In a series of Fall WordPress Meetup Presentations – Speed Matters on WP optimization, Mobile Presence on how to adapt new mobile device needs
on client sites in order to address the profound ascendancy of mobiles use on the Web, and New WordPress CSS Views & Tools show how CSS+JavaScript is breaking the WordPress “No Coding Required” mantra.
All of these WordPress presentations could have the same caution – WordPress is changing rapidly. WordPress has morphed from being a simple, easy to use blogging app to becoming the major IT player in CMS-Content Management Systems. WordPress leads CMS usage by a wide margin, backs or sets many software standards, and is a leading IT financial cost across businesses large and small. Here is how a low cost, open, easy to use, “no coding required” blog, membership and shopping app became the agent of change across a wide swath of IT systems.
Confluence of Low Costs+High Performance
For the past ten years WordPress has benefited from rapidly declining hardware costs. RAM prices have have declined by a factor of 10 every 5 years; Hard disk/SSD drives have seen similar declines in costs. And X86/ARM processors used on hosting servers and client workstations have also seen both steady price declines with increased functionality. The Bottom line is that WordPress falling hardware costs have been benefited from similar declines across the Web.
And WordPress also has been the beneficiary of very low, open source software costs – PHP, CSS, JavaScript and HTML are essentially open and free software. Likewise MySQL, MariaDB, PhpSQL, FireBase and SQLite make the biggest chunk of WordPress database engines free and low cost. Ditto for Server engine software from Apache, Nginx, and Lightspeed – all open and low cost server software. Even new JavaScript libraries which are driving advanced UI tools – React, TypeScript, Vue 3 are largely free and open source. So relative to Enterprise vendors like IBM. Oracle, SAP, Google etc, WordPress sits in a low cost sweet spot.
Solid Design Decisions
But this sweet spot is also used by a number of other Website Builders – Wix, Weebly, SquareSpace & Spotify that share many of the same low costs. So it is enlightening to see the comparison among the Website Builders. In the 2013 to 2018 time frame WordPress sprinted ahead of all it rivals:
As the World website users move to CMS systems, WordPress takes the lions share of WebBuilder and CMS market growth. What distinguished WordPress?
There were a set of good initial technology choices by WordPress – an amalgam of HTML, PHP, CSS, JavaScript and not Algol, Basic, Java, C, C++, Python, nor XML. Also users did not need to know coding as most WordPress tools worked well with point and click settings and “No Coding Knowledge Required ” visual page/post/menu/widget/sitewide design. This allowed WordPress developers to effectively implement most applications with the advantages described below.
First early and solid design decisions were adopted by WordPress: open and free code; user selected and customizable themes for program layout and styles; user and 3rd party created HTML+PHP+CSS plugins for adding new features & functions to WordPress. Currently there are 50,000+ freemium plugins available in the WP Plugins library; quick adoption of images, then audio, followed by video and then other media objects stored in a generally accessible Media Library adds to WordPress display features; then allow users to easily create pages and posts with point & click editing using either Visual or Text editors. This is followed in 2013 with the first popular 3rd party PageBuilders, a more powerful UI design tool with drag and drop component layout, WYSIWYG styling options, and prebuilt templates to expedite post and page development. PageBuilders accelerated WordPress market share growth
New Competition
The net result is that WordPress took off as seen in the W3techs chart above. And late fall figures reported by Websitesetup.org confirm the dominant trend:
- CMS Market Share: 43%
- Live websites using WordPress (Global): 30,000,000+
- Live websites using WordPress (USA): 8,923,000+
- Percentage of websites using WordPress in the top 1,000,000: 36.28%
- Sites using WordPress: The Walt Disney Company, Guggenheim, TechCrunch, BBC America
In late 2021, WP Engine wrote a financial report assessing the overall impact of WordPress in the World Economy. At half a trillion dollars WordPress started to attract some serious competition as described in WordPress Under Duress story.
Shortly after emerging as a major player in 2017-2019, WordPress saw new and vigorous competition. For example in early Spring of 2022, WordPress suffered a reversal as their Core Web Vitals scores were the worst among Website Builders including WIX, Weebly, Shopify, and SquareSpace. Also the rival Website Builders revitalized their own package of services. Using their own Cloud Servers, they started delivering much better better backup, security, SEO and performance services. Meanwhile Enterprise Web Developers like IBM, Oracle and SAP also took note of the huge WordPress market and started to groom their own Web Development offerings with LCAP-Low Code Application Programming features. In sum, WordPress had serious new competition from both Enterprise and small business Website Developers. But that was not the only competition.
Competition from Hacker as Hostages Takers
The very WordPress factors that powered its usage and financial success, proved to be vulnerable to hackers exploitation. Because WordPress is used on 30Million websites worldwide, they became targets for hackers infecting 4% of WordPress websites in hackers’ attempts to harvest customers personal and financial info, 2)charge to ransomware or DDOS -Direct Denial of Service attacks for financial or political gains and 3)creating unsuspected stealth outposts on vanilla WordPress Servers enabling hackers to mount the very same bot armies inflicting DDOS and other hack attacks throughout the Web. By 2018 WordPress websites was recognized as a major Hacker resource.
The irony is that the success factors for WordPress: 1)large and increasing revenue streams in hosting, web development and 3rdparty tools & services; 2)reputation for low setup and upkeep costs; 3) thousands of themes and ten-thousands of plugins for extending and customizing WordPress; But in turn these upsides had 3 major downsides. First, low cost and upkeep left support services strapped to met surges in demand. Second, many themes and plugins did not adhere strictly to core WordPress coding standards leaving them vulnerable to sophisticated hack attacks. Third, with so many themes and plugins, overlapping features and conflicting coding left many unnoted vulnerabilities except to hackers who were looking for them. So what has ensued has been a Whack-a-Mole wave of attacks, rushed security fixes to be succeeded by a fresh wave of new hack attacks using a combo of old and new security vulnerabilities. In short, the ongoing costs of maintaining a secure and performant WordPress site were often underestimated.
But perhaps the the most critical Security threat are the Hacking Groups organized as as HaaS-Hack-as-a-Service. These hacking groups work co-operatively exchanging hacking methods and tools as well as stolen company/personal info. The crucial danger is that hackers are now constantly refining their hacking methods as outlined in this OWASP report on evolving hacking methods.
The bottom line is that WordPress shops face a constantly changing Hackers Armory to defend against and protect their own and clients assets. See the list below of WordPress Security risk for detail on the Hackers Armory versus WordPress defensive tactics.
WordPress Security Resources
Colorlib – describe how 4M WordPress site are hacked per year
Sophos– Hacking-as-a -service: The Naughty Nine in 2023 free Security Report
Hubspot – describes the current top 14 WordPress security issues
WpWhiteSecurity -has enlightening stats and charts on WP security flaws
OWASP – List of top 10 ten security risks and actions to control
Wedev.com- What and why Top Companies continue to use WordPress
Rapidly Changing Computing Environs
The fluctuating Web Security risks are certainly not the only computing task subject to rapid change. We have already seen how hardware costs across the board are plummeting and that has been a driver for the rapid growth in the Internet and the move to Multi-cloud Computing by Enterprise and Small Businesses. Statista provides the Internet growth chart:
Equinix cites the rise of Multi-Cloud Computing following in line with the world wide rise of the Internet – Multi-Cloud rises from 71% to 93%-“Indeed, over the next two years, a 45% increase in the number of organizations running more than 30% of their production applications on public cloud infrastructure is expected.” This means that Computing Management is constantly faced with major modifications as to how they do basic IT business.
But Internet usage and Cloud Computing are not the only computing trends to see rapid transformation. Mobile Computing and the associated eCommerce Saleshave seen major changes in the past 10 years. But the biggest uptick has been induced by pandemic usage and buying a seen in the two charts:
Online Retail Sales chart looks a lot like the Internet Growth in usage; but the pandemic spurt is more pronounced in the Retail Sales upticks in 2020 and 2021. In contrast the change in Mobile Traffic share had already occurred in 2012 to 2017. But the follow up in Mobile development tools and methods is beginning to deliver better Mobile device UI software and features.
This is just in time to incorporate changes in adjusting mobile apps for latest social media appeals and popups, refining online sales display and pitches, and bulking up against hacker intrusions – part of the upcoming Mobile Presence Meetup agenda.
Time to Reach Good Decision is Shorter
This review has argued that WordPress and Automattic made solid early design decisions in developing the system that resulted in substantial long term market leadership gains. Likewise other WordPress players like 3rd party Theme and Plugin developers, Hosting Services, and WordPress developer agencies have also managed to make good operational decisions in their businesses. But Time is not Running Out – it is getting shorter.
As we have seen in this review, vital technical and software trends are getting shorter and present complex choices as seen in the proliferation of Mobile devices & channels, new and constantly shifting online target markets, and having to adapt to defending against hack attackers and exploiters.
Here are two examples of how the risk equations are rapidly changing. First, back in 2015 the WordPress Gutenberg Team and the new UI startup Elementor started work on a next generation WYSIWYG, component/block based UI Builder. By 2016 both launched their WebBuilder tools – Gutenberg Block Editor using React.js and Elementor Builder using a Bootstrap and traditional PHP/JS tools. Right now Elementor has 10million+ active users whileGutenberg Editor has 2-3million active users. But now both are faced with tough UI reliability and ease of use challenges such that new advanced startups like Breakdance.com, BricksBuilder.io, and Oxygenbuilder.com with their novel approaches to UI and broad ThemeBuilding tasks may seize UI Builder leadership positions in the new year.
Second, as a developer with two dozen websites, I have stayed loyal to shared hosting services like SiteGround and A2Hosting. but the lower cost, performance advantage and security protections of Cloud Computing like WP Engine and Cloudways among others have to be assessed. But to add complications, some clients insist that VPS-Virtual Private Servers are the way to go. In light of the short time horizons, the following advisory comes to mind – Computing Decisions should be done as Emergency Room Triage – use the immediate tests and evidence to choose a current strategy; but monitor pre-acknowledged measures that may trigger a change in strategy. Wow, Computing Contingency Theory.