In a conversation at WP Tavern (a Matt Mullenweg official property) about the problems with maintaining recent WordPress versions (say anything post 3.7), a very lively debate took place about whether major new features in WordPress should come enabled by default with no option to disable them.
The feature in questions was oEmbed this time but it could just as easily have been emojis or XML-RPC (which recently took thousands of WordPress websites down in a major hack exploit).
The large group in favour of offering a preference to turn off oEmbed was shouted down by paid WordPress establishment figures parachuted late into the discussion. In their own words, there is a way to turn off features: finding, installing and maintaining plugins:
If you want to disable XML-RPC (and I’m cool with that) then it’s just one line of code in a plugin or your theme’s functions.php file. I had to look at a plugin to find it myself. I also knew it was one line in a plugin; I looked at it before….I’m going to skip the privacy conversation and just point out that Emoji is a little more lines to disable but that’s simple too. Look at the source for this plugin.
Otto wrote a plugin that will not only disabled them but replaced them with original the classic smileys.
The point I am trying to make is that each time WordPress adds a new feature or enhancement, there is always a way to disable it in code, if you feel the need to do so.
So that’s three more plugins (a lean WordPress site should be running fifteen or fewer plugins) just to get to zero. That’s an afternoon (or two if you don’t have much experiences) of research to be able to get to zero on a single website. The final recommendation is for publishers/users to code their own plugins to be able to disable unwanted features:
You might want to write your own short custom plugin. Something small with just a description and the PHP code to do those things you want….You’d take that small custom plugin, drop it into your installations, activate it and POOF! you’re done. It’s even easier with WordPress multisite, just drop the file into the mu-plugins directory. In your case (and others) a little code to maintain isn’t a bad solution.
So if you want to be able to turn off unwanted features, you need to become a developer yourself. Unloading maintenance on your users and publishers is not very friendly when a simple advanced options page would do the job.
Jose wrote this approvingly in a symbolic last comment left standing:
Cool feature! Like many features in WP, if one wants to disable, you just have to do the proper research on how to do it.
More maintenance is easy to say: especially when your WordPress website is not online. I’ve noticed a lot of cheerleaders for more features and less ability to turn them off don’t have many real sites (supporting viable economic activity or at least updated regularly) to care for.
The solution was to install a plugin to disable the feature! What is wrong with just having a checkbox to disable features?
The discussion about offering on/off checkboxes was shut down by the moderators by threatening, banning and silencing those who spoke up against implementing oEmbed with no simple checkbox to disable it. Anyone who spoke up against turning everything on by default was called a troll or banned.
The “many” are just the tavern trolls, that like to troll but never to actually participate in anyway in the development, and in open source if you do not participate in the development then you just don’t count.
WordPress core developers and their apologists have completely lost the thread. No wonder they are now afraid of open discussion. In that same discussion, I wrote the lunatics had taken over the asylum. It’s that and worse.
Why should I or any small publisher have to do three days of research in order to be able install WordPress in a minimalist configuration with no external services (hello Jetpack and Gravatar and Akismet), no unnecessary plugins (Hello Dolly and the rest), no advertising clutter (Automattic’s feeds into the dashboard) and no extra features (like oEmbed). What happened to “fewer features as a feature“?
There should be a simple preferences page which enables and disables all the crap in one place.
Why isn’t there such a page?
- Arrogant self-centred core developers know that most of their “exciting new features” would be disabled.
- Matt Mullenweg wouldn’t get free advertising and free registrations (hey Matt, remember us we built the software and we build the audience: they don’t belong to you. If you wanted to be a second rate Mark Zuckenberg with forced registration everywhere and spam following your users 24/7, you should have told us about that up front).
Matt Mullenweg in San Francisco in 2013. Despite the trendy beard and long hair, Matt appears to be aging pretty quickly. The sparkle has gone out of his eyes. Dishonest dealings like treating people as suckers has a tendency to suck the lifeblood out of you. In fairness, good hard work can do it too. Which is it in this case? We the small publishers using WordPress will have to decide.
What’s going on behind the scenes? How could WordPress let this happen? For the current crop of core developers is that the prestige is in forcing your features down the users throats. You have a feature in core. When you get that status you are made man and can double your billing rates and gun for big agency lead positions.
What any of this has to do with helping users and building better software is a mystery. Well actually it’s not. Adding features which can’t be turned off has nothing to do with building better software or helping users.
WordPress is a project gone completely off the rails into spyware (Jetpack, Gravatar and Akismet all sell your data to third parties via Automattic) and featuritis. Just maintaining a simple WordPress site involves dozens of hours of updates and conflict resolution now. Keeping WordPress running well has turned into the nightare of maintaining a video edit station on a Windows NT box.
Sadly the developers want it that way because that way we can milk you poor sucker small publishers and users for thousands of dollars a year to maintain your sites which haven’t changed in six months. If we (they) didn’t keep changing WordPress, there would be no reason to keep expensive WordPress consultants on retainer and even less reason to spend thousands every month on VIP.wordpress.com (minimum monthly spend $2500).
WordPress security has become a billion dollar business! Instead of adding features, WordPress should be concerned about how to make WordPress (much more) secure out of the box. Including a standard Limit Logins routine would solve a huge number of problems (the one good Limit Logins plugin with 143 five star reviews and over a million active installs has not been updated in two years and so is invisible to users, while the one you can find is crippleware with settings you can’t change to force you to upgrade to pro).
The Limit Logins plugin on the top left has +4000 users and lots of negative reviews, while the good one with a million plus users has been made invisible: progress. Another drop in the steady monetisation of WordPress. Safe limit login functionality should have been in core WordPress long before emojis or oEmbed.
The Limit Logins plugin on the top left has +4000 users and lots of negative reviews, while the good one with a million plus users has been made invisible: progress. Another drop in the steady monetisation of WordPress. Safe limit login functionality should have been in core WordPress long before emojis or oEmbed.
Other simple small tweaks easily made in core like forcing publishers to choose a custom name for the admin account and turning off XML-RPC by default would go a long way to fixing WordPress security. Why are we not making it easy for small publishers to be safe?
Frankly all of this treating publishers as suckers and marks makes me sick to my stomach. I’m tired of facing our clients and forcing them to pay many hundreds if not thousands of dollars (depends on the complexity of the website) every year just to keep the damn thing running the same way it did last year. I’m ashamed to be a WordPress developer. I’m ashamed to have helped sell people on this scam.
Somebody has to change this and perhaps somebody will. Please sign up for our newsletter at businesspress.eu to help show support for a stable and secure WordPress and to get early access to just such a WordPress when it’s ready.
Alec Kinnear
Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.
This is an interesting article and as a new WordPress user, has alerted me to a few things to watch out for. I also agree with your suggestion that new features should generally not default to On.
However, I think you might unfairly be claiming the login limit plugin is invisible. If your search term is “limit logins” it is not found. But maybe that might be because the word “logins” is not in the name of the plugin you are searching for. otoh, if you search for “limit login attempts”, it comes up as the first choice.
You also ask for an Advanced Settings page to simplify turning off features that are not wanted. I agree with this, if only for testing things or comparing one setting with another. If these things can be turned off with a plugin, surely someone with appropriate skills could write an Advanced Settings plugin to do exactly what you are asking for? From what you say, it sounds like it might be extremely popular.
Hi David,
Thank you for your thoughts.
WordPress.org has a deliberate policy of hiding older plugins from search. Searching for limit login isn’t enough to get the right plugin up. Curiously you are correct “limit login attempts will bring it back (perhaps the filter is turned off on more than three words).
We are writing that Advanced Setting Plugin now. It’s a make work project and we would all be much better served if:
WordPress unfortunately has become a very unhealthy project as the developers who were all building something cooperatively for free have started to become envious of the sharks circling WordPress like Envato or Chris Pearson. Matt Mullenweg now needs to be a billionaire (he used to be take it or leave it) and so he needs to exploit users and grow revenue (in what is supposed to be a non-profit project).
These are deep problems and I’d rather solve them within the community but at some point someone has to stand up and say this is enough, you are misleading people and stealing from publishers when you should be maintaining a stable and secure platform from which publishers can create or do business.
The big companies who would have spent $20K on custom CMS anyway, I don’t worry about. It’s the individual creators and small business owners who are now put through millions of man hours and billions of dollars of makework maintenance which deeply offends me.
We’ve been patient for years on these issues, contributing to WordPress, both sponsoring and presenting at Wordcamps and maintaining commercial grade plugins (WYSIWYG, SEO, antispam and front end comment moderation). If WordPress is alienating long term developers as committed to open source publishing as we are, there’s lots wrong.
I hope the community can solve it together. A solution would start with dialogue, not censorship and diktats.
I suspect that for searching, we are all spoiled by Google. Google seems to be able to work out what we want even if we phrase it badly. Few other organisations can get any sort of accuracy (cough, cough, Facebook cough).
What is probably needed is for WordPress to improve their search algorithm in two ways: (a) to allow for popular plugins that are old to rank higher, and (b) to allow variations of words to match (eg, logins and login). I remember reading once a bit of wisdom that went something like: Do not attribute to malice that which is more likely to occur due to incompetence.
I am pleased to see that you are working on the plugin. I hope you will post here when it is ready.
I used to think that about malice but when I saw what Matt Mullenweg controlling owner of the WordPress intellectual property (albeit via a foundation he controls), did to Chris Pearson (creator of Thesis) over the thesis.com domain, I changed my mind. Whether Chris Pearson is a talented designer or a selfish, annoying and arrogant fellow whose approach to development is ludicrous (a single one true theme for all websites) or both, it doesn’t justify a frontal attack on his business. When Matt Mullenweg bought Thesis.com for $100,000, this is $100,000 less dollars to go into WordPress development, Wordcamps and open source.
If you read carefully the WP Tavern article, you’ll see that Chris more or less proved cybersquatting yet the panel ruled in Automattic’s favour on a technicality (Chris didn’t explicitly demonstrate show that Automatattic had been forwarding Thesis.com to WordPress.com though Automattic admitted to doing so). This looks to me like back room politicking and maneuvering. Around here the influence would probably have been done with straight cash, but in the US it would be banking future favour with a billionaire. In both cases, it is applying the law unequally.
There are so many aspects wrong with this action:
While Chris continues to suffer from this blow, after seeing this behaviour many people’s opinionof Matt Mullenweg has gone way down. Mine included.
When Jeff Chandler over at WPtavern still had his independence he held similar views about Matt’s behaviour towards Chris Pearson (believe it or not Jeff sold out his fantastic tavern for all of $14,000 as it was the highest price on the market, Yoast had almost grabbed WPtavern for half that much: whatever these WordPress billionaires and millionaires are, they are certainly aren’t generous).
More recent malice includes pushing all webhosts to include Jetpack with the default WordPress install. How pushing Jetpack into WordPress helps anyone but Automattic is a mystery to me. Matt has totally lost the spirit of what we are trying to build with WordPress: a simple, easy to use, independent publishing tool.
It doesn’t matter how many people use WordPress and pushing up the adoption rate. The adoption rate is plenty high. What’s important is that WordPress is most secure, low maintenance and easiest to use publishing tool. If it meets those criteria, adoption will take care of itself. Without hype. Without spyware (WordPress as configured by default now, spies on your use of the tool). Without forced external services (Jetpack).
WordPress is headed for a cliff and Automattic has slammed their foot down on the gas, while a good contingent of users scream for someone to hit the brakes.
Interesting article, I appreciate your forthrightness.
I’ve recently been working on a website and purchased a theme from ThemeForest as required by the client. The theme looks simple but it struck me that it’s actually surprisingly complicated to use once you’re in the dashboard, and packed with features and plugins that don’t quite seem necessary – at least not for me. It’s as if the theme has been “over-developed”.
And for someone like myself who prefers clients to perform routine maintenance and content updates themselves (as mine tend to be small businesses) this is somewhat problematic and will likely increase my support burden and their support costs as a result.
I’m still fond of WordPress and prefer it ahead of Wix and Squarespace but I might start to look at other options more closely.
I recently took a look at Wix. There were issues loading anything in a browser with javascript turned off. Then I looked at the source code. A real mess.
Web developers appear to have lost the ability to code simple working html models. I have a similar issue with a heating system in one of my properties: it’s in a cellar where electronics struggle. An old fashioned gas water heater ran there without issue for twenty five years. A three year old heater breaks down several times winter.
WordPress needs to be forked into a low maintenance stable version before Matt Mullenweg finally drowns the baby.
As the maintainer of b2evolution (a very distant relative to wordpress*), I was glad to read this.
We often get feedback that we have way too many options and way to many checkboxes (including one for XML-RPC which is disabled by default).
I keep telling people that everything needs to be configurable through the back-office and that more core features saves us from plugin maintenance hell… And you just explained all this brilliantly after having tried the opposite.
I think I’m going to send a couple people here to read this ;)
Bonjour François. Thanks for stopping by. I’m glad you guys aren’t hiding the options. I know about the common ancestor (been doing this for a long time) but appreciate the link.
WordPress apostles mostly don’t get the point. Then they have 87 competing plugins trying to manage all of this. The internet was a simple enough and robust enough communication system as imagined with hypertext (additional media like images, sound and video are no problem). The clutter and vile concotion which advertisers, greedy publishers, sneak SEOs and tech fanatics (REACT.js or die!) into which it has been converted is a sad example of the Tragedy of the Commons.
It’s not enough that over the last one hundred years we’ve managed to poison our oceans, cut down our forests, pollute the air we breathe, taint the water we drink with fracking and despoil our landscapes with enormous garbage dumps – no, within thirty years of its invention, we had to entirely blight cyberscape. Miraculous breed of relentless five-fingered rodents, these humans. There’s nothing we cannot touch to sully it.
Recently we took one of our complex websites and removed all of the cruft from it (extraneous javascript, unneeded extra CSS files, tracking and analytics, poorly coded advertising javascript) leaving the core appearance and functionality intact. It leaped from 56 Google Page Speed score to 99 without any kind of critical CSS voodoo or other nonsense. I imagine the joy of his readership if he would go live with that fast loading and pleasant site.
Amen :)
I love the analogy between what we did to cyberspace and what we did to our habitat. In cyberspace, of course, it plays out at 100X the speed of what happened in real life until recently…
Can’t help but think about 5G now… Ultimate mean to abuse the web with even more scripting and tracking and VR and megabytes per second of whatnot + ultimate way to fry us humans in constant RF radiation?
5G might be harmless. Or it might be lethal. No better way to find out than building it out in most of the world’s major cities within five years. Normal cell technology certainly has an effect on people already. All the cases of cancer on the phone side of early heavy mobile users. And that’s before we get into the biological effects. Strange that establishment scientists choose to only measure the physics properties of a mobile phone.
Nothing new here – the tobacco companies were able to dodge the science for fifty years with the same tactics of sponsored studies and bribed politicians.
What’s wrong with ethernet cables, cable internet and internet only at one’s office and worktable at home? Would make for a better world. I pity all the young men who’ve never had the pleasure of a romantic dinner with a woman without a cellphone.