WordPress is now 13 years old

A few free safety and performance tips when dealing with wordpress:<p>- Whitelist IPs for access to your wp_admin and wp_login.<p>- If you have the skills to automate WordPress updates yourself, remove all write access (except for the uploads folder) from the user WordPress is running as (i.e. www-data). It&#x27;s all just unzip and untar over the structure of the directory anyways.<p>- If you remove write access, you might as well block the &quot;cron&quot; as well.<p>- Limit the WordPress DB user to the usual crud operations; don&#x27;t let it create or alter tables.<p>- If you feel like getting really into it, whitelist explicit URLs. Maintaining it isn&#x27;t really too hard, and it reduces your attack surface significantly.<p>- Set up even a simple nginx cache in front of WordPress - even a 1-5 minute cache will let your site run on crappy hardware and handle HN or Reddit with a minimum of sweat.

The fundamental lesson WordPress taught me is that the product wins over technology. Even back in 2004 it was clear that the internal code wasn&#x27;t that great. So what? It installed delightfully quickly, and let me create posts with valid markup and good typography right out the box.<p>And then the community management and plugin&#x2F;theme ecosystem. For example, Drupal may have a more programmer-approved API, but (at least when I worked with it back in 2011) it was a hundred times more complex to make a custom content-editing form in Drupal than in WordPress. Again, product over technology.

Say what you will about WordPress - its codebase, security, speed, architecture, DB schema, whatever. Haters are going to hate.<p>It&#x27;s a pretty amazing accomplishment what Automattic has done by staying so popular and relevant for so long.<p>Looking at it from a non-hardcore programmer&#x27;s perspective:<p>* Quick to learn backend<p>* Easy to use plugins for non-devs<p>* Painfully maintaining backwards compatibility overtime<p>* It just works. Built to run from basically a potato of a server. E.g.: HTTP&#x2F;transport check [1]<p>[1]: <a href="https:&#x2F;&#x2F;github.com&#x2F;WordPress&#x2F;WordPress&#x2F;blob&#x2F;master&#x2F;wp-includes&#x2F;class-http.php#L430" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;WordPress&#x2F;WordPress&#x2F;blob&#x2F;master&#x2F;wp-includ...</a>

Wordpress is still massively popular and after 13 years, I hope this still isn&#x27;t true:<p>&lt;azonenberg&gt; wordpress is an unauthenticated remote shell that, as a useful side feature, also contains a blog

I remember my first install. It was glorious, started posting like a madman. At some time - when gaming Google was the thing, say 2008 - had thousands of sites based on WP.<p>Then I had my first major vuln and spend my week-end fighting fires. Then I had my first encounter with encoding mess ups... an add-on going wild...<p>Fond memories...

13 years ago Movable Type and Blogger owned the space. MT was for folks who wanted to install software on their own server, Blogger for those who wanted a hosted option.<p>Blogger was bought by Google a few months before WP appeared.

oh, wordpress, the burner, breaker of balls, mother of confusion, queen of the seven installs, protector of the bots. blood of my blood, i bow to you and swear my allegiance until the internet shall break.

I only recently tinkered with wordpress&#x2F;buddypress plugins for a hobby site. I can see why it became so popular. It&#x27;s dead easy to start tinkering because it forces you to learn very little. Just find the place where you want to hook your code, and dump tons of godawful code in there. That means that people use 1000 different styles in their plugins, but its the big price to pay. In comparison, try tinkering with oxwall without digging deep into their object-oriented code.

I alternate between thinking how great Wordpress is, and how it isn&#x27;t so great.<p>If you hit its (admittedly broad) use case, you are great, but if you go even a little off, its a pain.

Wordpress is, imo, the reason PHP has historically gotten a bad rap. Needle&#x2F;haystack&#x2F;type&#x2F;performance PHP jibes aside etc etc, WP has been the single point of contact for situations where my company has had to remediate a hack&#x2F;data breach&#x2F;script kiddie scrawl. I&#x27;ve seen full hosted servers being unplugged with no comebacks, tens of thousands of dollars in rebuild costs, lost clients due to security concerns.. the culprit? <i>pointing over there</i><p>The easy retort is &quot;just keep it patched and up to date&quot;, natch. The ongoing costs&#x2F;technical debt involved in maintaining a Wordpress install sometimes ends up being greater than what it cost to roll the thing out.<p>Wow, I&#x27;m getting old and complainy.

Wordpress&#x27;s success has to be down to it&#x27;s ecosystem. There are other CMSs that are better targeted to more specific uses, but the amount of options and choices to a web designer with Wordpress are unreal.

Wow, congrats WP!

The problem I have with wordpress - and any php project for that matter - is that I&#x27;m afraid of the code. I&#x27;ve done some template editing for WP and it already scarred me enough.<p>But maybe I just prefer writing and working in my own familiar codebases instead of spending a small amount of time in that of others, a curse that a lot of PHP developers have (the &quot;I&#x27;ll write my own framework &#x2F; cms&quot; curse)

The community and massive amount of plugins developers created and still create for Wordpress contributes to its success.<p>Same thing with Minecraft. The huge community of modders pushed Minecraft to be as huge as it is.<p>Developers flock to both because they themselves can gain recognition and make money off these platforms.<p>I personally love the success story of both because they both started off small and initially had no intention of getting this big.

Anybody attending Wordcamp in Asheville this year?

At this point I don&#x27;t think Wordpress is going to change their codebase into something more modern and secure. Is there any other easy to use blogging platform like it? PHP based because PHP is everywhere, based on a modern framework (symfony2, laravel, etc), jinja-like template system, support for databases other than mysql?

I&#x27;ve started a small WordPress cheatsheet for myself here: <a href="https:&#x2F;&#x2F;github.com&#x2F;CHH&#x2F;cheatsheets&#x2F;blob&#x2F;WordPress.md&#x2F;WordPress.md" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;CHH&#x2F;cheatsheets&#x2F;blob&#x2F;WordPress.md&#x2F;WordPre...</a><p>More tips always welcome :)

I&#x27;m not sure if it&#x27;s me, but when ever I see WordPress in a news article, the first association is always with &#x27;Mass Hacks&#x27;...