This whole bit of drama really makes me glad I never invested time/energy in WordPress. It's like Real Housewives of Computer Nerds level of whining, and feels just as fake. Regardless of right/wrong, the whole thing has just turned into a 80s made for TV type of situation. There was a much better way at handling this, but somebody had access to social media and the wheels promptly fell off.
Silicon Valley: FOSS Foundation spinoff where Richard creates some FOSS software, figures out how to monetize it while also maintaining the illusion that it's FOSS, then goes to eight years of Burning Man and flips the script after accidentally locking himself inside a sweat lodge for the whole festival.
as a bit of a "yes, and" in order to hew to the Real Housewives format, we'll need the looming threat of federal prison for fraud. Season 3 of Salt Lake City is probably the best example of this, combining the eternal recurrence and inevitability of the full Star Wars series with man-vs-fate of Spike Lee's _The 25th Hour_.
When I refer to the eternal recurrence in Star Wars, I simply mean that they blow up the Death Star in Episodes IV, VI, VII, and arguably I and definitely put an end to Sith control of the galaxy every time wink.
The nice thing is it's GPL, so the founder/owner can't just take his ball and go home. It's also widely-used/important enough that it will get forked if leadership problems start to make it unusable for too many people.
The problem though, for people who want to use WordPress, is that WP sites fundamentally rely on wordpress.org for downloading and installing plugins and themes, and critically for security updates to plugins and themes. (You can install/update manually, but the standard admin dashbord is set up to make wordpress.org integration by far the best way to do so.)
Yeah, you've got your GPL copy of all the source code. But next week's discovery of vulnerabilities in whatever random plugin gets to be this weeks news means you need to download/install the updated version. Which canonically is found at wordpress.org. We host a couple of dozen sites on WPEngine (and have done for about a decade, very happily with the price, features, and service). Our internal business continuity planning is now investigating ClassicPress, keeping an eye on comms from WPEngine to see what their path forward in terms of keeping WP sites updated without wordpress.org access, and questioning whether it's time to stop using WordPress at all. We already have a few sites that use WP as the admin/publishing tool, and generate the site as static html for hosting via S3/CloudFront - we may make that our standard deployment bit if we had to move all our WP sites off WPE, we may as well investigate other newer tools.
We are certainly having conversations right now with potential new clients warning them of the drama in the WordPress ownership/ecosystem, and advising considering alternative options or at least waiting until the dust settles on Matt's current ill advised crusade.
Having a backup to restore from is not really the major concern versus mitigating being hacked in the first place, having your database stolen, and needing to report that, whilst surviving the reputational damage and penalty fees that likely brings.
A restorable backup isn't really a priority versus the above.
The update issue doesn’t sound like a big deal. What’s stopping WP Engine from setting up their own mirror system?
CentOS did this to Redhat for decades. They literally stripped out the trademarks and distributed the OS to anyone with no contracts at all. Patches were available same day that RH published them, and were applied from CentOS update servers.
The endgame for WP seems to be that they give up this fight or close their source and act like a real licensed software company. You can’t play GPL until it no longer suits you, then start making insane demands about revenue sharing and all this nonsense.
The risk I need to address is what's stopping Matt denying WPE access to that place where all the plugins and themes are published? Where does plugin-updates.wpengine.com get its content from, and how soon is Matt gonna block that? And an arms race of WPE needing to use proxies or other workarounds is not a business grade answer.
As I see things, either
1) the "WordPress community" that Matt thinks he's fighting for step up and tells him "No thanks, we absolutely do not want you to fight this fight" and removes him from power,
2) WPE wins the court case and a judge tells Matt "Nope, you're wrong about trademark law and you're wrong about the GPL and you are going to be held to the claims you made in the past about WordPress the software and WordPress the foundation and wordpress.org the software distribution and update service."
or
3) We are witnessing the start of the end of WordPress being trusted to run almost half of the internet.
> 1) the "WordPress community" that Matt thinks he's fighting for step up and tells him "No thanks, we absolutely do not want you to fight this fight" and removes him from power
The issue with this is that it absolutely will require a fork:
The WordPress Foundation President is Matt. There are only two other board members, only one of whom is active, and both were appointed by Matt unilaterally.
The WordPress Foundation (i.e. Matt) granted Automattic (i.e. Matt) an "exclusive, perpetual and irrevocable" license to Automattic re use of WordPress identity.
Wordpress.org is the exclusive property of Matt (although he has long played fast and loose here - just yesterday he was caught editing Automattic blog posts from referring erroneously to WP.org as a non-profit charity to 'a website that performs a community service').
>The WordPress Foundation President is Matt. There are only two other board members, only one of whom is active, and both were appointed by Matt unilaterally.
The thing is, once you organize a foundation as a non-profit with the government, you lose some of your ability to make decisions that are contrary to whatever charter and goals and such you specified when it was created. Matt may have screwed himself over by putting the stuff he wants to profit off of into ownership of the non-profit.
> The issue with this is that it absolutely will require a fork
Perhaps?
There is a significant group of people Automattic relies on to make the WordPress project and community a thing. While Matt probably can afford to pay enough devs to maintain WP core, I doubt he's wanting to pay to do all the maintenance for all the OSS/GPL plugins and themes on wordpress.org that are a big part of what makes WP attractive over other free and OSS CMS/blog alternatives.
Those people could probably mount a campaign that'd threaten Automattic's financial bottom line, which since Matt's extortion show that for him this is all about money that someone else has that he wants, perhaps that'd be "enough"?
As a customer and user of WPEngine, what role do you see wordpress in that relationship? Generally when I buy things I try to take some consideration of the sub-contractors and suppliers to the supplier of service, but I am aware that I do not have a direct relationship with them.
I doubt the courts will demand that WordPress foundation must provide servers and bandwidth indefinite and free of charge to anyone, especially when there is no contract between WPEngine and WordPress foundation. When Youtube removed API functionality and under a night destroyed companies that relied on those free API's, courts did not demand that Youtube went back. It is inherently risky for companies to depend on someone else servers and network service being provided for free without any contract.
The more easy path forward would be for WPEngine to switch dependency. Debian has an reliable repository. Core wordpress is already packaged there, it get updates, and a handful of the most popular themes are also packaged. If that is not enough then WPEngine could spend employee hours to package more themes. No need for proxies or workarounds. I would estimate that 90% of the customers on WPEngine could continue to exist using just that.
"The point of the foundation is to ensure free access, in perpetuity, to the software projects we support" https://wordpressfoundation.org
That's not only on their website, it's also stated in their 501c3 filings with the IRS.
Another thing to note is that "wordpress.org" is hardcoded into several places in the source code, and Matt has outright refused to make it more directly configurable.
There are even more issues involved, so while your point is sound, the reality of the situation is pretty complicated.
The free software movement and FSF in particular has always been very clear that free in this context does not mean that projects can't sell CD's with software on it. It is also this interpretation that allow for paid support, which would otherwise also not be "free". It is possible that courts would make a different interpretation, or that free access to software will be interpreted as not free software, but instead about free access to a distribution channel, Which mean wordpress could go proprietary under that statement (free access to download would says nothing about freedom to run it). The distinction gets generally refereed as "free as in speech, not free as in beer".
Regarding Debian, I don't know if the Debian package has anything hardcoded to wordpress.org. The generally recommended update path is to use debian package manager rather than internal updating mechanics. Debian maintainers often patch thing or change defaults as part of the packaging in order to make software behave nicely with the debian eco-system.
> The more easy path forward would be for WPEngine to switch dependency. Debian has a reliable repository.
Yeah, but.
Do we trust Matt now to not required the Debian packagers to, as he says, "choose sides" before giving Debian access to the wordpress.org infrastructure to download updated WordPress core and plugins/themes? I can _easily_ see him escalating like that.
> As a customer and user of WPEngine, what role do you see wordpress in that relationship?
The same role as I always used to see WordPress (the project, including WordPress core and the entire 1st and 3rd party plug/theme community) has with other companies that have a WordPress installation capability like cPanel and Plesk, and with every other hosting company that makes is easier to deploy WordPress than starting from a bare Linux VM - like GoDaddy or Dreamhost or practically any SMB oriented web hosting vendor.
And I think Matt is being entirely disingenuous, probably to the point I'd be happy to accuse him of outright lying, when he says WPEngine don't contribute back to the WordPress community. WPE have listed out the support they provide to the community which is in the form of conference sponsorship and development of open of the important plugins (ACF). While they obviously _could_ do more, I think the blackmail tactic Matt's using to extort them into paying 8% of revenue (at many million dollars a year) not to "the WordPress Community", but into a company (Automatic) that's directly owned by Matt, and that is a direct competitor in the WordPress hosting space.
And the recent news the the WordPress Foundation has applied to trademark "Wordpress Hosting" and "Managed WordPress" is totally off the charts punching "the WordPress Community" in the face. In my experience, by far the most common WordPress user acquisition channel is people using $5/month GoDaddy or similar hosting with a one click WP install, and sooner or later outgrowing that level of over subscribed web hosting and moving on to more dedicated WordPress hosting either through a digital agency or consultant, or going directly to WPEngine (often on recommendation from people just like me).
If Matt gets _any_ traction in enforcing 8% revenue (or more, as he's threatened) from WPEngine for using the word "WordPress" on it's website, how quickly do you think the lawyers at low margin/low cost of entry vendors like GoDaddy will say "Just take down every single mention of WordPress _anywhere_ and stop offering it to customers."
As I said, absent some adult supervision over Matt's tantrums, I believe we are witnessing the start of the end of WordPress.
"if Matt" "do we trust Matt" "blah blah yeah but Matt"
So why isn't this thing forked yet? It seems like WP Engine has the resources and now the motivation to do it. Advertise as a 100% compatible drop in replacement. MariaDB did it.
It’s more that WP Engine is successful and hasn’t meaningfully contributed back to the Wordpress project.
Which I can sympathise with. But this isn’t what open source is about both legally and morally. And there are better ways to achieve this goal than by making a mockery of the Wordpress foundation and harming end users.
>The wordpress foundation has never been anything BUT a mockery. It doesnt do anything - it is a shell for Matt's trademark schemes and tax fraud
It does kinda seem that way as an outsider looking in. There definitely seems to be some legal shenanigans going on when he's using his for-profit company Automattic to complain about stuff happening to the non-profit Wordpress Foundation. They should be legally separate enough that what he's doing shouldn't be possible.
I personally think that the best alternative is statamic. I've built two large sites with it without touching a line of PHP. No themes or crazy plugin dependencies in the manner of Wordpress, so its a roll everything yourself type deal, but the data model building GUI is excellent. Not super interested in selling/explaining it, but certainly I would look into it as a viable alternative - it works how I think CMS's should work, incredibly refreshing after building websites for 20 odd years.
There’s a million standalone CMS’s (headless) and standalone site builders (ranging from pure technical to no-code to no-design) and even sitebuilders with robust CMS’s attached these days (eg. Webflow).
I’m not entirely sure why you’re comparing Kirby to Webflow. They’re completely different tools built with completely different target audiences in mind.
Also
“many clients sites are now dead because their web host didn’t want to support old PHP versions anymore”
Isn’t the solution to that as simple as upgrading your CMS?
The comment I was responding to was criticizing the idea of having to provide hosting support for other CMS's.
That fact that you constantly have to upgrade Kirby and pay new licensing fees (and bill your customers for this) because no web host wants to support an old version of PHP...betrays the idea that Kirby is a way out of this. Sure it doesn't have a database to hassle with like Wordpress so it's better in that regard. But it's still objectively worse than any cloud platform.
If you're on a cloud subscription platform you're completely hands off (no upgrades necessary) and the client now has permanent support from said subscription they're paying for. It's fundamentally a better model than dumping websites on clients and letting them slowly rot away while they forget how to do anything with them.
> If you're on a cloud subscription platform you're completely hands off (no upgrades necessary)
Sure you’re just letting someone else do the job but at a significant higher price. It’s a trade off like everything else. In some situations a cloud solution is probably good. But in other cases it might be way too expensive in the long run. So it’s a balance and every situation is different.
don't write off those that setup a WAMP and then make it public facing. the time to get a LAMP setup running is pretty close to <1min after a simple double-click on an installer. getting a sane/secure LAMP setup running is an entirely different story that you did not specify as being a qualification.
What I was implying was the cost of services, who are you going to host with?
Cost of maintaining, whos going to keep up with latest CVEs?
Cost of domain, registrars, SSL certificates.
Cost of all adds up. A non-tech IT business has minimal resources for all of that. They want "pay $, click, it works". Not a dedicated IT worker to serve all of above.
If you take say a tutor, a bassist, they don't want all that overhead. They want a platform where they can advertise their tutoring costs, a contact form and be done with it. WP isn't ideal but it works.
For someone who can host WAMP/LAMP, fine. But for the average folk, it's not. There was a reason why WP gained popularity to begin with and it was because it was easy to adapt and junior PHP developers were plentiful, just as junior python developers are now.
> If you take say a tutor, a bassist, they don't want all that overhead. They want a platform where they can advertise their tutoring costs, a contact form and be done with it. WP isn't ideal but it works.
Yeah and especially if they want to update it themselves. Wordpress makes that easy even for the non techies so the customer can do it themselves.
Of course the big Achilles heel of WordPress is the plugins and their vulnerabilities. So really you still need someone technical to keep it up to date, which is often forgotten.
Depends on what exactly you're getting out of Wordpress and what you dislike about wordpress. But Ghost, Strapi, Payload, and Craft are all really good CMS.
When it comes to e-commerce, Shopify. Or if open source and control is important to you, Saleor.
the funny thing is, to the vast majority of people that use WP, they won't even care if even know about all of the drama. even people that took some sort of WP bootcamp and earn a living managing other people's WP site probably are blissfully ignorant of this drama.
the people that might have some actual interest are the devs that create the various plugins/templates. but as someone else mentioned, if everything goes nuclear and everyone loses their damn minds, a more sane party can just fork the thing and call it something totally different without using the terms like "word" or "press".
There really aren't one-to-one replacements for WordPress and the whole ecosystem that comes with it.
I've actually been pretty happy with Pocketbase, though it really straddles the line of rolling your own CMS. You aren't technically writing the db wrapper or visual editor itself, but any functionality you need beyond authentication is up to you to build.
I've enjoyed GravCMS [1], another php based CMS that used markdown for its content instead of a database.
For those interested in migrating away, I wrote an exporter from WordPress to Grav [2], which, given recent events, I've pulled back out and am updating again.
I suspect some of the controversy is fake. I've heard one of the previous 404 articles, alleging Wordpress training AI on self-hosted Wordpress sites, is fake according a semi-trustworthy source.
Speaking based on my gut feeling, the fact that so many low-caliber Wordpress controversy articles are all arising in quick succession seems odd to me. Some allegations seem credible, but I question to what degree they are newsworthy, given all the other scummier things corporations and institutions do these days. Perhaps now that Wordpress and Tumblr are owned by the same company, Wordpress is now seen as a more valuable target to attack.
