Alternative spin, WP is one of the most battle hardened CMS available.

Tongue in cheek, but genuinely as well, it is probably the most attacked CMS platform on the internet. That not every WP site is taken down by the automated attacks they all get means they must be doing something right.

When you include plugins and themes — which is a must because that is how WordPress gets used — the ecosystem as a whole is a security shitshow. Many popular plug-in vendors have abysmal security records. You don’t need to find a vuln in core WordPress to pwn installs.

If you haven’t actually tried to do something professional with Wordpress, you might think this description is over the top. But it actually undersells how bad it really is.

To all the haters in this thread: Pull requests welcome. Til then, stop spreading fud. WP security is fine.

No, you’re wrong! We’re going to implement our own custom CMS in Rust using WASM and deploy it to 5000 edge servers for our local brochure business website that needs a little bit of functionality and has a small budget with no technical experience.

I really don't understand how hackernews is full of "technologists" who cannot comprehend the cloud and who have no idea why tools like Wordpress are so powerful. I swear, if HN popular opinion was mainstream we'd all be pushing code to virtual machines using SSH and everyone would just accept that This Is The Way. It's amazing how wildly out of touch this community is with modern development practices and patterns. If it wasn't for the rare actual expert opinion on current topics this entire site would be no better than TikTok for technology. Scratch that. TikTok also occasionally has experts providing valuable insights on important topics.

Anyone would be lucky as fuck to have the success and influence of Wordpress and yet we have clueless folk who speak of it as a cautionary tale.

you must be going to some different hn site.

overall i find it balanced. certain topics will draw certain vocal crowd more and then it will look unbalanced.

on the other hand it's really funny to see "modern development practices and patterns" mentioned in a topic about WP.

are you sir one of them expert technologists from tok tik?

i agree that WP is a cautionary tale but one thing they got really well: never do a rewrite from scratch while being the top dog. it must have been hard to resist that siren song and now we'll have WP till the heat death of the universe.

In my opinion WordPress can be compared to Windows. Not just in terms of security, but everything.

WordPress is the Windows of content management systems.

They both are widely used, have an outdated architecture, are keeping compatibility above all, therefore don't innovate, are very extendable, can run almost anything, and are the go-to for many people.

It's up to you to decide, if these are good things or bad things.

This is what Craigslist did in the P2P space.

Except CL squandered the opportunity to rebalance the power dynamic between landlords and renters.

Then, its continued reluctance in many fronts fragmented local P2P into a dozen marketplaces, greatly impacting its own marketplaces’ liquidity.

At this point I think Wordpress is doing more to sort itself out than CL.