Robert Nealan

Robert Nealan is a San Francisco based nomadic designer + developer, the founder of Atomi Design & Designers Who Code.

Wordpress is Great, Wordpress is Terrible

, Updated: 01 Nov 2013

The blogging community has been flourishing for years with Wordpress at the lead, but to anyone involved it's obvious that there's room for improvement.

The Community

First off, let's just get out front that it now powers an estimated sixty million, or eighteen percent of websites, on the internet.

Holy shit.

Now while I won't argue that something is great because it's popular (I'm looking at you preppy high school kids), it still doesn't mean that its widespread use is any less impressive. A quick look at the source of the top 30 articles on HackerNews at the time of writing this shows that at least 9 are powered by Wordpress. First impressions suggest that Wordpress is probably more pervasive in our cat-meme browsing lives than any other platform out there.

As every platform with more than ten users has started holding a conference if only for publicity's sake (really Box/Dropbox/Trello/etc?), Wordpress has impressively held over 200 of their own Wordcamp's worldwide since 2006. What's impressive isn't that Wordpress itself organized 200+ events (I'd label that as insanity), but that almost all of these events were organized by the community itself.

So what's the problem?

John O'Nolan, one of the designers of the Wordpress UI stated,

What started out as a humble blogging platform targeted at enabling digital publishing for the masses, has evolved into a fully-fledged website CMS.

The problem is that Wordpress has long since deviated from being the pure blogging platform it started as, and in doing so has introduced a lot of confusion into it's product direction. After years of its users hacking it to be more CMS-like it finally embraced this ideal, but years after its acceptance it still remains only CMS-like. Rather than growing into the open source CMS power house it should have been, it's instead stuck in an awkward adolescent stage where anything is possible but never quite feels right. I can't recall the last time I had to tell a client, "Wordpress can't do that," but sadly I find myself walking away unproud of the code I've left behind.

Like a public school multi-purpose room, it can do anything, but is great for nothing in particular.

Content is King

There's too much stuff everywhere, too much clutter, too many (so many) options getting in the way of what I really want to do: publish content.

This is one of the opening lines that leads O'Nolan to introduce his new "pure blog" platform, Ghost. While I so far love Ghost (I'm placing my bet on it with this blog), I think he missed the point that "publish[ing] content" should be the focus of every site, not just simple blogs.

While the dashboard has visually stood the test of time with some grace, it doesn't help the fact that it continues to have a steep learning curve for the casual user. Looking at the dashboard for a recent client site, I can quickly count at least 23 sidebar/header links without even getting into dropdown menus or the dashboard homepage content.

Wordpress Dashboard
Why is my theme name, number of widgets, Wordpress version, and spam comments given a first-class location as soon as I log into the dashboard?

For my client's sake I've thankfully created a custom user role that gives them access to only the things necessary for most employees, but again it's another fix to an issue that shouldn't exist. Why are Appearance, Plugins, Users, Tools, and Settings all separate top-level items? At the end of the day these are all "Settings" that aren't relevant to the normal content management process and should be organized as such.

Security

With great power comes great responsibility, and Wordpress is no exception. With 60 million websites and an aging codebase susceptible to common attacks, it's not uncommong ot hear about hacked Wordpress sites. I myself have had several occasions where old clients call asking why their description on Google is a bunch of gibberish about credit cards, only to find that a hidden block of text had been injected into their page from some foreign base64 encoded line within their theme or the core files.

The introduction of poorly written plugins brings even more risk of common attacks like an SQL injection. If anything, Wordpress should probably take the route of auto-escaping any inputs unless explicitly disabled on a case-by-case basis.

"The Loop...oh god, the loop"

A decade ago PHP was one of the most promising languages out there, but now it's largely the subject of regular ridicule. While its been making great strides at modernizing itself since v5.3 (now on v5.5), it still has a long way to go compared to its younger, more nimble (and less stable) competitors. Given that PHP is making such big steps to modernize you'd think Wordpress would be right there with it, but instead we get a cop out on their inconsistent "Requirements" page:

We’re very aware that the latest versions of PHP and MySQL aren’t right for everyone, and that sometimes hosts can be slow or hesitant to upgrade their customers since upgrades to PHP and MySQL historically have broken applications.

Being conscious of not breaking your user's websites is admirable, but when you're supporting a version of an actively developed language that's now 6 years old, it starts to raise some concerns.

A large portion of the PHP community (and development world as a whole) accepted the benefits of separating logic from the view with languages like Twig/Handlebars/etc, yet we still have a muddled method of writing templates using Wordpress' own PHP-based template tags. While I'm not much interested in arguing whether or not PHP is a templating language in its own right, with inconsistent Wordpress functions all mixed inside the god-forsaken the_loop() it becomes one big hack of if/while/else statements and "Wordpress PHP" that becomes near-impossible to consistently maintain long-term.

A Proposal for the Future

Modularize the core. Don't need a feature? Then don't include it. Take some cues from the likes of node.js' require and Rails 4's separation of core features into modular gems. No need for a blog? Then stop including post-style functionality and instead just include pages with base templates that can be manipulated based on flexible sets of rules. Don't need commenting? No problem.

Integrate the community. No, really integrate them. Wordpress has one of the most active communities out there and they're actively building the great plugin ecosystem that makes Wordpress so successful. Take a serious look at the "indispensable plugins" - the ones that are used on almost every website - and integrate them into the Wordpress core as optional modules. There's no reason we should be installing the same breakable third-party plugins on every Wordpress site we build...I'm looking at you Gravity Forms and Advanced Custom Fields.

Don't get me wrong, Wordpress is still a great platform to build for small client sites for many reasons not listed here, but if it wants to continue to remain as relevant as it has been it needs to start looking toward the future.

Share your thoughts on HackerNews