability is found and they scour the web for unpatched sites.
So if you don't stay on your toes, you will get pwned sooner or later with a wp site.
Sorry for the confusion; I mean if there's a WP/Plugin/Theme update, I get notified every morning so I can go in and update (if needed.)
Many mom and pop type businesses find the lowest cost web designer they can find to build them a WordPress site then get upset with the hosting company when "the server gets hacked" and their site is redirecting to a malicious site.
WordPress is certainly a powerful platform but the fact that it is so easy for someone to get started is also a weakness because those people don't understand it isn't just set it and forget it.
I've screened / interviewed so many jr web "developers" who don't actually know how to develop a web app and they claim that installing WordPress plugins is development experience.
This setup lets me do 99% of my everyday work using the WordPress UI. For the remaining 1%, I can SSH and use the command line. I've had a scare or two in the past, but in general my websites haven't been large enough to be lucrative targets. Maybe someone who's running larger blogs can chime in on the security issues.
If you want a one click solution, DigitalOcean's WordPress droplet has a lot of security stuff pre-configured for you. They even integrate fail2ban with the WordPress login screen, which is something I never even considered of doing.
There‘s like a guaranteed influx of new clients downstream, who start small with a site builder, and get snatched up as clients as they grow.
Other “competing“ solutions just don‘t support a similar continuum in their ecosystems. Either they‘re missing the “normal people DIY level“, like most JS and Jamstack solutions, and/or they miss the lower levels and have proprietary hosting and devops solutions.
Having this continuum or diverse market also means that the‘re many people depending on that ecosystem, trying to increase the influx of new people. Not only to the level they operate on, but also the top non dev level. Normal people who ask experts (devs) for advice get directed towards WP as a result.
It‘s basically self promotional.
I like your point here, can you elaborate?
Then the site breaks they go online looking for help. This is not always a wordpress fault, sometimes it's a plugin issue for example.
However with the Gutenberg thing being forced in, I expect there will be a lot of broken custom themes and lots of people without backups. If their site is set to auto update core, there may be lots of work in the coming weeks.
I'm glad WP is not abandoned, but again (for the umpteenth time) wish new features were added as plugins and not forced into core. Akismet is added in backend as a plugin for people who want to use it, but it's not running by default during an update (as far as I can remember) for example.
At least automattic had notices in the backend dashboard warning about a new editor coming - not sure the notice warned that it may break some custom things - not that the average client would know that they have a custom thing.
Should be an interesting few weeks ahead.
The “guarantee“ comes from the growth hacking minded ecosystem. People who set up their own WP businesses read up about it and usually follow the advice they find, what plugins to use, how to FB ads etc.
That's exactly what I dislike about WordPress. Yes, it's extensible, yes, it has a shit ton of plugins, but it's also exactly why it's so unsecure, slow and bloated. People want to do with WordPress things that it _should not be doing_. It's a CMS, but its blog engine roots still show to this day.
> My favorite thing about WordPress is that it's a known quantity. There's an easy to follow tutorial teaching you pretty much anything you might want to do with the software. PHP isn't the prettiest language, and WordPress itself feels a bit creaky at times. But it's a practical tool. It does the job, and does it very well.
It's a very decent blog or simple presentational site engine, but as soon as you stray too far from its base functionality, you end up stuck with shit plugins that break every couple of updates. Their biggest multi-lingual plugin (WPML) slows down every request by a full second just by turning on the plugin. Yeah, you can optimize some settings and gain some of it back, but almost nobody does. Access to tutorials is nice, but the vast majority of them are actually garbage and filled with bad practices.
The thing is, people want a new WordPress. But a new "CMS that does everything" is bound to have the same issues : being tolerable at most things, but not very good at anything.
Disclaimer : I worked at a web agency for some time where half the sites were WP. People want things done with WordPress because they know the admin panel, then get surprised when their site ends up being a huge bloated hack that holds together with duct tape. Oh, and Jesus Christ does it get hit by bots all the freaking time...
All those plugins are just a Big Ball of Mud, and trying to figure out how to apply a design to it, without breaking everything is kind of impossible. Change a theme? Lose settings, styles, major layout choices, menu locations. I can go on.
You basically have to develop your theme, apply it to the LIVE site, and fix the fires you find. Maybe a needed plugin now isn't compatible with whatever tech the new theme brings in. Well, you're hosed.
This is fine if you're just a blogger, but if you're running a business off your Wordpress site, it's a complete disaster. Like - we hosed a live Wordpress site simply by making duplicate dev site. I don't know how I'm supposed to work with that sort of environment.
But any suggestions are welcome.
Yes, me and tons of others people over the years.
All those plugins are just a Big Ball of Mud, and trying to figure out how to apply a design to it, without breaking everything is kind of impossible. Change a theme? Lose settings, styles, major layout choices, menu locations. I can go on.*
Depends on how you wrote the theme (or which theme you've bought) and what you want to change. Like on any other platform. It could also be a totally seamless experience. If your whole IA was based on the way the theme did things (custom post types, meta boxes and so on), then you need to port that too.
I’ll admit though, it’s a bit weird having a prod and dev environment with how many tweaks Wordpress can have. Haven’t really come up with a good solution for that.
You're right about everything there except one word: "extensibility".
Wordpress has a comprehensive hooks system that makes it seem like it's very extensible, but that's only there to make up for the godawful mess that is the codebase itself. PHP (which is a fine language and owes much of its bad press to wordpress tbh), like most modern programming languages, is designed for building easy to extend applications, where devs can leverage simple, testable, reliable language features instead of hooking into the tacked on callbacks API of a core app that's so inconsistent that you never really know for sure if anything's going to work long term.
There's three types of devs who interact with WordPress:
1. people who build "spec-and-deliver" sites for clients, with no ongoing maintenance, and love wordpress because they never see the mess their website turns into.
2. plugin devs who typically don't have to deal with client website maintenance, and definitely don't have to deal first-hand with their own plugins' incompatibilities with other plugins
3. people who have spent time actually maintaining wordpress sites and never want to touch it again
4. (non-dev) amateur bloggers who throw up an install with some plugins, and never look at code, and never update, and don't need any features, and are really the only appropriate audience for this platform... until their site gets hacked for the 15th time...
No it isn't. The language itself is awful. The PHP ecosystem is great though: easy deployments, good dependency management, healthy community, and the most pleasant framework I've ever worked with - Symfony.
Why switch away from PHP just to get the same things and as you mentioned not even get the same things but less?
Ghost, Sails, Ember, they all try to emulate principles from projects of the past.
I think you'd find Craft (https://craftcms.com/) to cover most of your needs and desires from the ecosystem standpoint. It's PHP-based but it's also well-designed and its approach allows for the kind of flexibility that you have to work really hard to get elsewhere.
I was able to set it up with a Markdown editor, shortcodes, Imgix, and a bunch of other must-haves for my use case very quickly thanks to the existing plugin community. And the issues I did run into, I found help from the community almost immediately.
The only downside, really, is that its license isn't open in the way WordPress is, though it's free to use for single-user projects.
Has a very large plugin eco system and a no database CMS system similar to jekyll/hugo.
We have lots of ideas around extensibility for Ghost, they just increasingly don't look very much like plugins. We've always been hesitant to ship something which developers would rely on and end up creating yet-another-janky-bloated-CMS, so we've admittedly held back on that front.
The thing about a lot of plugins is, the most popular ones feel like they really shouldn't be plugins. Many plugins are popular simply because they're things which should be in core, while others should simply be tutorials. You shouldn't need a plugin for good SEO, and you shouldn't need a plugin to insert a Mailchimp embed.
To that end we've got a large directory of integrations which show how to make 3rd party services work with Ghost: https://docs.ghost.org/integrations
As for the more advanced platform-specific functionality: I think the long term view of how all platforms will need to work looks a lot more like external APIs and microservices than locally installed hooks and filters.
Gutenberg should have been offered as an extension, leaving core Wordpress alone. Now, we are going into the situation where an inferior page builder is part of core. That can only cause trouble.
Gutenberg, on the other hand, while not perfect, is several times better than these systems, in my opinion. There's still some messiness to it but it's much easier to set up a theme for a client and have comfort that, when you come back to edit something for them, they haven't borked it all to hell requiring you to dig through a slow and clunky interface just to reset a font-color.
When I make a site for a client I have to balance many options 1) how fast can I do it 2) including how many bits and bobs do I have to add in to even make it work 3) What it will look like 4) will the client be able to update it afterwards. Speed and underlying tech is way down the list.
I generally use Enfold  to build client sites. Divi's interface is too complex and slow to navigate. VC is faster, and I have used it on occasion. Gutenberg also has a slow interface. Gutenberg also requires the download of loads of blocks or block packages, which surely bloat the page, and cause confusion. I've tried Atomic blocks  etc, which only works well when you pair it with the Atomic Blocks theme. But sometimes I might need a different blocks. So now, you've now got multiple hero sections, each with different parameters, css and coding. That's bloat and inconsistency.
Gutenberg simply doesn't give designers the level of control over existing page builders. Read this comparison of Gutenberg vs Elementor . I don't use Elementor, but the author concludes -- like me -- that Gutenberg is no match for exiting page builders. To paraphrase, he concludes that Gutenberg is for unsophisticated users who are creating single page layouts with low precision.
BTW, I don't know what themes or clients you have, but Enfold allows all the elements to be locked so that the clients can't mess with the layout. It's also very easy for them to login and see the page structure so that they know where they are. I'm not saying it's perfect, but it's far better than Gutenberg.
IMHO, instead of finding out what developers actually wanted and were using, WordPress decided to roll its own system, which would be fine if it was optional. But, now that it's core, it's just an inferior, anti-competitive PITA.
That's what I thought. There's a reason why WordPress has a reputation for being insanely insecure and a terrible platform and it mostly has to do with the fact that it's made things easy for people who have no idea what they're doing. Existing page builders allow you to make something easily while completely ignoring the affect of page load times, proper syntactic code, and quality. They're meant for people who don't invest the time to actually learn what they're doing so they can throw crap together that they can charge clients who don't know any better.
I agree it's not for everyone, that's why there's an opt-out, but it is an improved experience for the vast majority of current and potential future users. It's shipped, and now we can continue to iterate on it.
"correctly per the WordPress specs" - this is like windows rolling out an update that breaks atom, sublime text, and others that were working well. Seriously.
We don't rely on page builders on 100 out of 120 sites. Some sites do have custom themes that incorporated rows for design, which may break with this update.
The sites that did rely on page builders were working great and had no need for Guten.
We use Gutenberg extensively with clients (and have for some time), so I don't think that blanket statement is fair. There's been a learning curve but the business value speaks for itself at the end of the day.
Agree with @photomatt's comments.
The number of plugins thing is offset by the reality that Umbraco plugins were generally higher quality across the board.
What you gain, though, is a sensible way to create a content structure/ component blocks and templates that work in a standard MVC way with a data model and views. WordPress on the other hand... I want to cry every time I look at a WordPress template, even when using improvements over the core like Roots provides with Bedrock and Sage. It's all imperative functions that modify state, global vars and functions, exceptions to remove all sorts of random bundled scripts and an outdated version of jQuery, just barf-ola.
And that's not even getting into the fact that by default it runs basically everything on every single request unless you install a third party caching plugin. Good luck loading config values or whatever on "startup" because the concept doesn't exist. Umbraco had a much higher level of performance out of the box, and could use generally the same additional caching techniques and performance techniques if you want to.
I truly think these types of CMSes are on their way out, as they tie the presentation layer directly to content management. The future, to me, is looking like Headless CMSes linked to a static site generator like Gatsby or React Static.
I'm having high hopes for the ClassicPress fork to eliminate these bumps, but the future of WordPress.org will be interesting, especially that gutenberg breaks backwards compatibility, which breaks a lot of plugins, meaning you either go Classic Editor and your plugins, or Gutenberg and, maybe, some of your plugins.
There are 152 open issues that they conveniently allocated 1 to 5.0, 28 to 5.0.1 and the rest to future point releases. https://make.wordpress.org/core/2018/12/06/5-0-gutenberg-sta...
The introduction of Gutenberg is a huge change and yes if you've been following the development, you're probably ready for the major changes but if you weren't following along you're in for a nasty, buggy, surprise.
Hope someone writes a tutorial on how to undo this update, including the database and change over to the class press fork.
Another user posted this: https://make.wordpress.org/core/2018/12/06/5-0-gutenberg-sta...
Also this posted by the author of Advanced Custom Fields, a very popular plugin: https://twitter.com/wp_acf/status/1070089217479307264
I just tried updating to 5 on a test copy, as far as I can tell it didn't break anything.
The boxes for editing should be based on percent (I shouldn't have to edit them).
I rewrote the site in Node.js/Express with Vue.js and server side rendering. The ecosystem is ready with so many libraries to quickly get up and running. Another major benefit is being able to design your own database instead of having everything stored as a post (WordPress).
The benefit is that I can use scoped CSS on any given article I write to better match its content. And writing in pug is, to me, equivalent to writing in Markdown.
I import in packages if/when I need them, instead of relying on a plugin ecosystem.
But this is not a CMS: it's me writing pug, compiling, and generating static pages.
If this were client-facing, I'd need to drop in a CMS/db. But since it's only me, this system has been ideal.
If you didn't need a CMS then I'm not sure why you were using Drupal/Wordpress in the first place. The only reason I can think to use them is if you want to hand off content editing to a non-developer.
But neither is my website a simple brochure site. Members create their own content, upload photos, enter their location on a map, enter available dates, have the ability to chat with other members. When I tried to do al this with custom and available plugins, it never felt as a coherent experience. Then there is a lot of automation in the background, notifying members of unanswered messages, expiring profiles, notifying members of expiring memberships. Getting all this properly done with the CMS provided API's is more work then writing it from scratch yourself. With the benefit of not having to worry about CMS API deprecation.
I was saying "client-editable content" vs "not" and you seem to be saying "brochure site" vs "dynamic site".
Brochure sites sometimes need to be client editable. And sometimes complex, dynamic sites don't. It's an orthogonal point.
Much of my business has been replacing sites that run on Wordpress with my own CMS Archetype. Even though it lacks a lot of the power of mass of WP plugins, it makes up for it with simplicity of production and ease of use.
Some site owners want more control/power over layout building, and others would be overwhelmed by the extra features of Gutenberg.
Will Gutenberg become a core complaint of WP in the future? Maybe. The biggest complaints I've gotten about Wordpress are these:
1. Can't hand it off to clients to edit their own content, because it's too hard to learn. Or if you do train someone, it turns into a cycle of retraining. (though this seems to be Gutenberg's real target goal)
2. Updating is painful. Plugins break on a regular basis.
3. Security, WP sites get hacked alot. Think this is primarily because most WP sites aren't run by professionals, but individuals.
But also, #2 applies here, there's motivation to _not_ upgrade because of the possibility of breaking the site.
There are others, but Gutenberg would not solve these 3 largest problems with WP that I have run into.
I agree! I use wordpress.com because I DON'T WANT TO DESIGN MY SİTE. Nor do I want to design each individual post. I want my blog to have a uniform look. I may make some tweaks to CSS and that's all. I don't want to think about design.
WP is arrogantly pushing the new editor but I tried it and I see no use for it. I think it should only be an option for people who want to design their own site.
It's true that there is no other place I can take my blog to. WP knows this and they know they can get away with it.
- React components (Gutenberg)
- You can visually edit react components (Gutenberg)
- You can render the site with anything (Gatsby?)
Wordpress made some insane decisions with Gutenberg, like 1. storing the parameters (data you enter visually into the component) in an HTML comment (!!!) alongside the rendered HTML and 2. deciding to show the equivalent of "FATAL ERROR IN THIS COMPONENT" when the component author makes any adjustment to the markup output. Their idea for the latter was for you, the component author, to keep a deprecated version of any change alongside the new version.
They have the start of something great but crippled it with laughably bad decisions. Feels like... well, developing in the PHP ecosystem again.
More specific discussion: https://github.com/WordPress/gutenberg/issues/10444
I'd rather go back to reading sites off geocities with starry backgrounds and little animated gif's everywhere..at least those looked like someone had fun putting them together, than this automated fking pile of readability styled over sized fonts design for people who can't see good shit that is getting spewed out from so called website 'designers' and 'content writers' if you in anyway like this style of a website design and user experience for readers, just kys... I mean at least think about it, perhaps reflect on how awful you are as a human.
The technologists were happy but the hobbyists not so much.
Composer helps if you have to manage complicated modules. For example, CiviCRM is CMS-agnostic and bundles its own versions of Symfony, Guzzle, etc. If we only used zip files, we would end up with library conflicts. Composer helps fix that.
(However, I agree that Drupal tends to make things insanely complicated, and the upgrade process is underwhelming.)
Sadly, this isn't the reason WP is popular. People use it because it's the most popular CMS, because of the marketed belief that it's the easiest to use, and because there is a perceived belief that it's quick to develop features because "we'll just use a plugin for that". While there are many teams out there that do WP "right", I'd say they are in a small minority. Most WP sites I've used have been a total mess.
I've used a lot of content management systems and frameworks in the past, and while it's on a framework many refuse to use, I'd say the best open-source CMS available for user experience and extensibility is Umbraco. While the core community can be a bit reclusive to outsiders, and HQ eager to push profitable products, Umbraco is easy to use, easy to install, and has a rich ecosystem of plugins to allow developers to build stuff easily. I liken it a bit to the early Rails community in how it acts.
As far as WP is concerned, I feel that WP is too big to simply be a site builder to some, and a framework to others, making Gutenberg a knee-jerk reaction that doesn't really solve either problem. The best thing they could do is accept that WP developers are analogous to React developers or Rails developers in that they define themselves by their framework of choice, and to do that WordPress needs to expand into its own PHP framework. Gutenberg can be a part of that, but it would be a part of the framework, not the driving force behind page creation.
Disclaimer: A few years ago, I was making a tidy side income from porting WP sites to Umbraco, and if I weren't too busy I'd continue to do it because there is no shortage of pissed off clients with crappy WP sites that want a usable CMS.
As someone who struggles shipping software that basically nobody uses, I don't know if I'd have the guts to say "it's good enough" on a project as big & widely used as WordPress.
When WordPress ships a bug, or a security vulnerability, or drastically and negatively alters the user experience the repercussions are vast and long-lasting.
I can't imagine how many man-hours and how many millions (billions?) of dollars it costs every time this happens.
I feel that this "shipment" has been fairly responsible, with the Classic Editor plugin as a fallback for people who don't want Gutenberg.
Afaik there is no such preview. I'm aware "the WordPress way" is fond of turning its back on industry standards. But ignoring "mobile first"? If the dev team missed that, what else did they miss?
I brought up similar issues times ago when WP was rolling out major changes that were likely to break things and not add any value to a majority of WP users. Glad to see enough others have banded together to actually make a good fork a serious option now.
I have already begun using a couple of plugins that convert WP sites to static html /css - so no updates needed, no more breaking things from auttomatic.
Unfortunately some of WP sites I'm running need to stay open to udpates regularly, fingers crossed I can revert them when the update rolls out.
It's in this niche of editors where other names would be Dropbox Paper, and obviously the best in niche Notion.so - but Gutenberg is quite decent so far.
On the other hand, I'd welcome if these forced changes would revive half-forgotten CMS systems - Typo3, Silverstripe, concrete5, or boost newcomers, like Grav, ProcessWire.
Maybe this will break the WordPress monoculture.
(downvoting an opinion, that is not how discussions should be made.)
Every major open source project from the Linux kernel to a popular web framework has corporate sponsors that profit from the work done on it. Profit is a powerful motivator.
For example, Gutenberg is being pushed into core quite a bit before it's really ready, and to some degree it feels like it was designed for WordPress.com to compete with Wix and Squarespace rather than WordPress.org users.
The problem isn't WordPress having a large company contribute it to it, nor just that Automattic has so much power. It's because Automattic are running WordPress to solve their business needs at their pace, everyone else be damned.
- It's a blog engine with support for static pages.
- It's open source (NodeJS)
- It's self-hostable.
- It's beautiful out of the box.
- It's entirely customizable.
- It's markdown-powered with a great WYSIWYG editor.
- There's no data lock in; excellent import/export support.
I could go on. Just give it a shot. "Ghost Pro" (https://ghost.org/pricing/) from the official team is a bit pricy if you're saying you want something cheap, but Digital Ocean has a two-click-setup droplet for a self-hosted version (seriously, I tried it, it's ridiculously simple). Referral link with $100 DO credit if you are interested: https://m.do.co/c/ea4165209ae0
Some examples of small customizations of the default "Casper" theme:
More of their customers: https://ghost.org/customers/
Companies spend hundreds (or more) a month on various SaaS services but are looking for dirt cheap for something as critical as their public facing website.
It's not easy doing what WordPress did. Other major CMSs like Drupal and Joomla came and mostly went because maintaining the level of product quality and community is harder than it looks.
It's written in Go, is federated (ActivityPub), and is easy to set up and run.
My favourite is Umbraco, which to date is still my favourite editing experience. If you can stomach .NET, it's probably the best choice for an open-source CMS available right now.
It has something similar to Gutenburg’s block based content editor called Streamfield. Which makes it easier to theme rich content compared to rich text editors. Craft CMS has something similar.
One thing that is missing in Django though is asset digests you find in Rails - anytime an asset like an image updates it should give it a new name so it’s not served by the cache.