WordPress is today by far the most widely spread blogging platform on the Internet.
I am enjoying using WordPress since I made it my "weapon of choice" over Moveable Type and Drupal. I spent lot of time with WordPress and just love it.
But that also gives me an opportunity to express some of my concerns regarding the current state of WordPress and the future direction it may be heading. You often get the best critique from those who love you the most.
WordPress in Transition
With the rules-changing version 2.5 out couple of months ago, and a current transitional 2.6 we are headed for another rules-changing version of 2.7. It will have new admin interface and integrate functionality of several popular plugins.
As many other developers, I have been carefully following this progress and I can tell that new versions brought certain compatibility issues. Maintaining support for just a couple of plugins has become almost a full time job, one you as a plugin developer, are usually not paid for. You can see that by taking a look at my plugin comments and the forum which I opened specifically to deal with the support questions more efficiently.
Far and Wide development
But more importantly, I have noticed that WordPress is not developing "far" anymore, and it started going "wide" instead. By this I mean there are less inventions and new technologies with every update. There is just more functionality that relies on current existing technologies.
That makes the code base grow and harder to manage, and presents the users with default solutions to their problems.
Speed and Choices Theory
I have a theory that I call "Speed and Choices Theory". It says that the faster software is, while giving more choices to the user, the more successful it is likely to be with the user base. It generally applies to life but in this example I apply it to WordPress.
Google and Yahoo Battle
To illustrate this, I'll compare Google and Yahoo way back in 1996.
Both were search engines and both were fighting for the number one spot. We all know who won, but how did Google pull it off?
Google set a goal to present search results to the user in no more then half a second. 0.5 seconds is all the user had to wait in order to find what they needed. Yahoo was much slower and it lost the first battle.
Yahoo also decided to fit all kind of content on their home page, something that will later become Yahoo directory and it basically offered default choices for the things you may be looking for.
If you wanted to find out more about a topic, you would find a site about it, recommended by Yahoo. That approach has a good side for cleaning out the spam, but on the other hand the user is deprived of choices - they are forced upon. And so the Yahoo lost that battle as well.
Speed and choices are everything on the Internet today..
WordPress is Slowing Down
WordPress started out like Google, but is now becoming more and more like Yahoo. It stopped going "far" and started becoming fat ("wide"). It is becoming slow and clumsy.
Did you notice how much time you need to load the Write Post screen? How about adding an Image? Why isn't this instantaneous?
The user has less choices with every new version as certain default solutions are implemented.
Take a look at Chrome, the new browser from Google.
Take a look at Habari, the new and different blogging platform.
Ideally we want a very fast and secure software that handles the basic purpose it was made for.
Since every user has different needs, every other functionality should be handled by external additions (plugins), leaving the core extremely small, efficient and scalable.
Even at this time I would say that 95% of users use only 5% of WordPress core functionality, mostly very simple tasks like writing a post and perhaps managing comments. With new version like 2.7 this may shift to 97% and 3%.
Plugins in the Danger Zone
There are almost 3,000 plugins in the WordPress plugin repository at this time, downloaded almost 12,000,000 times. And anyone can submit a plugin to the repository. Without any control.
So what implications does that have?
A plugin that you run on your blog has (depending on your hosting server) almost full control of your website. It can change your WordPress site and change your theme files. It can insert hidden code into your pages. It can change your pages, it can copy and move files on your server and in some cases it can even delete them. Every single plugin you have on your blog is capable of doing this.
By installing a plugin you are giving it the ultimate authority to do whatever its author wants.
Would you trust a house to a complete stranger?
How many plugins do you have? A typical user will most likely have around 10-15 plugins. What do you know about them? Typical user knows almost next to nothing.
Privacy and Security Issues
Privacy and security implications of plugins shared that way are enormous.
While you can be pretty sure that the core WordPress will be free off any kind of malicious behavior (well there is at least a company to sue), whom to blame if you suddenly found out that a certain plugin is sending your private information to a foreign server?
Surely, such thing would be discovered quickly, but even new and totally anonymous plugins get downloaded hundreds if not thousands of times by all sorts of users, including those that would never find out about this security issue. The potential for damage is huge.
For example, if someone would got my password for plugin repository and let's say changed Smart Youtube plugin and updated new version, around 30,000 people might automatically update it (because they trust this core function) and now have a malicious plugin running on their blog. It could install a web-virus, privacy information tracker or simply delete all your files.
What if that happened to All in One SEO pack plugin, the most downloaded WordPress plugin with almost 400,000 installations?
Obviously this matter needs proper and most urgent care, as the way it works now is a recipe for disaster waiting to happen.
The theme repository manually approves every theme, even every update, before allowing it into the repository. The plugin repository, which is a potential source of much graver risk, doesn't.
We need to have stricter rules for plugins. Start with coding standards and inform the developers of proper and transparent ways to handle things in plugins. Then manually inspect every plugin with aspiration to get accepted to the official plugin repository.
We need a permissions system for plugins (similar to user capabilities). These would be plugin capabilities. They would define what is a plugin able to do in your system. The plugins inspected by WordPress repository would get the highest ranking. The less trusted plugins would have restricted access within your WordPress. And you as a user should be able to control the "trust" level of each plugin.
Let the user make choices on what to install. If they decide to install a plugin from WordPress.org, we need to make sure it's not compromising. If they decide to install it from any other site, they shall be aware of the risks for doing so.
We trust too much the good-intention of Internet users but not all are equal. WordPress has spread enough by this time to become an interesting target for a large scale ill-minded attack. It is a grave prospect but it's not fictional.
Get Back on the "Far" Track
Future is about inventions, not interventions. More speed, security and choices.
Future lies in simplicity. Let's reinvent the famous one-click install.
WordPress is too good to miss the chance to make it even better.
- Enhancing WordPress security with two-factor authentication plugins
- WordPress Top Plugins Review
- Check your WordPress site for viruses and malware
Posted in: WordPress
TAGS:future wordpress, photo critique sites, secure reliable web hosting, secure wordpress build, speed reading critique, subscribe users, very impressed plugin prelovac, vladimir prelovac checkout repository, vladimir prelovac srbija, wordpress critique, wordpress future, wordpress photo critique plugin, wordpress security, wordpress subscribe read, wordpress themes future, yahoo critique