Slashdot Mirror
WordPress Now Powers 30% of Websites (venturebeat.com)
WordPress now powers 30 percent of the web, according to data from web technology survey firm W3Techs. From a report: This represents a 5 percentage point increase in nearly two and a half years, after WordPress hit the 25 percent mark in November 2015. It's worth noting here that this figure relates to the entire Web, regardless of whether a website uses a content management system (CMS) or not. If we're looking at market share, WordPress actually claims 60.2 percent, up from 58.7 percent in November 2015. By comparison, its nearest CMS rival, Joomla, has seen its usage jump from 2.8 percent to 3.1 percent, while Drupal is up from 2.1 percent to 2.2 percent.
Since Bitcoin seems to be in the cross hairs for how many CPU cycles it wastes, has anyone computed what Wordpress environmental impact is?
How many countries power grids does it take to serve all of the Wordpress sites in the world? How many people actually need a fully dynamic website?
I'm glad to see that static site generators are making a comeback. I have more than enough computing power in a $5 VPS to host nginx serving static content.
Isn't it 30% of blogs sites? (i.e Drupal, Blogger, Ghost, etc.) This type of statistic has come up before and it just doesn't really hold up. It just doesn't make any sense when you look at the sheer number of websites with custom content management engines or which use big commercial software like CQ, Teamsite, etc.
IMHO, WordPress is the Windows of the CMS world. It is a frighteningly poor security record and it is just bloated and not admin friendly at all. If you need a good blogging platform, check out Ghost at http://www.ghost.org./ Rather than using PHP, Ghost uses Node.js. Ghost is also much easier to create themes for. Furthermore, Ghost is leaner and uses markdown language for blogging.
And no one else.
The Turkey waddle McConnell/Weird Boy Ryan treasonous love affair is ending. Tree huggers hold hands. Your time is near.
In other news...
"30% of the website is vulnerable"
Is that because it's taken 20 years to realize that most of the web is self-grandizing BS? We've had services like this before but in its infancy people thought they'd still be able to make something that no one had seen on the web. Thankfully that spike has passed and now we've gotten a reliable service for people to set up websites with just enough info on them for people to be contented.
Peak web... love it
Don't even deserve mention? Sure they are paid platforms but even Wordpress sites have to pay for hosting
I haven't been to a wordpress site in like five years. Maybe I got cut out of society. Likely.
I can confirm the temptation to use a CMS like Wordpress for sites that change content frequently is strong. (We ended up setting custom build scripts on a cron job for Sphinx.)
IMHO, WordPress is the Windows of the CMS world. It is a frighteningly poor security record and it is just bloated and not admin friendly at all.
I hate to break the news to you, but WordPresses Security Track record is actually pretty good, despite being an unbelievable hodgepodge of spagetticode (initially) built by amateurs. It powers north of 130 million websites and the last critical security breach managed to infect 8000 websites before it was fixed and contained. That is less than 0.002 percent of the live installbase. I don't know any Java system with that could stand such an exposure with so little impact. WP is being worked on day in and day out by a massive army of hobby and professional developers and that makes security breaches way less a problem than with some obscure system that theoretically is more secure but falls flat on it's face when a critical breach takes 10 days or more to fix, let alone to find.
By now most hosters and CDN services have atuned their offerings to the behemoth that is WordPress and can smell attacks on WP from miles away and prevent them before they even happen. In this regard WP actually has an advantage, as it is a popular target and this quickly exposes malicious IP adresses and breach-vectors.
As for being admin friendly: This is where WP shines, at least in the Dashboard. No other system is so easyly adopted by n00bs than WordPress. Any dimwit can operate an WP installation within 5 minutes of catching the first glimpse of it. Coding an extension or a template for WP is a walk in the park compared to anything else out there - which is a) why it's so damn popular and b) there is so many plugins that are so unbelievably shoddyly developed it would blow your mind if you looked at the code. And yet any n00b can find a specific task that need to be adressed, whip up some PHP and sell it as a plugin and make some money on the side. Yet another reason it's so popular.
Long story short: If you'd look at WP code alone you'd bet your right arm that this mess has no chance in hell of becoming the worlds leading web cms. But look at the big picture and it's easy to understand why it rules these days. That's also because everything else out there in the PHP space falls way short in comparsion and that sure as hell also goes for this dead-in-the-water Ghost Blog thingie built on top of node that is still a toddler that is wet behind the ears compared to LAMP.
My 2 cents.
We suffer more in our imagination than in reality. - Seneca
70% of the shallow useless un-fact-checked worthless time wasting nonsense on the internet.
What percent of web traffic is this? Are all these Word Press sites actually visited?
-Dave
Until it gets to 50%. Then the EU can tax it.
Wish I could mod you up!
As for being admin friendly: This is where WP shines, at least in the Dashboard. No other system is so easyly adopted by n00bs than WordPress. Any dimwit can operate an WP installation within 5 minutes of catching the first glimpse of it.
This is true. It also helps that many hosters offer "one click installs" of wordpress and lots of plug-ins.
Just like with NT: It can be, and usually is, administered by an idiot.
Me, I built my own system out of make and awk; it generates static HTML and dumps it where the shipper can move it to the hoster. It only runs when I change anything, not for every pageview. For my content it works fine, and for most useful content on the 'web it'd be sufficient. But it isn't if you want "clickibunti". So we waste cycles and other resources on oodles of fantasically bad code instead.
I think the crux of the problem, just like with PHP's genesis already, is that the people interested in doing (something like) it weren't actually remotely suitable for the job. So their works remain fine examples of sufficient thrust to make pigs fly.
This assessment stands even if other people managed to produce even worse crap.
That's also because everything else out there in the PHP space falls way short in comparsion and that sure as hell also goes for this dead-in-the-water Ghost Blog thingie built on top of node that is still a toddler that is wet behind the ears compared to LAMP.
True enough. It's the best you can have in PHP space, but that doesn't make it good. So the "windows of CMS" still pretty much stands. Okay, minus the arrogant heavy-handedness and institutional shiftiness we all know and love from redmond and its emeritus chief crook who's now moved to making money through his charity foundation. I'll give you that.
99% of WordPress sites should be set to cache the HTML produced for several minutes, so performance wise it's almost like a static site. There are multiple good ways to do thag. If you have a WordPress site and haven't done that, it's definitely something to look in to.
Things have changed since 10 years ago, when my dept. admin told me "every time we have used 3rd-party PHP, we've gotten hacked." :-P
Um.. what? You admit yourself that WP's codebase is garbage, and then claim there's nothing better?
Silverstripe also has a great & intuitive admin UI, and the code is about a million times better, proper MVC OOP with a great extension system that encourages horizontal code reuse (eg composition over inheritance). Our clients and devs all love it to death, it's a joy to work with.
I have worked with "the big 3" WP, Joomla, and Drupal (and plenty of others). Silverstripe blows them all away.
"Mind, as manifested by the capacity to make choices, is to some extent present in every electron." -Freeman Dyson
As for being admin friendly: This is where WP shines, at least in the Dashboard. No other system is so easyly adopted by n00bs than WordPress. Any dimwit can operate an WP installation within 5 minutes of catching the first glimpse of it
This is exactly it. The promise of technology that I remember from the 90s was that anyone would be able to stand up a simple static website for their antique store or tractor repair shop without becoming domain experts in LAMP. These aren't necessarily dumb people (although some are pretty dim), but they are fairly ignorant of all things tech related.
Instead, some forces appear to have pushed us into a place where many organizations feel overwhelmed and either hire contractors (which turn out the same garbage) or just don't adopt the latest technology.
WordPress is one of the few forces pushing in the other direction, trying to democratize technology into a tool that anyone can employ.
When all you know is wordpress, every job leads to wordpress.
I've done a lot of it for money and it's kludges all the way down. There's a self sustaining mass of "devs" who know nothing else and sell it to the unsuspecting as the "professional way to do marketing". For out of the box river of news blogging it's okay. For everything else it's wrongwrongwrong.
Silverstripe blows them all away.
Thanks for the recommendation! Every time I'm forced to use WordPress, I feel dirty, as though I'm using some framework that's written by a shadowy gray market powered by child labor and stolen credit cards. The WordPress admin interface is amongst the worst I've seen, and the "ecosystem" and marketplace of plugins is mostly garbage riddled with gaping security holes.
Chris,
IMHO, giving up on Joomla was a mistake since it matches with your brain perfectly!
http://ibb.co/mRVSaG
I totally agree that Wordpress is a 'hodgepodge of spagetticode'. The only way I've used Wordpress in the past is during my courses Secure Web Development, to show students how not to write code. After so many patches, Wordpress' code may be secure. But what makes it insecure is that it doesn't provide a solid base for plugin developers. It doesn't support, encourage or enforce plugin developers to write secure plugins. So, while many people only blame plugin developers for Wordpress, I also blame Wordpress itself and its developers for it.
Secure code is one thing, provable secure code is another thing. Provable secure code allows you to easily and quickly prove that changes to the code, which is what plugins do, don't affect the security of the code. Wordpress' code may be secure, it's definitely not provable secure code. And provable secure code is definitely what is needed for a piece of code that powers 30% of all websites!
It doesn't have to be like this. All we need to do is make sure we keep talking.
Which doesn't mean that they satisfy any sort of fire code or building standards. Popularity isn't everything.
As a case example of why Wordpress is rubbish. It took them until PHP put the mysql module (not mysqli) in depreciated state, for them to actually fix ANY of the issues regarding mysql, and there is still no abstraction. Not that Wordpress doesn't need yet another layer of bullshit for bugs to grow from.
Depreciate means "decrease in value."
Please people, don't use that crap... program for yourself
This is interesting. A mass deployment of basically a turnkey system. I'm very against any turnkey solutions in computing. Mainly because, since it's turnkey, if anyone finds any vulnerability on any installation of the turnkey, every other installation is also vulnerable.
They might be easier to set up and use, but they're also easier to hack. Some might come back with the argument as a turnkey system, there's a lot of eyes on the code, so that should cut back on vulnerabilities over non-turnkey installations. I call BS on this.
Avoid turnkey systems, roll it yourself. Be intimately familiar with all the code and supporting infrastructure your system is using. Turnkey is a two way street, easy to implement, easy to find exploits for.
I've done that enough times that sometimes I do something like:
debug = on if date() 2018-03-07
Or more frequently:
debug = on if REMOTE_ADDR == '36.73.26.37'
Also I'll use the "at" command to turn the firewall back on or whatever.
This is hardly a surprise. If you have an extremely high volume website, you don't use a CMS, you custom build everything. The next best thing is something that has a sane development cycle, well documented API, and logical design. The development cycle is well established, unlike other CMS's, it doesn't break a lot from cycle to cycle. Its API is well documented. There are no "surprise secret" areas, there are no major variations on the fundamental programming language (PHP). There are other CMS's (Typo3/Drupal) which are extremely poorly or completely undocumented, except for minor use cases. Drupal has an API that changes radically from version to version. Build once, and you are stuck on that version forever, unless you want to start all over (from the very beginning, throwing all previous work away). All of these major problems are largely avoided with Wordpress. You can either use the given API as it is, or add your own custom PHP, following standard normal "no secret libraries" coding styles, and either way works well. It's no surprise that 30% of the web is powered by Wordpress.
I've been looking at setting up a WP site for a friend who owns a hotel. Getting a basic site with a nice theme and some content is fine, but he wants a booking system too. Being a small hotel he can't really justify spending a lot on the big commercial solutions. At the moment he manages bookings via email and a spreadsheet.
Any suggestions for that kind of thing?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC