> make 1.5 million enemies in the WordPress community in one weekend by shutting down their ability to update plugins with zero warning
AWS and Digital Ocean run local Ubuntu download servers and do not depend on Canonical to run their business. WPEngine is a hosted service and could make very simple changes to download updates from their own servers.
> WPEngine is a hosted service and could make very simple changes to download updates from their own servers.
This all kicked off when he publicly accused WP Engine of “butchering” WordPress for disabling revisions:
> What WP Engine gives you is not WordPress, it’s something that they’ve chopped up, hacked, butchered to look like WordPress, but actually they’re giving you a cheap knock-off and charging you more for it.
Disabling revisions is a configuration change. This is the simplest possible change you could make, and it’s unacceptable in his eyes.
Making WordPress contact something other than api.wordpress.org requires altering the codebase. Making this configurable is something he has explicitly rejected:
> Why would I build that? The built-in source works great, for tens of millions of servers.
- If WP Engine alters WordPress, even just to alter its configuration, they are “butchering” it.
- If WP Engine doesn’t alter WordPress and leaves it pointing at api.wordpress.org, they are unfairly using community resources.
– Huge numbers of people using api.wordpress.org is actually “great” and scales to tens of millions of servers.
As far as I can see, he doesn’t have a consistent position. He’s just grabbing hold of the nearest accusation that he thinks will harm WP Engine in the heat of the moment, regardless of what he has previously claimed or who else it hurts.
> Disabling revisions is a configuration change. This is the simplest possible change you could make, and it’s unacceptable in his eyes.
Actually this is wrong. Yes the constant WP_POST_REVISIONS exists. But WP Engine has disabled this constant. They do in fact "butcher" WordPress in the sense that they remove a feature, you can't turn it back on by yourself, and you need to talk to their support to get a limited version of it re-enabled by them.
Add to that, revisions are a big deal for a certain type of customer. Say, an enterprise scale publisher for example who has built an extensive publishing workflow around WP. (Hacker News consistently underestimates how massive some WordPress installs are; the scale of the world's biggest publishers, many of whom rely on WordPress, blows your nice little startup out of the water.)
So I am aware of a case or two where this actually became a negotiating point in an enterprise contract. The customer was entirely unaware that revisions were just a free thing built into WP, and it influenced the resulting contract and cost. Dirty dirty on WPE's side, really.
BTW this is documented at https://wpengine.com/support/platform-settings/ and you can see on that page that they limit their environment in many other ways. In the abstract this may not be a huge problem, hosts have costs and security and various limitations to think about. In my personal experience there are limitations which are not listed on that page and those are more frustrating.
The revision system is terrible though. Even we limit it for our clients. It doubles or triples the amount of queries your site and admin needs to run. Have some multi language plugin on top and your site will be eating memory and cpu. If WordPress would have made an actual usuable revision system, this wouldnt have been an issue at all
I think this is where Matt's perspective actually makes sense: "So, you guys built a $400M/yr business on our open source project, and when you had problems with the revision system, instead of contributing improvements, you just turned it off (and maybe converted it into an enterprise upsell some people are paying extra for!)?"
Intel, Google, even Microsoft etc. develop improvements to Linux knowing full well that their competitors will also get access to those improvements. For sure it's disappointing that WP Engine contributes almost no time to Core.
To recap, every post is stored in the wp_posts table and revisions have a post_type of 'revision' and a post_status 'inherit' (attachments also inherit). There's no gradual improvement you can do to this. More, their codex does not discourage accessing the database directly at all rather points out there's a class to make it easy https://codex.wordpress.org/Database_Description so moving revisions to a separate table will break every plugin which wants to access revisions and uses the wpdb class to do so which is just not acceptable: "WordPress strives to never break backward compatibility. It’s one of our most important philosophies, and makes updates much easier on users and developers alike".
We can have debates about whether this philosophy is the right one or not but there's no point. It's what it is and it makes fixing things like this simply not possible.
WordPress is infamous for its terrible codebase. Everything is jammed into a single wp_posts table including revisions. The frontend code is just as bad. I'm sure they blame the need for backwards compatibility. The entire thing should be retired.
The entire thing makes money and serves the purposes of people using it even for free.
It's a well-engineered product whether you want to accept it or not. Unlike more than half of the tech world that's unprofitable and is just a fart in the wind of tech memory.
No, it's not well-engineered (speaking with over 25 years as a professional software engineer), at least the portions of the code I have looked at. Things I vaguely remember (it's been ten years since I looked at it) are lack of data normalization (and not in a performance optimizing way), template includes that depend directly on order of inclusion and variables in other templates, very little code isolation, and PHP.
WP is a well-delivered product that works well for its user base in most situations. Plenty of code is well-marketed, profitable, and fulfills users' needs, but not well-engineered.
By the way, I know the PHP gripe is contentious, but it's not the reason why I think WP is badly engineered, it's just the reason it was easier to engineer it badly.
If PHP was compiled with --disable-url-fopen-wrapper, it won’t work. (Docs don’t say what “won’t work” means; returns null, throws exception?) Note that this flag was removed in PHP 5.2.5.
If allow_url_fopen is disabled in php.ini, this still won’t work. (How? No idea.)
Because of the @, the warning about the non-existent file won’t be printed.
But it will be printed if scream.enabled is set in php.ini.
Or if scream.enabled is set manually with ini_set.
But not if the right error_reporting level isn’t set.
If it is printed, exactly where it goes depends on display_errors, again in php.ini. Or ini_set.
I can’t tell how this innocuous function call will behave without consulting compile-time flags, server-wide configuration, and configuration done in my program. And this is all built in behavior.
I would argue that Wordpress is a great example of how something doesn't need to be "well-engineered" (when it comes to abstractions, maintainability, etc) to be widely useful for many.
Although I think the exception there is security (and yes I know many will say clean and well engineered code is secure code). Security has to be solid or it will impact too many people negatively.
For years, wordpress stored user session data in 'wp_options'. Moderately trafficked sites needed to come up with regular purging hacks to 'clean' their wp_options table. Why? Session data is not an 'option', it's... session data. Make a database table called 'wp_sessions'. Transient 'cached' data also... in 'wp_options'. This was not an example of 'good engineering'.
This is just one of many examples of suboptimal tech decisions. Some have been mitigated, updated or otherwise 'fixed' over the years, so they may not be relevant any longer. It's a very popular and widely used platform despite some poor development and engineering choices, and perhaps even in some cases because of these poor choices, but that doesn't make them good engineering.
The idea that no one is allowed to criticize anything unless they can and have done better is one of the most perniciously stupid ideas out there that just won't go away.
If the parent poster is secretly Linus Torvalds, do you walk away in shame because he HAS done a project with better engineering? Or are the criticisms, perhaps, objectively valid or invalid, and worth engaging with regardless of the merits of the person making the criticisms?
Well when their whole argument boils down to "php sucks" and they back up their claims with a document that was invalid 12 years ago when it was written, they better have something to back up these criticism.
Perhaps you should engage with the claims rather than the person. As someone who doesn't frequently use PHP, the criticisms in the linked post from 2012 seem valid if the facts presented are true -- there's some pretty weird, and in a few cases, downright dangerous behavior presented there.
What is invalid, specifically, about that blog post?
It's amazing how many people's opinion of PHP is stuck in a time warp from 10-20 years ago. It's now a much better language than it was then. It's fascinating to see programmer snobbery in real time.
WPEngine has tons of developers working on the WordPress ecosystem. This contribution argument doesn't work with me. They're contributing plenty of hours into WordPress plugins that their competition also can use.
That's the amount of hours they contribute to the "Five for the Future" program which specifically refers to work on a subset of the WordPress project managed by Automattic. For example, WPEngine own and develop Advanced Custom Fields, a plugin used by hundreds of thousands of WordPress websites. The work they do on that isn't covered in the 40 hours. Likewise, WPEngine run the DE{CODE} conference but that isn't included in the 40 hours either.
Are you able to name of the publishers that you say run massive WP installs?
I do know they exist of course, Sony being one.
I’m coding up a little something that I feel is more modern and superior compared to WP, and I’d like to learn what their business requirements and use cases are that keep them on WP.
I don't want to discourage you...but there's so many WP alternatives out there that are supported by bigger companies, have a big ecosystem around them with agencies and developers for many years. Why would massive WP installs switch to "a little something"?
I just see the opportunity to provide developers and users a better experience using modern tooling, and feels open and simple enough for anyone to download and use without worrying about security vulnerabilities.
Something that feels powerful and safe; like WP of 10 to 15 years ago.
Digital First Media/MediaNews Group, one of the largest newspaper publishers in the US, runs its 100+ local newspaper (NY Daily News, Chicago Tribune, Denver Post, etc.) websites on WordPress.
I’m not really focusing on WP Engine’s service here. I’m pointing out that the constraints Mullenweg has voiced appear to be self-contradictory and unsatisfiable by any WordPress host.
It's an example of the kind of backwards compatibility WordPress needs to deal with the myriad of crazy content generated by people (and plugins!) over the years. Often this gets very chatty and very inefficient.
Besides backwards compatibility, this codebase grew like a jungle, with people just piling code on, not always with much forethought. Part of it's due to the limitations of PHP in the old days, and of course it's inherent with projects of this size, but there are varying degrees of messiness. WordPress is an example of a project that started out too messy and only became more messy over time.
Just to pile on: the WPDB class is another example of continued messiness. The first thing I do whenever I write a plugin, is to add a little database wrapper that just uses PHP PDO instead. Anything better than to deal with the hopeless, inefficient, inflexible mess that is WPDB. (To whoever wrote it: sorry mate!)
I'm sorry but WP-ENGINE lost my vote when they started quoting evangelizing and ambassadorship events as "contributions". Everyone knows that's a 50/50 self-marketing and brand outreach. I don't understand why people are taking WP ENGINE's side, in the past 5 years, the evils and exploits of VC investments have been widely documented. This is a clear and present danger/example of what is wrong with VC in America. Look at VC in other parts of the world, they are heavily regulated for this particular reason. This industry has taken the premise of the movie "pretty woman" and escalated to new hights of corporate GREED.
Sure, but to do that they'd need to know they are about to be cut off, something which they were given zero warning about. Had they known they 100% would have ensured that customers didn't lose service. Matt chose to surprise them.
It's a very nuanced thing. The world could be very different today. There would have been very little pushback against Matt's crusade if he'd just thought about making sure service to users was uninterrupted.
Instead he dragged 1.5 million sites into the middle of this in a way that made him look like the bad guy.
I hope that WordPress will continue to be open and Matt will continue to lead it, but he just cost himself a lot mindshare. That's why I asked him to explain why he made the choice he did.
Hopefully he has a PR person who is advising him on how to handle this situation. Were it me, I would say something like: "My passion for keeping WordPress open source got the better of me and I made a hasty decision which caused problems for end users. I've learned from this and it's not a mistake I will ever repeat. Going forward if there are changes to how we administer WPorg's services we will discuss them with the community and announce them well in advance because we want them to be rock solid and reliable for all of the millions of websites which depend on them."
This type of statement would go over well with a lot of people including the big enterprise customers who are depending on WP, who Matt really wants and who are constantly being courted by WP's competitors. In followup messaging you can reiterate all the strengths of open source e.g. how it reduces vendor lock-in.
But what do I know, I've only sold a couple million dollars worth of WP contracts, meanwhile Matt is worth 400 of those big M's. :)
Even without dragging the wordpress.org infrastructure into the mess, MM's blackmail campaign wouldn't have played well with the community. But it would have blown over as just more #wpdrama, whereas this ... I think we're likely to see the WordPress trademark invalidated. Even if it isn't, this case winning means every last WP host can just line up and cite it, making the trademark as good as generic anyway.
> Sure, but to do that they'd need to know they are about to be cut off, something which they were given zero warning about
According to Automattic they had been in discussions for 20 months. Your anger should be with WPEngine for taking your money while knowing full well their service depended on servers ran by a company they were on (best case) shaky terms with.
Up until about 8 months ago, Bluehost (another big paid hoster of WordPress sites) ran its own plugin mirror with no issues: https://github.com/bluehost/pluginmirror
Matt's behavior is inexcusable and shows that WordPress needs a complete restructuring without him. Too many sites rely on WordPress to endanger them because of one man's temper tantrum. I don't understand how you can defend this reckless behavior by him. Who cares what WPE could have should have done. He needs to step down immediately.
"WPEngine should have foreseen something that has never happened in the 20 years of the software's history".
I mean yeah, companies should have contingency plans for things that are extraordinarily rare but let's be reasonable about it. No one, including you, saw this coming.
I challenge you to find a single blog post, tweet or HN/Reddit comment that suggests Matt could one day shut off wp.org access to a single company running 1.5 million sites without any notice to that company, or the community members who will be affected. It's unconscionable. Or at least it was.
Newfold Digital, which owns Bluehost, is the only entity with a commercial trademark sub-license agreement from Automattic per the recently updated WordPress Foundation Trademark Policy:
It's not about what WP Engine could have done, but how Matt acted. If he wanted WPE to use their own Plugin repository, he could have told them so and given them a date. But cutting off access to updates without warning to all these sites is inexcusable. Matt chose the "nuclear option" without realizing that the fallout would also hit WordPress and himself. In addition to hundreds of thousands of websites that had nothing to do with his gripes.
In a social media post on the platform X, he boasted that as a result of his actions, WPE is now a “distressed asset,” worth just a “fraction” of what it was before, because “[c]ustomers are leaving in droves” – calling into question whether Defendants’ motivations extend beyond mere interference and extortion, and are in fact a thinly disguised attempt to artificially drive down WPE’s valuation in hopes of acquiring it on the cheap
Its not unlikely that the gameplan all along was slander and disrupt them so much that the company would become worthless, then acquire it. He was trying to blackmail/extort WPE's CEO into coming to work for him, after all! (text message screenshots are in the lawsuit too)
Because Canonical makes it easy to clone their entire repositories and host your own mirrors. You can change your ubuntu mirrors changing the configuration files themselves (or via graphical programs on desktop systems), unlike in WordPress where you'd need to "butcher it" (Matt's words, regarding disabling revisions by WPE) modifying the source code to point to another server.
> AWS and Digital Ocean run local Ubuntu download servers
I would think that is a cost-saving measure as well.
A hell of a lot of that data would be downloaded by users every day.
Being able to pull it locally saves all that.
Also, it is faster and does provide some security.
> They do not depend on Canonical to run their business.
That depends on how you look at it.
If for some odd reason Canonical vanished tomorrow, that would be
a big problem for both DO and AWS.
They do rely on Canonical developing, fixing upgrading the distros.
But from the very beginning, Canonical/Ubuntu chose to make mirroring the repo easy, and encouraged the usual network of public mirrors to participate, much as Debian and other distros had done for years. (It wouldn't be unfair to say that Canonical/Ubuntu had to meet the expectation those distributions had set.)
That is something the WordPress community (albeit centralised in the WordPress.org decision makers) could have been doing for decades.
AWS and Digital Ocean run local Ubuntu download servers and do not depend on Canonical to run their business. WPEngine is a hosted service and could make very simple changes to download updates from their own servers.