> ...how it (the Wordpress community) has been made to depend on Matt’s leadership at Automattic’s infrastructure. And how that is a very bad thing.
> This post is best read while listening to Know Your Enemy by Rage Against the Machine. (There’s a jazzy cover if you are so inclined.)
Well, I hope nobody needs to listen to "(This is what you asked for,) Heavy Is the Crown" when listening to the future developments :)
I'm not on team WP Engine or Matt, and I have no personal stake in this (I don't use WordPress). But at this point, I’m concerned that things are going to crash and burn, impacting the average blogger who just wants to publish content - far more than they’d ever expect. I dislike Medium even more than I dislike the WordPress ecosystem.
The thing about listening to a song as you read the post is a jab at Mullenweg's "This post should be read while listening to Wish by Joshua Redman. The writing is synchronized to the music reading speed." on https://ma.tt/2024/09/ecosystem-thinking/
Is WordPress even used for blogging anymore? In my view it’s more akin to Emacs or Jira - a platform to build whatever you want that out of the box just happens to be configured as a blog/text editor/bug tracker.
I’d say this is the golden moment for Ghost to shine.
I would love to see ghost rise higher in all of this, but my experience is that it’s very, very hard to sell most clients on it. They have all heard from someone that Wordpress does everything, it’s the standard, it’ll give them more options down the line, etc.
Ghost is more than enough quite often, but I wonder if a few more key features could convince a large amount of people to convert.
Their editor is great, but making it more extendable would be a huge deal. I’ve dug into it several times now, but I don’t see a clear path to a maintainable plugin API for the editor that would allow you to add more cards at will by just throwing them into a directory for example. It’s possible, but how would you version plugins? Would the editor need to be decoupled from ghost well enough that you can install the version that supports your plugins best? How do you handle broken plugin content? What if someone stops maintaining a plugin; do all the users of it eternally stay on the last version of the editor that supports it?
If that problem was solved I think a lot more people might come over to ghost as things like recipe cards, ad server integrations, form builders, and other popular tools made it into the editor.
Yet, would that actually make ghost better? I think there’s a version of this that would be objectively better, but you’d have to be careful not to allow for all kinds of potential breakage and friction. Right now everything is fully integrated so there are no regressions caused by upgrades. It would be a shame to lose that.
I wish I had more time to work on this. It’s a really fun, properly challenging problem.
I've been advocating for the removal of the Posts feature, or a configuration flag to disable it because I currently work for a different hosting company now and I have never seen a site using the Posts feature for blogging in my support ticket queue. (Yeah, I use it, but I'm a walking-talking edge case.)
In fact, I've seen a handful of sites that have a "blog" on them, but they don't use the Posts feature for it.
WordPress is a massive monolith despite its extendibility and the thing is that Matt get veto anything (this is why his hello.php plugin is still included as a form of digital manspreading) and many of the unpopular decisions are based on the needs specific to Automattic, like how the wp_posts table was used for pretty much everything until relatively recently.
> Also that WP Engine was not actually providing WordPress because they were limiting a single resource-heavy feature. As if WordPress.com hasn’t been going even further in providing a limited WordPress experience since the beginning.
I was thinking the same thing!
> This means that many of the people who work for Automattic are technically external contractors despite acting on behalf of the company, holding business cards with the company logo or conducting WordCamp talks on behalf of the company. (Which rendered legal action about what I endured as good as impossible, as I did not have any rights as an actual employee and my contract was with Automattic in California, under US law.)
Many countries use duck tests for employment both for taxation and employment law. Does it quack like employment? Are you given instructions? Are you forbidden from subcontracting? Is there a fixed hourly rate? Are you required to work set hours? Etc.
And possibly human rights based law would pierce both anyway. For example you can be discriminated against as a customer in a shop and sue.
Author here. The US/CA statues of limitations are also extremely short compared to what I am used to, so I was too late for to perform any legal action over this stateside after I recovered somewhat from all of this. (There may be a way to go against the EU subsidiaries, but I'm not doing it alone.)
(Anyway. Matt. If you're reading this, then I've seen you've been very generous with your checkbook for the past couple of weeks. I am open to burying the axe to a certain extent but that would require paying for estimated unpaid overtime and on-call hours, providing proper compensation for keeping me for almost a year on a trialmattician contract and destroying my mental and financial well-being among other things. You know how to find me. If not, I'll see you in Brussels.)
> I can’t see how Matt’s recent ideas on the rights to use the WordPress logo, the name or the wordmark requiring companies that he doesn’t like to pay up are in compliance with the GPL license.
Trademarks and logos are not attached to the software license. The Linux kernel has a trademark page (https://www.linuxfoundation.org/legal/the-linux-mark) which is separated from the gplv2 license. Python has their own trademark page (https://www.python.org/psf/trademarks/) which is separated from the bsd-like python license that the python software use. Take any major free software project and they will likely have a trademark legal page detailing what is or isn't allowed, which will be separated from the software license. Neither the free software foundation nor Open Source Initiative provide trademark under same terms as the software license. FSF specifically has the following statement:
OSI also has a guide for their trademarks (https://opensource.org/trademark-guidelines), which limits how people and company uses wordmarks and icons. OSI says in their introduction:
"In fact, the law obligates trademark owners to police their marks and prevent the use of confusingly similar names by third parties"
Last, there are historical examples where non-profits that produce free software, that being Mozilla, was in a trademark conflict with Debian, a project based on free software. The Debian–Mozilla trademark dispute resulted in Firefox, licensed under gpl, being renamed Iceweasel with a new icon that replaced the original icon that is owned by Mozilla. (https://en.wikipedia.org/wiki/Debian%E2%80%93Mozilla_tradema...) That 10 years dispute ended in 2016.
Author here. To clarify, the trademark rights were transferred to the WordPress Foundation 14 years ago and then licenced to Automattic to use for WordPress.com. (The internal verbal story was that it even involved a separate shade of blue to identify .com from .org.)
Just like with attaching a permissive license to your code means that you can't just yank it back when you feel like it, there's a long history of case law proofing that you can't do the same with trademarks, especially when there's a whole economy that has built up around your FOSS project.
I would not claim which project has the best trademark policy to emulate. My comment is mostly to illustrate how a software license is handled separated from trademark agreements and that practically every major free software project and non-profit foundation has a trademark policy. The FSF/OSI guides are also very illustrative in how those communities view trademark law compared to copyright law.
The Mozilla trademark dispute is mostly an example of a non-profit free software community being in a trademark dispute with an other non-profit free software community, and which initial solution was simple and direct. Changing the name and icon resolved the disputed until 10 years later where Mozilla lawyers decided that the Debian version was close enough to Mozilla version that it could be argued as being identical, in which the package returned to using the trademarks owned by Mozilla. I am not sure if people really despise Mozilla for it, but I recall that people found it a major waste of time. There is just so much energy that people will spend arguing about a name and an icon.
For the second, using variations of a product name was common and not equivocal, their new policy was a major hassle; it also made it harder for forks of Mozilla to be discovered, and placed a serious burden on making them.
It was just not in the spirit of open source software.
I'm attempting to move my blog from WordPress to Ghost. There's a WP plugin for exporting to Ghost. The zip format wouldn't work, only the json one did, but now I'm missing images :( Anyone have experience exporting from WP and importing to Ghost?
> Matt seems to treat what happens on WordPress.org to be within his personal domain, while those who contribute generally assume that their contributions are within the WordPress Foundation’s scope
That seems to be the crux of the issue. At least with respect to the now what question.
Thinking more and more this is going to require a substantial rethink of the entire thing well beyond a fork. Especially if Matt sticks to his guns
We thought there were 2 entities: WordPress.com & WordPress.org , but turns out those 2 are basically the same, but there is still a 3rd one WordPress Foundation (that is not WordPress.org apparently)
Then there's Audrey Capital LLC, WordPress Community Services (which is a B corp owned by the foundation), an array of Automattic subsidiaries around the world.
Judging from this post, it seems there are lots of regulatory holes in the way Automattic operates in the EU. Mullenweg needs to be careful that the eye of the EU doesn't turn its gaze towards him and his company, or he could be in some trouble. But I can't say I'm surprised by his belief that he only answers to US laws and jurisdiction.
The mention of the self-employed employees could be interesting to HRMC in the UK, if they are skirting around IR35 it could end up with them being handed a large tax bill.
Also their UK branch is called "MINISTRY OF AUTOMATTIC"... really.
I would argue that his recent behaviour warrants Automattic (and WordPress, as its dependence) being classed as a Designated Gatekeeper by the EU Commission under the Digital Markets Act.
Thank you for sharing this insightful post. I have used WP for more than a decade and must say these are very serious points, especially considering EU legislation and the questionable behavior by Mr. Mullenweg.
This will be interesting reading to EU legislators and lawyers working in the IP and privacy space.
This whole affair has been a disaster for everyone involved. Just a ton of dirty laundry being aired in public…
Time is ripe for a new publishing ecosystem — more secure, with less cruft, and preferably better governance. But I imagine WordPress is far from being displaced, even after everything that has been going on.
There's already Drupal, Joomla, Ghost and many more.
What I'd like to see is a CMS that uses git as a data store and renders to a static site. Something that can render to S3, Google pages, Cloudflare pages or a random FTP server. Ideally I could run it locally in Electron or similar, but also be able to have it hosted somewhere online that isn't the same place as the website being managed. I haven't seen a good offering in that space.
The problem is that what WP can do is so, so much more than that. And this is the secret to its success since it can grow from a blog to "here's a bunch of static pages" to a full ecommerce site with CRM/ERP integrations, etc. Boutique mini CMS is a fine thing but won't be displacing WP.
That’s the jamstack in a nutshell. I use DecapCMS to manage some client sites using that exact strategy. It’s always nice to rollback their content issues using git, it’s saved me many hours of headaches.
The only challenge is markdown is not a great store of complex component data IMO.
> But I imagine WordPress is far from being displaced, even after everything that has been going on.
Right. But this is because of a very simple, undeniable fact that is unpopular around these here parts:
There is nothing close to as good as WordPress at everything WordPress can be made to do.
No GUI-based CMS not built on PHP can be as flexibly hosted as one that is. PHP is easy and can be secured. There are no real PHP-based competitors for WordPress that are as easy to install, configure or use.
There are no CMSes that can get close to being as good for a bespoke mix of small ecommerce, member systems, digital downloads sales, form handling etc. Hosted or not hosted.
Say what you like about the block editor (personally I think it is an impressive but ultimately ten-year-plus project). But TinyMCE and shortcodes has proved painfully non-robust and there is no other block editor on an open source CMS that gets close to being open-ended enough for an extensible CMS. Gutenberg has some strengths over hosted solutions like e.g. the Squarespace editor.
There is no open-source CMS that rolls out security patches automatically the way Wordpress does, or can do so at the scale WordPress does.
HN people may dislike this, but it has not been out-competed because it is actually basically competent and extensible, and has no real jack-of-all-trades competitors at all. There's nothing with this level of contribution, extensibility, attention to detail, longevity or backwards compatibility.
Personally I think WP Engine needed a bit of a straightener; there are things they should not have done and there are things they could do. But this was not the way to go about it.
The damage Matt is doing, in particular with the "Secure Custom Fields" gaslighting bullshit is among the most depressing examples of willingly setting one's own hair on fire that I've ever seen.
(Edited for clarity, but sorry everyone, I'm waiting for a new coffee grinder to be delivered this morning)
>No GUI-based CMS not built on PHP can be as flexibly hosted as one that is. PHP is easy and can be secured. And there are no PHP-based competitors for WordPress that are as easy to use.
There have been many attempts in the past. Some offered better performance, security, were easier to use, more lightweight, etc. However they all lacked the ecosystem that WordPress provides. They just didn't have the plugins and themes, the webhosters which optimize for WordPress, the developers and companies which are dedicated to developing for, maintaining and optimizing WordPress sites.
Right. WordPress is Windows for the Web, basically.
More enjoyable to develop for, IMO, but otherwise the comparison holds.
I would add that other PHP-based projects have had severe maintainability crises, poorer clarity of design, even worse code quality crises (Joomla, for example), major fallings-out and multiple forks (Joomla again).
WordPress got this far in part because it managed inevitable community fallings-out and egos much better. It's totally depressing to see what is happening.
I would go as far as saying that PHP has developed into a very good OOP programming language in the past years (from C with dollar signs to something more Java like). Frameworks like Laravel and their ecosystems are actively using modern PHP and utilising the newest PSR standards.
The issue is how WordPress seems to be stuck in the ways of the mid-2000's. You can be a "senior full stack" developer in the WordPress ecosystem but you'll hit a wall once you start applying for more general PHP roles as everything from the standard coding style to how classes and namespaces are used are worlds apart.
> You can be a "senior full stack" developer in the WordPress ecosystem but you'll hit a wall once you start applying for more general PHP roles as everything from the standard coding style to how classes and namespaces are used are worlds apart.
I once taught someone to make this jump, who was convinced he would never be able to. It is definitely a mindset change but I think a good developer can do it.
Especially since these days, class and namespace stuff and Composer dependencies are increasingly common in plugin development.
I love Laravel (especially with Lighthouse) but I think the hooks/actions model in WordPress is underrated in its simplicity and appropriateness for the task.
(I am not a fan of the standard WP coding style, TBH)
100%! I made the journey myself after finally getting an honest feedback of a coding challenge I did for a job application, but I do think that my own background in other languages and frameworks helped.
I do worry about the thousands of people out there that have no other marketable skill than WordPress and are not going to climb out.
I can't think of another CMS that lets you easily make over $1000 for a day or two worth of work, often times without actually writing any PHP or doing some minimal overrides with filters and actions. Everything is pretty streamlined for the most part. There's stable plugins that have been active for over 10 years that pretty much do anything you can think of. Page builders that output modern HTML and CSS. Optimized hosting ready to go. Secure backup solutions that let you restore everything easily without needing to SSH into a remote server. You're not locked into an obscure language or niche CMS that leaves the client stranded down the road, or with big bills because they needed to hire an Elixir developer for their Phoenix blog they deployed via wasm to fly.io 3 years ago.
> WordPress and Automattic as Subject to EU Legislation
I'm loath to defend Mullenweg but WordPress.com is not 43% of the internet. WordPress (the software) is used by 43% of websites, WordPress.com is used by a few million, making it smaller than Wix, Squarespace and even other WordPress hosts like WPEngine.com. Automattic has no relationship with a meaningful amount of end-user data.
The argument seems to be about specific services like Jetpack, which is not limited to Wordpress.com.
I also don't think it's clear that the legal boundaries between the various entities (the person, Automattic, Wordpress Foundation, Wordpress.org, Wordpress.com, etc) would hold, particularly in the EU and particularly where the beneficial owners are identical or have large overlap.
The thing is that when you set up Jetpack and authenticate, you sync your self-hosted site with a clone that resides on the WordPress.com infrastructure. This is to facilitate the backend services that Jetpack provides.
This is needed for things like the Elasticsearch index and all sorts of things.
So, say you do your best to make your site compatible with your local privacy regs because you may be taking medical appointments or if you are selling adult toys on your WooCommerce site and some genius installs Jetpack, personally identifiable information makes to non-EU controlled and hosted infrastructure.
We may go as far as saying that Automattic is pushing the liability from themselves to you as a site owner. (In other words, you are responsible for your own customers' data but not them.)
There are certain requirements for GDPR compliance that I still have a hard time seeing as being fulfilled. (And I did work in GDPR compliance projects before moving over to Automattic and have discussed this with people in the data privacy and security scene that have raised their eyebrows over the whole thing.)
It is very strange to go from being proud of working on this and then not being able to recommend using it for much other than the CDN that doesn't require the sync process.
Jetpack the plugin does not send end-user data home, only Jetpack the paid service does that, the customer base of Jetpack is small. If a plugin's theoretical access to user data is enough to cause GDPR responsibilities for the developer that would have broad ramifications across the world of open-source, as code written by some developer in their free time is being used by every company.
This is factually incorrect. Jetpack, even the free version, sends all sorts of data over to Automattic. Automattic has access to the details of any site running Jetpack. This may have changed with the shift to modularized separate plugins but prior to 2022, there was a ton of data being sent to Automattic.
Can someone explain the whole drama of all of this? I have heard of “Wordpress” and I have heard of “WP Engine” and I have heard that .com and .org are apparently not the same thing. But other than that this feels like walking into someone else’s family argument halfway through it.
I don’t know what “side” to be on, nor what those “sides” even are.
They have a follow-up "WordPress retaliation impacts community". It's currently subscribers-only for another week, but they do allow subscribers to generate free links provided subscribers don't abuse that - which I don't think this should count as?
His management style (which I'd go as far as calling it a belief system) simply does not scale, just like the BDFL model. It must have been great to work there when the staff count was around 30 or so, but not at a figure headcount.
I am worried that he feels like he's losing the grip he has on his holy trinity of corporate entities and that he'd rather burn it down as he steps down than letting an actual open-membership non-profit or a consortium take it away from him.
I think this is the first instance of a big "open source company" where it's getting competed by another company using its very own product. That's essentially the gist of it. Matt/Automattic made WordPress and (ehm) using open source as a distribution strategy. WPEngine is trying to profit from the product (the license does permit it). As they got too big, Matt now wants to get them out of the market.
Matt didn't "make" WordPress. He started the project, which was based on another piece of software, with his friend Mike and now thousands of people have contributed to it in one way or another.
I actually doubt there's much left of Matt's own code besides some of the crap that should be removed, such as hello.php.
> What not everyone knows is that those sites are mirrored over to the WordPress.com infrastructure, including WooCommerce customer data and purchase histories — and that infrastructure is as far as I understand the GDPR — not compatible with European privacy regulations
Yikes. Not surprising in this age of data hoovering, but definitely sketchy and likely illegal in the EU. I guess it follows the other point about Automattic ignoring laws outside of the US
I might be wrong but the impression is that every US company tries the same, with different rates of success, And I don't only mean SaaS companies, or even IT. And I also don't mean unknowingly, but actively trying to impose their usual ways.
I still find it confusing that you can both claim to be GDPR compliant and also that only US law apply to your operations. Automattic was also claiming compliance via the EU-US Privacy Shield which had already been made invalid by the European Court of Justice for a while.
> ...how it (the Wordpress community) has been made to depend on Matt’s leadership at Automattic’s infrastructure. And how that is a very bad thing.
> This post is best read while listening to Know Your Enemy by Rage Against the Machine. (There’s a jazzy cover if you are so inclined.)
Well, I hope nobody needs to listen to "(This is what you asked for,) Heavy Is the Crown" when listening to the future developments :)
I'm not on team WP Engine or Matt, and I have no personal stake in this (I don't use WordPress). But at this point, I’m concerned that things are going to crash and burn, impacting the average blogger who just wants to publish content - far more than they’d ever expect. I dislike Medium even more than I dislike the WordPress ecosystem.
The thing about listening to a song as you read the post is a jab at Mullenweg's "This post should be read while listening to Wish by Joshua Redman. The writing is synchronized to the music reading speed." on https://ma.tt/2024/09/ecosystem-thinking/
Is WordPress even used for blogging anymore? In my view it’s more akin to Emacs or Jira - a platform to build whatever you want that out of the box just happens to be configured as a blog/text editor/bug tracker.
I’d say this is the golden moment for Ghost to shine.
I would love to see ghost rise higher in all of this, but my experience is that it’s very, very hard to sell most clients on it. They have all heard from someone that Wordpress does everything, it’s the standard, it’ll give them more options down the line, etc.
Ghost is more than enough quite often, but I wonder if a few more key features could convince a large amount of people to convert.
Their editor is great, but making it more extendable would be a huge deal. I’ve dug into it several times now, but I don’t see a clear path to a maintainable plugin API for the editor that would allow you to add more cards at will by just throwing them into a directory for example. It’s possible, but how would you version plugins? Would the editor need to be decoupled from ghost well enough that you can install the version that supports your plugins best? How do you handle broken plugin content? What if someone stops maintaining a plugin; do all the users of it eternally stay on the last version of the editor that supports it?
If that problem was solved I think a lot more people might come over to ghost as things like recipe cards, ad server integrations, form builders, and other popular tools made it into the editor.
Yet, would that actually make ghost better? I think there’s a version of this that would be objectively better, but you’d have to be careful not to allow for all kinds of potential breakage and friction. Right now everything is fully integrated so there are no regressions caused by upgrades. It would be a shame to lose that.
I wish I had more time to work on this. It’s a really fun, properly challenging problem.
I've been advocating for the removal of the Posts feature, or a configuration flag to disable it because I currently work for a different hosting company now and I have never seen a site using the Posts feature for blogging in my support ticket queue. (Yeah, I use it, but I'm a walking-talking edge case.)
In fact, I've seen a handful of sites that have a "blog" on them, but they don't use the Posts feature for it.
WordPress is a massive monolith despite its extendibility and the thing is that Matt get veto anything (this is why his hello.php plugin is still included as a form of digital manspreading) and many of the unpopular decisions are based on the needs specific to Automattic, like how the wp_posts table was used for pretty much everything until relatively recently.
> Also that WP Engine was not actually providing WordPress because they were limiting a single resource-heavy feature. As if WordPress.com hasn’t been going even further in providing a limited WordPress experience since the beginning.
I was thinking the same thing!
> This means that many of the people who work for Automattic are technically external contractors despite acting on behalf of the company, holding business cards with the company logo or conducting WordCamp talks on behalf of the company. (Which rendered legal action about what I endured as good as impossible, as I did not have any rights as an actual employee and my contract was with Automattic in California, under US law.)
Many countries use duck tests for employment both for taxation and employment law. Does it quack like employment? Are you given instructions? Are you forbidden from subcontracting? Is there a fixed hourly rate? Are you required to work set hours? Etc.
And possibly human rights based law would pierce both anyway. For example you can be discriminated against as a customer in a shop and sue.
Author here. The US/CA statues of limitations are also extremely short compared to what I am used to, so I was too late for to perform any legal action over this stateside after I recovered somewhat from all of this. (There may be a way to go against the EU subsidiaries, but I'm not doing it alone.)
(Anyway. Matt. If you're reading this, then I've seen you've been very generous with your checkbook for the past couple of weeks. I am open to burying the axe to a certain extent but that would require paying for estimated unpaid overtime and on-call hours, providing proper compensation for keeping me for almost a year on a trialmattician contract and destroying my mental and financial well-being among other things. You know how to find me. If not, I'll see you in Brussels.)
> I can’t see how Matt’s recent ideas on the rights to use the WordPress logo, the name or the wordmark requiring companies that he doesn’t like to pay up are in compliance with the GPL license.
Trademarks and logos are not attached to the software license. The Linux kernel has a trademark page (https://www.linuxfoundation.org/legal/the-linux-mark) which is separated from the gplv2 license. Python has their own trademark page (https://www.python.org/psf/trademarks/) which is separated from the bsd-like python license that the python software use. Take any major free software project and they will likely have a trademark legal page detailing what is or isn't allowed, which will be separated from the software license. Neither the free software foundation nor Open Source Initiative provide trademark under same terms as the software license. FSF specifically has the following statement:
"While our software is available under a free and open source software license, the copyright license does not include an implied right or license to use our trademark" (https://static.fsf.org/nosvn/licensing/2020/ModelTrademarkGu...)
OSI also has a guide for their trademarks (https://opensource.org/trademark-guidelines), which limits how people and company uses wordmarks and icons. OSI says in their introduction:
"In fact, the law obligates trademark owners to police their marks and prevent the use of confusingly similar names by third parties"
Last, there are historical examples where non-profits that produce free software, that being Mozilla, was in a trademark conflict with Debian, a project based on free software. The Debian–Mozilla trademark dispute resulted in Firefox, licensed under gpl, being renamed Iceweasel with a new icon that replaced the original icon that is owned by Mozilla. (https://en.wikipedia.org/wiki/Debian%E2%80%93Mozilla_tradema...) That 10 years dispute ended in 2016.
Author here. To clarify, the trademark rights were transferred to the WordPress Foundation 14 years ago and then licenced to Automattic to use for WordPress.com. (The internal verbal story was that it even involved a separate shade of blue to identify .com from .org.)
The foundation was open about the use of the WordPress logo, wordmark and the WP acronym until a couple of weeks ago. (Here's the previous version of the trademark policy (https://web.archive.org/web/20240101165105/https://wordpress...) and here is the current one for comparison (https://wordpressfoundation.org/trademark-policy/))
Just like with attaching a permissive license to your code means that you can't just yank it back when you feel like it, there's a long history of case law proofing that you can't do the same with trademarks, especially when there's a whole economy that has built up around your FOSS project.
I wouldn't take Mozilla's handling of trademarks as an example to follow.
They were the first to be so drastic in the open source world, and they were and probably still are despised for that
I would not claim which project has the best trademark policy to emulate. My comment is mostly to illustrate how a software license is handled separated from trademark agreements and that practically every major free software project and non-profit foundation has a trademark policy. The FSF/OSI guides are also very illustrative in how those communities view trademark law compared to copyright law.
The Mozilla trademark dispute is mostly an example of a non-profit free software community being in a trademark dispute with an other non-profit free software community, and which initial solution was simple and direct. Changing the name and icon resolved the disputed until 10 years later where Mozilla lawyers decided that the Debian version was close enough to Mozilla version that it could be argued as being identical, in which the package returned to using the trademarks owned by Mozilla. I am not sure if people really despise Mozilla for it, but I recall that people found it a major waste of time. There is just so much energy that people will spend arguing about a name and an icon.
Well, yes to the first paragraph.
For the second, using variations of a product name was common and not equivocal, their new policy was a major hassle; it also made it harder for forks of Mozilla to be discovered, and placed a serious burden on making them.
It was just not in the spirit of open source software.
But this is fairly off-topic
I'm attempting to move my blog from WordPress to Ghost. There's a WP plugin for exporting to Ghost. The zip format wouldn't work, only the json one did, but now I'm missing images :( Anyone have experience exporting from WP and importing to Ghost?
> Matt seems to treat what happens on WordPress.org to be within his personal domain, while those who contribute generally assume that their contributions are within the WordPress Foundation’s scope
That seems to be the crux of the issue. At least with respect to the now what question.
Thinking more and more this is going to require a substantial rethink of the entire thing well beyond a fork. Especially if Matt sticks to his guns
We thought there were 2 entities: WordPress.com & WordPress.org , but turns out those 2 are basically the same, but there is still a 3rd one WordPress Foundation (that is not WordPress.org apparently)
Then there's Audrey Capital LLC, WordPress Community Services (which is a B corp owned by the foundation), an array of Automattic subsidiaries around the world.
Judging from this post, it seems there are lots of regulatory holes in the way Automattic operates in the EU. Mullenweg needs to be careful that the eye of the EU doesn't turn its gaze towards him and his company, or he could be in some trouble. But I can't say I'm surprised by his belief that he only answers to US laws and jurisdiction.
The mention of the self-employed employees could be interesting to HRMC in the UK, if they are skirting around IR35 it could end up with them being handed a large tax bill.
Also their UK branch is called "MINISTRY OF AUTOMATTIC"... really.
Yeah. The Irish one is called Aut O'Mattic from the top of my head. Very Professional.
I would argue that his recent behaviour warrants Automattic (and WordPress, as its dependence) being classed as a Designated Gatekeeper by the EU Commission under the Digital Markets Act.
> that the eye of the EU doesn't turn its gaze towards him
EU = Sauron ?
They built the one ring to rule them all.
Actually, I am building that one, so probably the EU isn't Sauron after all.
Thank you for sharing this insightful post. I have used WP for more than a decade and must say these are very serious points, especially considering EU legislation and the questionable behavior by Mr. Mullenweg.
This will be interesting reading to EU legislators and lawyers working in the IP and privacy space.
This whole affair has been a disaster for everyone involved. Just a ton of dirty laundry being aired in public…
Time is ripe for a new publishing ecosystem — more secure, with less cruft, and preferably better governance. But I imagine WordPress is far from being displaced, even after everything that has been going on.
There's already Drupal, Joomla, Ghost and many more.
What I'd like to see is a CMS that uses git as a data store and renders to a static site. Something that can render to S3, Google pages, Cloudflare pages or a random FTP server. Ideally I could run it locally in Electron or similar, but also be able to have it hosted somewhere online that isn't the same place as the website being managed. I haven't seen a good offering in that space.
The problem is that what WP can do is so, so much more than that. And this is the secret to its success since it can grow from a blog to "here's a bunch of static pages" to a full ecommerce site with CRM/ERP integrations, etc. Boutique mini CMS is a fine thing but won't be displacing WP.
That’s the jamstack in a nutshell. I use DecapCMS to manage some client sites using that exact strategy. It’s always nice to rollback their content issues using git, it’s saved me many hours of headaches.
The only challenge is markdown is not a great store of complex component data IMO.
I really like Decap, but I wish that the UX was better. With a bit more polish it would be very compelling.
Wordpress was quite a leader in this area, as there's a great plugin to render WP sites to static files, Simply Static.
> There's already Drupal, Joomla, Ghost and many more.
None of these have gained as much traction as WordPress, so much that I don’t consider them as drop-in replacements for the general public.
Astro pretty much does exactly this.
> But I imagine WordPress is far from being displaced, even after everything that has been going on.
Right. But this is because of a very simple, undeniable fact that is unpopular around these here parts:
There is nothing close to as good as WordPress at everything WordPress can be made to do.
No GUI-based CMS not built on PHP can be as flexibly hosted as one that is. PHP is easy and can be secured. There are no real PHP-based competitors for WordPress that are as easy to install, configure or use.
There are no CMSes that can get close to being as good for a bespoke mix of small ecommerce, member systems, digital downloads sales, form handling etc. Hosted or not hosted.
Say what you like about the block editor (personally I think it is an impressive but ultimately ten-year-plus project). But TinyMCE and shortcodes has proved painfully non-robust and there is no other block editor on an open source CMS that gets close to being open-ended enough for an extensible CMS. Gutenberg has some strengths over hosted solutions like e.g. the Squarespace editor.
There is no open-source CMS that rolls out security patches automatically the way Wordpress does, or can do so at the scale WordPress does.
HN people may dislike this, but it has not been out-competed because it is actually basically competent and extensible, and has no real jack-of-all-trades competitors at all. There's nothing with this level of contribution, extensibility, attention to detail, longevity or backwards compatibility.
Personally I think WP Engine needed a bit of a straightener; there are things they should not have done and there are things they could do. But this was not the way to go about it.
The damage Matt is doing, in particular with the "Secure Custom Fields" gaslighting bullshit is among the most depressing examples of willingly setting one's own hair on fire that I've ever seen.
(Edited for clarity, but sorry everyone, I'm waiting for a new coffee grinder to be delivered this morning)
>No GUI-based CMS not built on PHP can be as flexibly hosted as one that is. PHP is easy and can be secured. And there are no PHP-based competitors for WordPress that are as easy to use.
There have been many attempts in the past. Some offered better performance, security, were easier to use, more lightweight, etc. However they all lacked the ecosystem that WordPress provides. They just didn't have the plugins and themes, the webhosters which optimize for WordPress, the developers and companies which are dedicated to developing for, maintaining and optimizing WordPress sites.
Right. WordPress is Windows for the Web, basically.
More enjoyable to develop for, IMO, but otherwise the comparison holds.
I would add that other PHP-based projects have had severe maintainability crises, poorer clarity of design, even worse code quality crises (Joomla, for example), major fallings-out and multiple forks (Joomla again).
WordPress got this far in part because it managed inevitable community fallings-out and egos much better. It's totally depressing to see what is happening.
I would go as far as saying that PHP has developed into a very good OOP programming language in the past years (from C with dollar signs to something more Java like). Frameworks like Laravel and their ecosystems are actively using modern PHP and utilising the newest PSR standards.
The issue is how WordPress seems to be stuck in the ways of the mid-2000's. You can be a "senior full stack" developer in the WordPress ecosystem but you'll hit a wall once you start applying for more general PHP roles as everything from the standard coding style to how classes and namespaces are used are worlds apart.
> You can be a "senior full stack" developer in the WordPress ecosystem but you'll hit a wall once you start applying for more general PHP roles as everything from the standard coding style to how classes and namespaces are used are worlds apart.
I once taught someone to make this jump, who was convinced he would never be able to. It is definitely a mindset change but I think a good developer can do it. Especially since these days, class and namespace stuff and Composer dependencies are increasingly common in plugin development.
I love Laravel (especially with Lighthouse) but I think the hooks/actions model in WordPress is underrated in its simplicity and appropriateness for the task.
(I am not a fan of the standard WP coding style, TBH)
100%! I made the journey myself after finally getting an honest feedback of a coding challenge I did for a job application, but I do think that my own background in other languages and frameworks helped.
I do worry about the thousands of people out there that have no other marketable skill than WordPress and are not going to climb out.
I can't think of another CMS that lets you easily make over $1000 for a day or two worth of work, often times without actually writing any PHP or doing some minimal overrides with filters and actions. Everything is pretty streamlined for the most part. There's stable plugins that have been active for over 10 years that pretty much do anything you can think of. Page builders that output modern HTML and CSS. Optimized hosting ready to go. Secure backup solutions that let you restore everything easily without needing to SSH into a remote server. You're not locked into an obscure language or niche CMS that leaves the client stranded down the road, or with big bills because they needed to hire an Elixir developer for their Phoenix blog they deployed via wasm to fly.io 3 years ago.
> WordPress and Automattic as Subject to EU Legislation
I'm loath to defend Mullenweg but WordPress.com is not 43% of the internet. WordPress (the software) is used by 43% of websites, WordPress.com is used by a few million, making it smaller than Wix, Squarespace and even other WordPress hosts like WPEngine.com. Automattic has no relationship with a meaningful amount of end-user data.
The argument seems to be about specific services like Jetpack, which is not limited to Wordpress.com.
I also don't think it's clear that the legal boundaries between the various entities (the person, Automattic, Wordpress Foundation, Wordpress.org, Wordpress.com, etc) would hold, particularly in the EU and particularly where the beneficial owners are identical or have large overlap.
How does Jetpack play into that?
Wordpress.anything in general must be a data juristional nightmare. Every plugin has access to UGC and could be sending bits of that anywhere.
Author here. I know how the sausage is made.
The thing is that when you set up Jetpack and authenticate, you sync your self-hosted site with a clone that resides on the WordPress.com infrastructure. This is to facilitate the backend services that Jetpack provides.
This is needed for things like the Elasticsearch index and all sorts of things.
So, say you do your best to make your site compatible with your local privacy regs because you may be taking medical appointments or if you are selling adult toys on your WooCommerce site and some genius installs Jetpack, personally identifiable information makes to non-EU controlled and hosted infrastructure.
We may go as far as saying that Automattic is pushing the liability from themselves to you as a site owner. (In other words, you are responsible for your own customers' data but not them.)
There are certain requirements for GDPR compliance that I still have a hard time seeing as being fulfilled. (And I did work in GDPR compliance projects before moving over to Automattic and have discussed this with people in the data privacy and security scene that have raised their eyebrows over the whole thing.)
It is very strange to go from being proud of working on this and then not being able to recommend using it for much other than the CDN that doesn't require the sync process.
Jetpack the plugin does not send end-user data home, only Jetpack the paid service does that, the customer base of Jetpack is small. If a plugin's theoretical access to user data is enough to cause GDPR responsibilities for the developer that would have broad ramifications across the world of open-source, as code written by some developer in their free time is being used by every company.
This is factually incorrect. Jetpack, even the free version, sends all sorts of data over to Automattic. Automattic has access to the details of any site running Jetpack. This may have changed with the shift to modularized separate plugins but prior to 2022, there was a ton of data being sent to Automattic.
I think you still need the sync to happen to use any of the modular plugins.
Hi Bullenweg. If you reach out, then I'll tell you one or two things on how the sausage is made.
Can someone explain the whole drama of all of this? I have heard of “Wordpress” and I have heard of “WP Engine” and I have heard that .com and .org are apparently not the same thing. But other than that this feels like walking into someone else’s family argument halfway through it.
I don’t know what “side” to be on, nor what those “sides” even are.
A really good primer on the whole background is LWN's recent "The WordPress mess"
https://lwn.net/Articles/991906/
They have a follow-up "WordPress retaliation impacts community". It's currently subscribers-only for another week, but they do allow subscribers to generate free links provided subscribers don't abuse that - which I don't think this should count as?
https://lwn.net/SubscriberLink/993895/8482b183b2dcb418/
Basically WPEngine vs AutoMATTic (emphasis mine)
WPEngine is private equity(I personally like their founder, find his talks)
Matt seems to be a founder gone crazy(I don't know much about him)
.com and .org are both controlled by Matt.
.com is Matts business side .org is Matts non-profit side
WPEngine is another company
All of this seems to be very unfortunate. Even if Matt has valid claims, he seems to have shot himself in the foot, and lost community support.
His management style (which I'd go as far as calling it a belief system) simply does not scale, just like the BDFL model. It must have been great to work there when the staff count was around 30 or so, but not at a figure headcount.
I am worried that he feels like he's losing the grip he has on his holy trinity of corporate entities and that he'd rather burn it down as he steps down than letting an actual open-membership non-profit or a consortium take it away from him.
I think this is the first instance of a big "open source company" where it's getting competed by another company using its very own product. That's essentially the gist of it. Matt/Automattic made WordPress and (ehm) using open source as a distribution strategy. WPEngine is trying to profit from the product (the license does permit it). As they got too big, Matt now wants to get them out of the market.
Matt didn't "make" WordPress. He started the project, which was based on another piece of software, with his friend Mike and now thousands of people have contributed to it in one way or another.
I actually doubt there's much left of Matt's own code besides some of the crap that should be removed, such as hello.php.
> What not everyone knows is that those sites are mirrored over to the WordPress.com infrastructure, including WooCommerce customer data and purchase histories — and that infrastructure is as far as I understand the GDPR — not compatible with European privacy regulations
Yikes. Not surprising in this age of data hoovering, but definitely sketchy and likely illegal in the EU. I guess it follows the other point about Automattic ignoring laws outside of the US
I might be wrong but the impression is that every US company tries the same, with different rates of success, And I don't only mean SaaS companies, or even IT. And I also don't mean unknowingly, but actively trying to impose their usual ways.
I still find it confusing that you can both claim to be GDPR compliant and also that only US law apply to your operations. Automattic was also claiming compliance via the EU-US Privacy Shield which had already been made invalid by the European Court of Justice for a while.