The WordPress Attack, Competition and Blogging Innovation

First of all, a note to the fanboys: this is NOT an attack on WordPress. WordPress is an excellent piece of blogging software, and undoubtedly the best option for non-technical users looking to self-host. And therein lies the problem.

Back in 2003/2004 Movable Type was pretty much the predominant blogging platform for the self-hosters. And then two things broke its dominance in the market-place: a rather dumb pricing decision by Six Apart (which was rapidly corrected) and the growing wave of spam, which Six Apart was slow to get on top of. After all, there were a lot of MT blogs out there - it was worth the spammers targeting it. 

Fast forward 5 years, and WordPress has throughly usurped Movable Type's position as the leading self-hosted blogging platform. And lo, the weekend has been full of people tearing their hair out as their WordPress blogs were hacked seven ways to Sunday. Reading about people having to export, destroy and recreate their blogs was painful. Blogging is over a decade old. We should be better at this stuff by now.

But you could see it coming. It only takes a cursory search around the web to find blogs running on ancient platforms - a Movable Type 2.x here, a WordPress 1.x there.  And then the complaints started about the repeated waves of updates to the 2.8 version of the software. When people are complaining about updates, that means some people just aren't bothering to do it. And that means security vulnerabilities are staying wide open. The the odd savvy user like Suw got hacked. By Saturday, tech celebs from Robert Scoble to Andy Ihnatko got hacked. Twitter was full of the wails of the hacked, and the retweetings of the warning.

As I tweeted, WordPress has become Windows - so dominant that it's a huge target. And this is only going to get worse - access to millions of websites through attacking a single platform? That's just too tempting a target. 

I have to wonder when WordPress users will start switching to some other platform.

There's a reason it's not happening. They can't. There are no good alternatives for a less technical user who wants to self-host. 

There's a vocal breed of WordPress advocate who pretty much equates blogging with WordPress. The two are synonymous, they argue. They treat my continued use of Movable Type as, at best, an aberration and, at worst, a political statement. It's neither. I've just never had a compelling reason to shift off MT. It works fine for me, and pretty much always has. The irony here is that these folks have helped facilitate this attack. There are people out there who would have been far better blogging on the hosted Wordpress.com, Typepad or Squarespace, because they really don't want to be bothered with the technical stuff, but were encouraged onto self-hosted WordPress because that was "real blogging". If you're on recent versions of WordPress, upgrading is now trivial. But still too many people don't do it, just as they don't run Windows Update.

A world with only one good self-hosted blogging platform would be a poorer world - and we're dangerously close to that point. The competition that drives platform innovation would not be as strong, and the black hats have much more tempting targets to attack. For the sake of the development of this medium, we actually need a good, strong competitor to WordPress. Six Apart has, to a large degree, ceded this ground to Automattic. Although MT4 and the in-beta MT5 are both huge steps forwards as large-scale blogging platforms, they're tools for the technically-skilled at the installation and maintenance level, not the casual user. Habari and Melody aren't ready for prime time yet. But one of them could rise to be a challenger, if they're willing to look at the innovations the WordPress team have made in ease of use and maintenance, and attack them head-on. 

And we need someone to do so, and soon. Blogging is a vibrant, fast-moving and dynamic medium. And handing it over entirely to one platform, one view on what a blog should be, will only stifle it - and hand more bloggers over to the spammers.