Urgent Technology Improvements for WordPress
WordPress powers a huge number of the world’s websites, from small blogs to complex content management scenarios, online shops or newspaper portals. Its flexibility, community and openness have contributed to one of the internet’s most capable open source ecosystems. In many ways, WordPress puts other open source projects to shame. The core product has shown a remarkable level of maturity, the extension and theming ecosystem is thriving, and the release schedule shows a high amount of activity. Automattic, the company behind WordPress, is expanding and acquiring talent and intellectual property.
Being an active user and maintainer of several projects that utilize WordPress, here are my thoughts on what WordPress should do next in order to satisfy the technical needs of the community for the near future.
Built-in performance optimization
MediaWiki, another huge open source software platform powering large parts of the web (most and foremost the Wikipedia), recently announced that the new version will load scripts asynchronously, greatly improving speed and reducing load. Anyone who ever deployed a WordPress page, and especially after enriching it with lots of necessary plugins, knows, that optimizing such a site for performance is a gargantuan tasks requiring additional plugins and template and/or server side enhancement to cut down file size, cut down the number of requests, move scripts and define caching.
I believe a lot of this has to do with architecture. WordPress should adopt a more performance oriented structure which plugins will have to follow and be able to plug into. The next big version of WordPress should have a tiny (script/css) footprint and make all plugins and themes plug into its own system of optimizations or stick to certain rules for those. Plugins will have to fulfill performance requirements and a final installation of WordPress should not become almost impossible to optimize with a rising number of themes and plugins, but instead these should feed their material into WordPress‘ own delivery architecture which would spit out optimized, optimally located, combined and compressed file output (which can them be cached or served from a CDN).
In addition to that, it should be easier for admins to tweak WordPress settings from the Dashboard, from memory limits to security checks (why does WordPress not come with its own system checklist, other CMS have it). Just as an example, the Dashboard should inform the administrator which content is loaded in the page header section, which of those belongs to what kind of functionality and whether they are essential or optional, and a switch could move all or some of those to the footer or tell them to be loaded as non-blocking deferred or asynchronously loading scripts.
More out-of-the-box core functionality
It is the same procedure each time you install WordPress: You spend another few hours installing and setting up a range of plugins, 5, 10, 20 or more of them, to sometimes just add the tiniest functionality, tweak a setting or perform optimization. One of the main reasons for this is, that WordPress does not offer a whole range of functionalities for common use cases out of the box. These then have to be installed from a variety of competing, outdated, semi-commercial, insecure, unoptimized or conflicting plugins, which then cause short and long term performance and maintenance overhead.
WordPress should (as it has now done recently with its built-in favicon uploader) deliver its own system to include and manage user avatars; easy ways to include tracking systems like Google Analytics; switch on font systems like Google Fonts or Font Awesome; add custom CSS code; switch html head content on off; clean the database from cruft (long removed plugins, legacy settings, etc); add custom sidebars and widget areas, and much more. This would add a degree of professionalism and reliance to a set of core features used by most if not all WordPress installations out there and by their inclusion in the core package make use of synergies and in total add less of a burden to an installation than by individual plugins that clog a system.
Community quality control
One of WordPress‘ biggest strengths is also one of its weaknesses. The almost anarchic multitude of plugins and themes, not just on the official extension catalogs, is a huge strain on admins. It is hard to keep tabs on maintained extensions, their quality and professionalism, security aspects and performance. Not to mention finding the right ones in the vast ocean of customizations. This also increases splintering, as many development teams build their own little extensions (for their own purpose) rather than finding and building upon existing efforts. Many plugins are abandoned, compromised or incompatible if no dedicated team exists to improve it. The amount of semi-free plugins increases too. If the idea of ransomware or freeware died with floppy discs in the 90s, it lives on within WordPress‘ extension ecosystem. Some extension authors, such as WooThemes which was recently bought by Automattic, went as far as making almost every second little setting for their popular WooCommerce plugin a premium add-on, quite a shameless business strategy.
WordPress should not exercise stringent control over its community, but it could nudge it towards better quality. Filtering out non-maintained plugins and themes would be one step. Patrolling essential plugins and encouraging timely updates and security audits another. It could offer certifications to extremely popular extensions and partner with their authors to apply strong quality, security and performance criteria to those. It would be great for users to see which extensions fulfill which kind of criteria. Ransomware/freeware plugins should also be marked as such a lot more clearly. WordPress could also maintain a blacklist of known memory hogs, security risks or shady developers. WPEngine for example keeps a list of plugins it clearly communicates as banned from their hosting services.
Advanced deployment support
Lastly, WordPress should step up its game among pros. A regular installation without certain plugins allows for only few tweaking from within the Dashboard. It would be great to include a whole range of tweaks and settings that it allows as „advanced settings“ from within the admin interface. Functionality that would have to be installed via certified third party addons could be installed upon one click. One example of how this could look like is the plugin „WP-Helpers„.
These thoughts are just meant to stimulate debate. I am not in the loop about roadmaps at Automattic, and neither is there a consensus about whether the points I raise are actually critical issues. I am looking forward to comments and reactions and maybe pointers into the right direction for some of the ideas I have put forward.