MoreRSS

site iconMatt MullenwegModify

A founding developer of WordPress, founder of Automattic.
Please copy the RSS to your reader, or quickly subscribe to:

Inoreader Feedly Follow Feedbin Local Reader

Rss preview of Blog of Matt Mullenweg

Real WordPress Security

2025-03-08 19:07:49

One thing you’ll see on every host that offers WordPress is claims about how secure they are, however they don’t put their money where their mouth is. When you dig deeper, if your site actually gets hacked they’ll hit you with remediation fees that can go from hundreds to thousands of dollars.

They may try to sell you a security plan that for example at Godaddy goes from $300 to $700 a year on top of your hosting. (Don’t be fooled by the low entry price, look at renewal.) It’s heartbreaking to hear stories of non-technical people forced into these high fees to fix something their host should have prevented in the first place.

When a host is powered by WP.cloud, it doesn’t need to do this because hacks are so incredibly rare. (That’s why it may appear more expensive, but the total cost of ownership or being a WP.cloud-powered host is much lower when you factor in human time.)

One problem we’ve had on WordPress.com is we do all these amazing things and don’t tell anyone about it, something we’re trying to change with our focus this year on developers and developer tooling. One great example is we’re so confident about our security, if your site gets hacked we’ll fix it for free! We’ve actually been doing this for the better part of a decade, just never mentioned it anywhere.

Pressable (which is WP.cloud-powered) does a better job talking about these things and has a nice landing page on malware cleaning and hack recovery that says essentially the same thing.

WordPress has done a ton over the years to move the hosting industry around upgrading PHP and MySQL, PHP extensions, free SSL, and in general using our clout to advocate for user rights and freedoms from even the largest hosting companies, and I’m proud to say there are a good number, for example the ones you see at WordCamps, that have not just embraced these values but actually been more commercially successful as they’ve done so. I hope security and auto-upgrades not just for core but for plugins and themes becomes the next standard. (Jetpack does this for free, some hosts charge $100/yr per site.)

On Lenny’s Podcast

2025-03-04 22:19:50

One of my must-read newsletters for the past several years has been Lenny’s Newsletter, probably best known for its writing on growth and product management, which really means it covered everything you need to create a great company.

It expanded into a really well-done podcast; Lenny has always had a knack for finding the best guests and asking the best questions, so when he invited me on I was very excited.

He really wanted to address some of the things that people said I wasn’t being asked, so we do touch on the WP Engine / Silver Lake attacks, but we also covered a lot of my philosophy of why open source is important, philanthropy, and why you should build a movement, not just a product.

You can watch it on YouTube, or listen to it on your favorite podcast app like Pocket Casts.

Some others he has done that I really enjoyed are Nan Yu from Linear, Marc Benioff from Salesforce, Katie Dill from Stripe, Mihika Kapoor from Figma, Drew Houston from Dropbox, and of course the famous Founder Mode one with Brian Chesky.

WordCamp Asia and Maha Kumbh Mela

2025-02-22 14:01:19

It’s been fantastic being in the Philippines for this year’s WordCamp Asia. We have attendees from 71 countries, over 1,800 tickets sold, and contributor day had over 700 people! It’s an interesting contrast to US and EU WordCamps as well in that the audience is definitely a lot younger, and there’s very little interest in “wpdrama” du jour, in fact I’ve had tons of amazing conversations of support and talking about the strength and growth of the community.

Some of the earliest international WordCamps I went to were in Manila and Davao, back in 2008. (I’m going to share some pictures at the start of my talk.) Between that and spending lots of time in Daly City when I moved to San Francisco when I was 20 I have developed a fondness for the cuisine, creativity, family orientation, and warmth of the culture here.

After this I’ll be taking a bit of time off for a trip to the big Hindu religious pilgrimage in India, the Maha Kumbh Mela, which is currently on a 144 cycle. It’s the largest human gathering in the world, with some days measured with tens of millions of people visiting. I’ll be returning to my Photomatt roots as well and bringing my big camera rig, right now a Nikon Z 7II, and two lenses: 24-70 2.8 and 70-200 2.8.

Sun and shadows

2025-02-18 09:06:58

Scale

2025-02-14 08:40:05

In high school when 5% of your class doesn’t like you it’s like 3-5 people.

Running a company of 1,700+ when 5% doesn’t like you, that’s 85 people! That fills a room.

150k followers and 5% don’t like you now you have a small stadium of 7,500 people.

It’s still 5%.

Hash tables

2025-02-13 06:03:25

“You didn’t just come up with a cool hash table,” he remembers telling Krapivin. “You’ve actually completely wiped out a 40-year-old conjecture!” There’s a delightful article on an undergraduate discovering an optimization in a very basic computer science principle.