1. Steve

    What a superb articles, thanks Sarah

    Distributions are a funny beast in the Drupal world. They have big name recognition and generate a lot of ideas that end up in the core. But only about 1% of Drupal sites use a distribution. They’re kind of clunky and hard to maintain.

    I wonder if WordPress distributions would be any easier in real-world usage?


  2. Alec

    Great article Sarah. Thanks for sharing information about this important shift in the publishing world which affects all of us who work with WordPress.

    For WordPress to regain the publishing market, WordPress has to stop focusing on consumer marketshare and start to focus on being more useful to businesses. As I’ve said at great length, never ending updates and update pressure do nothing to endear the WordPress platform to anyone building serious tools or managing a business.

    WordPress/Automattic should not be wasting money and diluting itself with VC floats to fund advertising to consumers. WordPress has more than enough visibility. WordPress needs to be more stable and more secure to attract more (serious) users.


    • Miroslav Glavic

      WordPress itself is stable and secure. Most hacks are due to crappily coded themes/plugins or not up to date WordPress+plugins+theme installations.


      • Alec

        Cars are not dangerous. It’s only transport trucks, speeders and drunk drivers that cause road fatalities.

        WooThemes, Elegant Themes, EWWW Image Optimizer, Yoast, WordPress ImageMagick integration have all faced major security vulnerabilities in recent memory. All of those companies include serious WP professionals on staff. WordPress is not a religious question but an issue for grown-ups running businesses on what is an inherently dangerous platform, the open internet.

        You are aware the WordPress itself is porting security fixes to versions as far as back as 3.7.14 (last updated May 6 2016)? The whole argument that one has to run the latest version of WordPress every minute is just propaganda to force business clients to spend more money on their websites (as almost every major upgrade requires lots of testing and a fair amount of troubleshooting on sophisticated sites).

        Sticking one’s head in the sand doesn’t make a problem go away. If WordPress/Automattic won’t take security and stability seriously, someone else will (like Jeff Bezos and Arc for instance.


  3. Ryan

    As a WordPress developer for new publisher I fully support (and would contribute to) a community driven project of this nature.


  4. Ioannis

    Great, thought-provoking article! A unified WordPress solution for small or medium-sized publishers would be an awesome idea that could also be viewed in an even broader sense – i.e. offering starter packs for other types of websites too.


  5. Tomas M.

    It is interesting, if Arc is based on WP, does it mean that it should be licensed as a GPL product?


    • Ryan McCue

      As noted in my comment below, it might be GPL’d, but that doesn’t say you have to distribute it. All it means is that whoever has access to the software must be given access to the source. For PHP software, that’s almost always automatically the case.

      In this case, Arc is an internal product used at WaPo and owned by them. They’re under no obligation to distribute the software or source to anyone else.

      (If they had a self-installable copy they licensed out, ala GitHub Enterprise, they would have to include the source; they could still choose to charge for those copies though.)


  6. David Coveney

    I talked about the concept of WordPress distributions being a thing way back in 2009 – https://interconnectit.com/blog/2009/11/14/wordpress-distributions-are-the-future/

    But after a while I came to the conclusion that without core project support, a distribution, like OpenPublish for Drupal, would eventually wither on the vine. Not because there’s anything wrong with it, but because fundamentally people generally go looking for the core and then for people with the capabilities to implement the differences they need.

    We have our customer base and our toolset made up of open source as well as closely guarded plugins from which we build a standard starting point for websites. To all intents and purposes, it’s a distribution of WordPress. Most companies like ours do the same. And if a plugin comes along and does a better job than one we’ve built, then we drop that and take on the third party – especially if it’s well supported and financed. So if you hire us, or Human Made, or Moove or Crowd Favorite… you’re probably getting a distribution of sorts. If you use WP VIP services, it’s the same – it comes with a suite of plugins that can be leveraged to provide functionality. And a lot is aimed at newsrooms, and many are buying.

    I think the problem is solved. It’s just not turnkey.


    • Alec

      Interesting argument if a bit self-promotional. It’s helped clarify my own thoughts. It would be very kind David, if both you and WP VIP services could more actively share back to the community which nourishes you. I’m not sure if Human Made, Moove or Crowd Favorite are hoarding software so I won’t include them in that list.

      Where I work we do share our core code. And that’s a matter of policy. What we don’t want to share we don’t tag with GPL (and have been banned from years of WordCamp presentations for a single non-GPL pro plugin – even though the free version is GPL). Private code hoarding is apparently acceptable, even encouraged, both technically and socially. Strange world we live in.

      A shared distribution which is more focused on secure publishing would be a fabulous project. It would need leadership though and from people who are publicly minded. Our BusinessPress project leads in this direction (providing one place to turn on and off all the hidden preferences in WordPress, basic branding and basic fail2ban security integration) but is more focused on SMB sites and not publishing workflows specifically, although BP could easily provide the foundation for publishing improvements. WordPress should be about sharing code and not hoarding it. Sharing is where we all started. Sharing is what makes all this possible.


      • David Coveney

        Wasn’t really meant to be self-promoting, but you know how it ends up – becomes automatic probably! You’ve mentioned your projects too. It’s kind of hard not to, right?

        We do share a lot of stuff, but we have a few things we keep to ourselves. It’s still GPL though, and that’s what our customers get. Perfectly and entirely within the spirit and intention of the GPL. We don’t put some of that onto Github or WordPress.org because you wouldn’t believe the support overhead a popular plugin can generate – and if there’s no revenue stream (there often isn’t) then you end up with an increased cost. Especially when some of that code needs to be implemented with care or you’ll end up bringing your site down. Documenting and testing in a way that’s suitable for a general public user is a *big* undertaking, and they do find your github repos eventually.

        Lots of WordPress.com’s stack is closed away from the world. They’re never going to switch to Affero. There’s a reason why – it’s viciously hard (but not impossible) to make money from publicly released GPL code and you immediately equalise yourself with your competitors. And sometimes, to protect your investors and your staff, you have to keep some things secret. It may not be the best thing for society as a whole, but sometimes a balance needs to be struck.


      • Ryan McCue

        I’m not sure if Human Made, Moove or Crowd Favorite are hoarding software so I won’t include them in that list.

        I can’t speak for the others, but almost all of our “platform” (standard plugins we use on sites) are open source and available for everyone to use. We’re in the process of writing up exactly what we use on every site properly so others can take it and run, but they’re all publicly available.

        We do have some parts that aren’t open source, but for the most part, this is just site-specific stuff. There’s stuff we could release though and probably will in the future; just needs to get into a releasable state before we do so. We definitely try and release as much as we can though.

        With all that said though, we don’t have a hugely standard set of tools. Every project calls for something different, so we pick-and-mix depending on requirements.

        Private code hoarding is apparently acceptable, even encouraged, both technically and socially. Strange world we live in.

        I think this is a bit of an apples-to-oranges comparison. The GPL only says that if you’re given software, you have to be given the source code too. For sites created for clients, no one except the client has to be given the source. There’s no responsibility for everyone to be given the source.

        We see the benefits of releasing stuff as open source, which is why we do so, but it’s not purely altruistic.


  7. Kaiser

    The main problem with the “distribution” idea is that people having core commit rights (or release leads) actively nuke any effort to get support for a package manager into core (Composer for example). Every major framework or CMS nowadays uses it to automate builds, tests and have a machine run deployment cycle. Just not WordPress. There are ways around this (see http://wecodemore.github.io/wpstarter/ ) but as all of this happens alongside core, there will be no high adoption rate in the near future and articles like this one will just describe what already happens behind the scenes and do not draft a real world scenario.


    • Alec

      Thanks for the link to wpstarter. Lots of good practices in wpstarter which we like as well:

      WordPress files in their own directory, not in root (so messy on a complex site)
      media files not in /wp-content/: what happens when we all move on from WordPress. Why would one want to make media files dependent on a CSM. It’s a kind of sneaky lock-in.

      I agree that WordPress should include an install script like this as part of core. While Core is focused on non-coder, non-business people (coders can handle complexity, business people hire competent help), there’s no reason not to have a very simple script for neophytes with the power under the hood for developers.

      Very nice. Where do we sign up to lobby for wpstarter or similar to be added to WordPress? Are you at WordCamp Europe later this week (it’s home ground for you).


Comments are closed.

%d bloggers like this: