[dpau]

I used to help artists with setting up Wordpress portfolio sites. But the constant maintenance required (updating Wordpress & plugins, making sure that all plugins are secure and maintained, and checking after each update to make sure nothing was broken), as well as the rise of platforms like Squarespace, Wix & Weebly, means that I no longer recommend Wordpress for those types of clients. Artists just want to show and sell their work, not deal with whether or not a plugin update is compatible with their version of Woocommerce.

[CM30]

Is this a WordPress thing or a software with a developer ecosystem thing?

Because that's always the catch with any script really. If you're using third party themes and plugins for anything, then you're putting trust in the developers of said themes and plugins that they know what they're doing coding and security wise.

The exact same situation is true of everything from WordPress to Drupal to vBulletin and XenForo to MediaWiki and Magento.

[lowercased]

With something like squarespace or wix (or even WP hosted), you're putting more power in the hands of the centralizing host, which is both limiting but also can reduce security issues.

The "sheer breadth of the ecosystem" in self-hosted WP is also where so many of the problems come in (compatibility between products, security issues, etc).

I'd argue it really is worse in the WP scene vs Drupal, partially because of the 'ease' of the code for newbs to get started. There's no culture of automated testing in the WP community at large, but some other platforms at least allow for that. There are people who write clean and well-tested WP products, but they're likely a minority, if you're looking at the ocean of stuff released over the last 5-10 years in the WP space.

[calibas]

It's not exclusively a Wordpress problem, but in my experience it's especially bad with Wordpress.

[Silhouette]

Indeed. Staff at the hosting service I use for professional purposes have always been very down on WP. My understanding from our various conversations is that for any systems where they were providing some sort of managed security service, it was a time sink to keep everything up to date. For any shared hosting systems where they weren't also managing the security, there would be frequent compromises and then that would get things blacklisted, so potentially other customers using the same shared resources could be negatively affected in at least two different ways. They don't seem to have become noticeably more positive about any of this in recent times despite the arguments about WP security being better these days, which suggests that there is still enough of a problem to be concerned about.

[photomatt]

Check out Jetpack, it can auto-update all your plugins, and has a "Rewind" feature with real-time backups so you can one-click take your site back to a previous state if anything didn't work.

[dazc]

Jetpack has some nice features, the comments form especially. It is, however, very bloated - especially since you'll often only use 2 or 3 features on any one site.

[photomatt]

Since Jetpack code is also what we run on WP.com (tens of billions of pageviews) it goes through a huge amount of performance tuning and optimization. The way modules work when you turn them off they don't have any overhead, similar to turning off a plugin. If you were using literally one thing it might feel like a lot, but as soon as you use 2-3+ things Jetpack does it's a lot more efficient than separate individual plugins to accomplish the same task.

[chiefalchemist]

Can you give a couple examples of when / how Jetpack has to be a single plugin, instead itself being a suite of individual plugins?

If the knock on that product is bloats, and the compromises adoption, how is X a benefit to those who refuses to abopt the whole alphabet?

[coldtea]

It's not like features you don't use slow you down, or that the < 1 MB of code they take on disk is important.

[ryanwaggoner]

I did a lot of WP dev from 2007 to 2011 or so, and I still run my businesses on Wordpress today. I hadn't really dug into Gutenberg yet, but I just played with https://wordpress.org/gutenberg/ and I think a lot of people are overreacting. It's a very big change, but it feels like the right move for the future of Wordpress. I'm sure it's not easy to move a community forward in a new direction when there is a global ecosystem comprised of tens (hundreds?) of millions of websites, developers, designers, users, and entire companies invested in the status quo. I don't envy you!

Also, appreciate you still stopping into HN to chat :)

[chiefalchemist]

Hi Matt. Maybe not assume everyone here knows who you are? And instead at some point make note of the bias in your recommendation?

HN =/= WordCamp etc.

Tia :)

[goatherders]

As a free market tends to do, this has been largely solved. Perfect Dashboard, iThemes/Liquid Web and others now offer technology that auto updates core and plugins and rolls them back if anything breaks. 95% of the old pain of updating and patching is solved with these tools.

[sxp62000]

The only way to ensure your wordpress sites don't break is to reduce reliance on plugins. A decent host like DigitalOcean doesn't hurt either. Squarespace is ok for simple sites, but once clients start requesting additional features it becomes a nightmare.