I was heavily involved with Wordpress from about 2006 to 2012. I made it do things it was never designed to do before a lot of plugins like this existed. It was garbage then and it’s still garbage now. I stopped using it primarily because I saw what a cluster fuck the internals were and how out of control the plugin upsell ecosystem became. There were inklings of this behavior from the supreme leader too, like believing theme sales were antithetical to the entire point of WP. So I jumped ship with a real bad taste in my mouth and never looked back. I’ve tried it a handful of times over the year and it still looks like the same turd with a few more layers of polish. Still won’t scale out of the box without caching plugins.
The irony of this entire situation is Matt didn’t even make Wordpress. It was forked from a blogging engine called b2. How’s that expression go? You either die a hero, or live long enough to see yourself become the villain.
What an ego trip... now I'll definitely stop considering WordPress, even if it perfectly fills the use-case (mine or client's).
I know it was frustrating for Automattic to see WPEngine as a leecher, but to be this hostile and volatile does not inspire confidence. What if you had a WP instance hosted by Automattic and said something the leadership does not approve? Will you get banned with no way of recovering your website? (Ghost had a similar story.)
he must be having a legit mental breakdown. i do not understand any of these decisions done so haphazardly with no regard to users or their current situation, even if that was the direction they were moving. basically, telegraphing that he will personally go out and fuck up your day if you cross him. pettiness to the nth degree right here.
At first we were saying it as a joke, but I am increasingly seriously wondering just how many famous people in the Valley are in various stages of stimulant psychosis, considering how widespread the joking-not-joking talk is about liberally using Adderall etc. to maximize "the grind".
Well, an essential part of psychiatric diagnosis is often to notice the presence of a noticeable before/after change. Psychosis, mania, are valid hypothesis that would make a CEO take surprising decision.
I don't see how that belittles the struggle of patients. Having and company and being bipolar is far from life on easy mode.
Greed and incompetence are also valid hypothesis, although don't necessarily need an abrupt change in behavior.
I am not. I am saying this is a hypothesis to consider. This is not at all the same thing and I would agree with you that diagnosing bipolar on a few press articles makes no sense. The goldwater rule is a good rule imo.
he could be all of them? i'm basing this off the fact that he was able to run and build it up to what it is today, then suddenly going off the rails. more of me grasping at an explanation than a declaration of truth heh.
Matt said in his keynote that he had a kidney stone a few weeks ago, which is evidently extremely painful. Perhaps that physical trauma triggered something.
I am not in the mood to do the proper base rate computations but I think it's considerably less likely that this would be indirectly due to a kidney stone rather than simply any of the well known psychiatric and neurologic condition you can have at the age of ~50.
Aside: each and every post about Wordpress on HN over the past couple of days has been downweighted basically to oblivion (I expect this one to vanish from anywhere near the front page very soon). Is there a reason for this? The topic is rapidly evolving and is relevant to the HN community.
> The basic algorithm divides points by a power of the time since a story was submitted. Comments in threads are ranked the same way.
> Other factors affecting rank include user flags, anti-abuse software, software which demotes overheated discussions, account or site weighting, and moderator action.
It could also be moderator action.
My most viral submission suddenly dropped from the top story to page 8, despite having far more points than anything else on that page, and only being a few hours old. I suspect this happened because it was a negative post about Amazon. The comments were not overheated. Most posters agreed with my sentiment.
Those threads appear to be stoking the drama more than anything. HN's stated goal is to satisfy intellectual curiosity, and even if the post topic itself is of interest, if the discussion isn't substantive then the system is probably working as intended (regardless of whether it's the flamewar detector or a manual downweight).
> If you use WordPress for a living, I recommend strongly that you consider changing platforms.
I initially thought this as well. There are alternatives but unless those alternatives are 100% API compatible with WP plugins and themes nothing is going to happen. Wordpress users and devs will continue to use WP. business as usual. Matt knows this.
I don't know much about WordPress, but it's pretty amazing to me how much staying power it's had. It seemed crusty, bloated and not long for this world 10 years ago to me.
Matt also knows that the messy WordPress API (both actions and filters) is difficult to integrate into a well-architected software project as a plug-and-play mechanism.
Flawless, it's really easy to wrap your head around (especially if you grok Go).
I would recommend spinning up the most basic site from scratch to give it a try, takes minutes tops and its got a built in dev server to see your site.
It pretty much all rapidly clicked into place from there. The idea of adding content as markdown is so easy and appealing, and the flow is so logical. The build times make me smile. Everything feels so rapid and under my control.
It's maybe an issue with me but I've been on blogotext where I would post stuff, then on Hugo but the tooling was taking most of my energy and the version upgrade path was a blocker for my themes, plugins, etc. I was clueless how to solve those pains without coding and opening issues. Then I tried zola but it was buggy, and I had to learn Rust to fix one basic issue which took days of rewriting code review after review.
And having yet to setup a pipeline and fight to make that work, just too much for me.
Then I went to WordPress and didn't had to mess with trying to make the blogging system adapt to my needs with code, it was just flexible enough with a nice WYSIWYG editor and admin panel and plugins. No mess with ci/cd build times, manual upgrades and reading language specs and opening issues to make things work. Those things were not needed to just blog.
Today I'm still on WordPress and none of the SSG feel simple enough to me.
Git, markdown, build pipelines... Code editor. It's all fun for work and collaboration with devs but just out of interest for blogging.
Also they mostly generate invalid HTML and lack features or have custom templates. And next upgrade could break everything.
I prefer something that is helping me focus on blogging for long term without upgrade maintenance cost and without fearing platform dies.
But yeah WordPress is not perfect and I'm considering maybe to glue a few tools together in the long run and make my edits in pure txt or HTML for which no existing SSG or WordPress are needed.
I hope Matt can get better but in the meantime, the community needs to fork. In the same way that LibreOffice forked from OpenOffice. Otherwise the blogosphere is just going to adopt one of the competing platforms and many of them (at least many of the "user friendly" ones) are not open source.
As much as the community may want a fork, I suspect it's not going to pick up much momentum unless it's created by a larger company with skin in the game, i.e WPEngine.
I agree and that is also my fear. That would mean that people will just move to something proprietary like Squarespace or Wix. This type of shift has happened many times before in tech so I consider it likely.
I get where you're coming from but I find it more likely that most people will just move to Squarespace, Wix etc. - away from open source and towards proprietary platforms.
What kind of lawyer would let this happen in the middle of a lawsuit? I know lawyers do not control their clients, but this is ineffable. Even common sense should know better.
"If they’re willing to do this, I wouldn’t trust any plugins hosted on WordPress.org."
Yep yep yep.
Jesus Fuck Matt, put down the crackpipe and open the window. You are _totally_ out of control here.
I am 100% going to start another much more urgent discussion at work on Monday about how we remove all risk of relying on anything from Automattic, wordpress.org, or The WordPress foundation. This will include opening a discussion with WPEngine (where we host about two dozen internal and customer sites) about what their short/medium/longterm plans are and what sort of guarantee they are planning to provide about updates and security fixes to the plugins and themes we rely on. It will include an internal discussion of whether we own it to all our clients running WP to inform then of this stupid stupid drama and the risks in represents and what we are doing to mitigate them. It will also include a very serious discussion about a million dollar government RFQ we submitted last month for a project that has a plan to use WP for the public facing website component.
You have been and continue to trust Automattic for the core code.
If for example, Automattic instead had said they will bundle the plugin functionality with the core, there are many historical cases of that, unpleasant as it is for the third party usually... results are identical, right?
This plugin can only operate on top of the core code, whoever distributes the plugin to you. It means you have to decide to either bin the whole ecosystem, or use the core and plugin from the same people.
It's also open to the plugin people to distribute the core themselves, but since they don't have a history of working on it, why would you imagine for core maintenance, you can trust a smaller private equity-funded group that historically leeches on the core project, more than the originating project for the core?
As the saying goes, half the internet runs on Wordpress. Aside from a nuclear incident like an auto upgrade that permanently breaks all of the sites, it'll continue to be used.
I'd been staying out of this conflict, partly because I'm not really in the know on WP Engine's behavior behind-the-scenes and, as weird as Mullenweg's plays have been, I don't like to comment on things I'm not fully read into.
But, this touches on a particular hobby horse of mine. It involves some old conflicts too, but I don't want to ruminate on them.
From about 2016 to 2019, I was heavily involved with trying to remedy what I considered an existential threat to the Internet: WordPress's auto-updater.
If that sounds alarming, consider the enormity of WordPress's market share. Millions of websites. W3Techs estimates it powers about 43% of websites whose server-side stack is detectable. At the time, it was a mere 33%.
For the longest time, the auto-updater would pull an update file from WordPress.org, and then install it. There was no code-signing of any form until I got involved. So if you pop one server, you get access to potentially millions.
Now imagine all of those webservers conscripted into a DDoS botnet.
Thus, existential threat to the Internet.
Eventually, we solved the immediate risk and then got into discussing the long tail of getting theme and plugin updates signed too.
You can read my ideas to solve this problem for WordPress (and the PHP ecosystem at large) here: https://gossamer.tools
Here's the part that delves into old drama: Mullenweg was so uncooperative that I wrote a critical piece called #StopMullware (a pun on "malware") due to his resistance to even commit to solving the damn problem. On my end, I reimplemented all of libsodium in pure PHP (and supported all the way back to 5.2.4 just to cater to WordPress's obsession with backwards compatibility to the lowest common denominator), and just needed them to be willing to review and accept patches. Even though I was shouldering as much of the work as I logically could, that wasn't enough for Matt. After he responded to my criticism, I took it down, since he committed in writing to actually solving the problem. (You can read his response at https://medium.com/@photomatt/wordpress-and-update-signing-5... if you care to.)
The reason I'm bringing this old conflict up isn't to reopen old wounds. It's that this specific tactic that Mullenweg employed would have been mitigated by solving the supply chain risk that I was so incandescent about in 2016.
(If you read my proposals from that era, you'll notice that I cared a lot about the developers controlling their keys, not WordPress.)
I don't keep up-to-date on Internet drama, so maybe someone already raised this point elsewhere. I just find it remarkable that the unappreciated work for WordPress/PHP I did over the years is relevant to Mullenweg's current clusterfuck. Incredible.
Since my knowledge on the background noise that preceded this public conflict is pretty much nil, I have no reason to believe WP Engine hold any sort of moral high ground. And I don't really care either way.
Rather, I'd like to extend an open invitation: If anyone is serious about leading the community to fork off WordPress, as I've heard in recent weeks, I'm happy to talk at length about my ideas for security enhancements and technical debt collection. If nothing else comes of this, I'd like to minimize the amount of pain experienced by the community built around WordPress, even if its leadership is frustrating and selfish.
Very interesting. I’ve been writing code for a while but if I’m honest I have no idea how code signing works. Any good resource on how it works especially in php?
In this lawsuit against you and your mother, is it you or her who is accused of sexual harassment and racism? I don’t have access to read the case details.
> In this lawsuit against you and your mother, is it you or her who is accused of sexual harassment and racism?
Both (and the company through which they employed the plaintiff) are accused of the various discrimination, harassment, wage theft, etc., violations.
(EDIT: Though his mother is apparently accused of doing the direct racially- and religiously-bigoted statements, and the persistent graphic descriptions of Matt's sexual escapades, Matt's role -- other than as ultimately responsible as employer -- is participating directly in retaliation by taking complaints about the behavior back to his mother who accelerated rather than taking action to curtail them.)
> I don’t have access to read the case details.
You don't need access, you just need to go straight to the court site instead of a third-party aggregator.
And, if you had a nickel for every currently-active lawsuit against Matt and his mom for that kind of thing filed on June 9, 2022, you'd have two nickels, which isn't a lot, but it's interesting that there is more than one...
Am I reading this correctly? This guy owns an LLC through which he directly employs a personal healthcare team for his mother? And Mr. "Post-Economic" couldn't pay his nurses a fair wage?
> PLEASE TAKE NOTICE that Defendants hereby respectfully object to the Case Management Order, Notice of Time and Place of Trial and Trial Related Orders dated May 23, 2024. Since the filing of Defendants’ Case Management Conference Statement on May 21, 2024, Mira Hashmall, lead counsel for Defendants, has had a 5-7 day trial scheduled with a start date of March 17, 2025. With the trial in this matter starting on March 10, 2025, and trial in Case No. CGC-22-600095 starting on March 24, 2025, that would be three back-to-back trials and potential overlap amongst them.
That doesn't move the needle as far as restoring the trust you've broken.
You should negotiate with WP Engine to drop their suit contingent on your resignation. Maybe they'll go for it. Resigning is the only thing that would prove you're serious about allowing your power to be checked. And perhaps the only thing that would stop you from cutting a huge settlement check (probably within weeks and not the years you've anticipated).
Do you think that's something you're capable of? Do you care more about the future of WordPress and of open source than you do about your own power and rivalries? Will you prove it to us?
To be frank I don't believe you will. I'm pretty cynical about this kind of thing. But I've been wrong before. It would take a very strong person to admit, not just publicly but to their bitter rivals, that they had lost control and damaged their own life's work.
But if that person is you - it wouldn't be much, but you'd have my admiration.
---
Stark: Make peace with the Lannisters, you say? With the people who tried to murder my boy?
Baelish: We only make peace with our enemies, my lord.
I’m sure was covered in a comment on another thread—how is Mullenwag’s behavior different than other OSS projects wanting compensation when their work is monetized, especially from large well funded companies?
Currently, there are lots of applications that bring winnings in the form of prizes, so always be careful, sometimes applications like that should not be installed immediately.
Sorry, this is a GPL plugin to stuff already maintained by Automattic?
It's not like users aren't already updating to whatever Automattic want to give them, in the core, if that's the case? Automattic producing the same plugin and delivering it the same as the core doesn't sound like much of change, since users already trusted Automattic for the core either way...
If the delivery service that transported my vendor's goods to me, suddenly started substituting their own product instead, I would sue them. I think my vendor would be pissed too, especially if the main difference is that their monetization was torn out.
This behavior would land people in jail in a more serious industry.
No... core volunteers who provide work to you for free, which you have been consuming successfully, have now extended the domain of their works to also encompass something on top you previously got from elsewhere.
The plugin you previously used was always completely dependent on the work of the core volunteers; you were always consuming their work and nothing changed about that. It just also already includes the optional plugin now.
Why would anyone end up in jail when everything is GPL2+?
Users of the plugin already have a trust and consumption relationship with Automattic for the core.
It's more like mcdonalds replacing Coke with McCola with your mcdonalds meal - you were already trusting mcdonalds for the food. But even that is a stretch since both are GPL2 and there's no current sign the plugin Automattic provide differs from the WP Engine one.
GPL is on both sides, nothing stops WP Engine doing the same and providing their own flavour of core with their plugin, if that's what people want. Of course that costs more than private equity just using Automattic's core for free.
I feel like the dodgy part isn’t the forking. Any open source project can be forked at any time by anyone. The dodgy part is them automatically switching existing users to their fork.
To use your McDonald’s analogy, it’s like specifically ordering a Coke and McD’s secretly switching it to a McCoke without you noticing.
As I wrote elsewhere, this is no different from a project deciding to incorporate a third party's functionality into the core. Either way whoever provides the plugin, you trust the provider to provide the core, if you now think they are going to do bad things, there is nothing they can do in the plugin that they couldn't do in the core without all this drama.
It seems the "perceptual framing" that is being engineered about this, that Automattic and its leader should be cancelled, is not about technical issues.
Lots more discussion: https://news.ycombinator.com/item?id=41821400
https://news.ycombinator.com/item?id=41821336