Review: WordPress 4 plugs in, turns on, grows up

Review: WordPress 4 plugs in, turns on, grows up

The latest revision of the powerful and popular blogging engine does far more than blogs, although the power comes with a price

Software often evolves to serve purposes beyond what its makers intended. WordPress stands as a classic example. What started as a simple blogging engine has become one of the most widely used pieces of software for maintaining both public-facing and internal websites. Today the WordPress blogging engine not only powers blogs but also works as a CMS, a social hub, a discussion forum, a feedback-tracking system, an e-commerce solution, and much more. With each new revision WordPress comes a bit closer to being a general content-publishing framework that businesses and enterprises could adopt.

The key word is "could." Preparing WordPress for heavy traffic and securing it for public-facing and even internal use requires some work. On the other hand, much of that work is made possible -- even easy -- thanks to the vigorous culture of development around the product. If you want to do something with WordPress, odds are good that someone else has already done it, and they know how to do the job for you.

[ See which open source projects are off to a great start in InfoWorld's top 10 new open source projects of the year. | Track trends in open source with InfoWorld's Open Sources blog and Technology: Open Source newsletter. ]

We took a look at the pre-release version of WordPress 4.0, bearing in mind that it was still officially a beta and many elements might still be in flux. That said, because the changes between dot-zero WordPress versions are intentionally limited (more on that below), the WordPress 4.0 beta proved to be quite stable. It's software you can think about deploying to production sooner rather than later.

New and noteworthyContrary to conventional wisdom, dot-zero WordPress releases don't imply major, revolutionary changes to the product. The developers of WordPress take a slow and steady route to adding functionality, rather than slating earth-shaking functional changes for left-of-the-decimal-point releases. It should be no surprise that WordPress 4.0 is more production-ready than the typical dot-zero release.

The most significant change rolled into WordPress over the last year -- and the one with potentially the most impact for business and enterprise users -- is in the way the product is developed. Instead of adding changes to the core product directly, WordPress built new features first as plug-ins and tested that way. If they pass muster with the development team, only then are they rolled into the core product.

Aside from keeping the core code cleaner, this development strategy has another boon. It means enterprises that want to customize WordPress for their own use have a fairly standard way to do it, and they can look to existing plug-ins for examples of how to build custom functionality. All of WordPress, from the core code to the plug-ins and the templates, is built using PHP, which -- given the popularity of PHP as a language in the enterprise -- makes it easy to target WordPress as a development platform.

Booting up A big reason for the popularity of WordPress is that it makes setup and configuration dead simple. Many Web providers have a WordPress installation script for one-button setups, and you'll find a wealth of other easy-start options. JumpBox, for instance, offers a WordPress VM appliance, which I use as part of this review.

Even if you're installing by hand, setting up an instance of WordPress is remarkably uncomplicated. Creating the database, unpacking the files into a directory, and setting the program's file permissions are the hardest parts, as the rest is done automatically by WordPress itself. All of the major options for the program are either automatically configured or set up through the Web-based admin panel.

Likewise, the entire product -- along with all of its plug-ins and themes -- can update itself in the background, a relatively new feature. Enterprise users might want to toggle this off, to guard against features breaking silently in the background. WordPress is no less guilty than any other software product of having plug-ins or theme functionality go awry because of a change to the platform.

If you're importing existing content, one way to do this is to generate it in WXR (WordPress Extended RSS), WordPress's own XML file format. One major drawback of using WXR is that it's not formally documented anywhere; it only exists in the form of the actual code used by WordPress to export data. That said, other people have reverse-engineered how the format works, so while creating an export file takes some effort, it's not impossible. WordPress will automatically slurp up RSS feeds, although importing assets or user accounts requires additional tinkering.

One decision you'll have to make is whether to use WordPress's Multisite mode. A typical WordPress installation is treated as a single unit, with all pages, users, and assets handled together. For more complex deployments -- say, a setup where each department has its own discrete user base, asset list, and blog -- it's possible to deploy multiple instances of WordPress side-by-side. But another, more compact option is to use Multisite mode to allow multiple WordPress sites to be managed by the same instance of the program. Note, however, that not all plug-ins play nice with Multisite. In fact, developing a plug-in to work with Multisite requires some savvy.

Looking goodMost of the immediately visible changes to WordPress over the last year revolve around its UI and ease-of-use functions. For instance, the editor and control panel have been reworked to use a responsive design, and the theme management system was changed to make it easier to organize and sort through. One native addition that should appeal to enterprises is that changes to posts can be tracked line-by-line and attributed to specific users, taking the mystery out of who might have broken what.

The editors in content management systems are generally terrible, encouraging users to compose their texts outside of the system and paste them in. WordPress's editor encourages users to work directly in the browser, and to the credit of the designers, I ended up doing exactly that. One recent addition to the editor is a distraction-free mode, where all nonessential prompts are hidden while you're typing. Too many content management systems present you with a tiny editing box in the midst of a sea of rarely touched controls, so this is welcome relief. The WordPress editor is even mobile-friendly, with the editing controls both resized and reorganized to work well on tablets and phones.

The vast ecosystem of plug-ins and themes makes WordPress a platform unto itself. Be cautious about adding plug-ins, however, because they don't all play well together.

By default, WordPress provides five user roles within its system: subscriber, contributor, author, editor, and administrator. A subscriber is essentially little more than a comments moderator; a contributor can create posts but do little else; an author can post and manage their own media; an editor can work on other peoples' posts and media; and an administrator can run the whole shooting match. For most scenarios, these roles should work fine, but you can add more granular control over user behaviors through a third-party plug-in such as User Access Manager. The same goes for integrating with existing authentication and authorization systems such as Active Directory.

Bend it, shape itOn top of the ease of installation, WordPress's ease of customization is the other big draw. Themes for WordPress sites can be downloaded from a repository controlled by WordPress or added by hand, and they can even be edited directly within WordPress. Themes can be tried out provisionally, so you don't need to reskin the entire public-facing version of your site to see how well a given theme works.

But the real power behind WordPress's customizability and malleability is its plug-in system, which is a software ecosystem unto itself. There is literally not a single aspect of WordPress that cannot be customized with plug-ins, which cover most every conceivable bit of functionality: SEO optimization, content caching and acceleration, content management, search-and-replace, contact forms, newsletter and email subscription management, e-commerce add-ons, and on and on.

Two widely used plug-ins that demonstrate the power and flexibility of WordPress are BuddyPress and bbPress. The former allows a WordPress installation to be turned into a miniature social network; it's so popular that entire books have been written on how to get the most out of it. The latter adds forum functionality to a WordPress site, leveraging the WordPress user database for sign-ons. There's even a way to leverage WordPress's user database as a CRM system, by way of PauPress.

Naturally, you can also find plug-ins that make WordPress more useful as an enterprise tool. I already mentioned Active Directory integration. Another example is Secure FTP support: WordPress doesn't support SFTP natively, so you'll need to add a third-party plug-in to make use of that. Likewise, plug-ins exist to provide cross-integration with platforms such as Salesforce or SugarCRM.

What to watch out forAs powerful as the plug-in system is, it can also be the source of some of the biggest headaches associated with WordPress. Because plug-ins can make radical changes to the way WordPress works, they can interact badly or conflict to such an extent that they fail to work at all. Likewise, some plug-ins don't work properly in a Multisite installation, and many aren't aware of the presence of BuddyPress or bbPress.

WordPress's in-browser editor works well in both mobile and desktop browsers. The "distraction-free" mode hides everything but the editing box.

Because cross-testing even the most commonly used plug-ins is impractical, the wise thing to do is start with as few plug-ins as needed to get the job done. Rule of thumb: Never add more than one plug-in at a time, and always test everything for each plug-in. Don't hold your breath waiting for this situation to change either. After all, the diversity of plug-ins and themes is a big part of what helped WordPress rise to prominence in the first place.

Another potential pitfall with WordPress is performance. By default, WordPress generates every page dynamically when it's requested. That's useful if you have content that needs to be kept fresh on a moment-by-moment basis, but it can mean slow page load times for a heavily used site. This shows up most blatantly on WordPress sites that use shard hosting, but it can happen even on a dedicated installation.

To address this, numerous third-party plug-ins offer various kinds of static content caching and delivery acceleration methods. WP Super Cache, for instance, bundles a whole slew of different approaches to accelerating a site: static file generation, CDN integration, page compression, and so on. Other plug-ins can speed up WordPress by providing database-layer caching (such as EM Object Cache).

Yet another ongoing issue with WordPress is security. In truth, the core of the program has become far more secure over time, but third-party plug-ins and themes are still targeted successfully for attacks, and they need to be monitored. Add-ons like Wordfence exist to help protect WordPress installations, although in the long run the vigilance of the administrator will make the most difference.

Finally, you'll find no shortage of first- and third-party support for WordPress. Most every hosting company out there -- including enterprise-centric hosts like Rackspace -- touts WordPress as a supported product and offers automated setup scripts. Automattic, the company that develops WordPress, offers its own hosting services in both blogger-grade and professional-grade versions. Dedicated hosts like WP Engine focus entirely on conventional and enterprise-grade WordPress hosting. Third-party outfits, such as Maintainn, provide varying levels of support depending on your ambitions.

On one hand, adopting WordPress inevitably requires a fair amount of work to make it business- and enterprise-ready. Importing existing content, optimizing performance, and integrating WordPress within an enterprise all require some degree of manual work.

On the other hand, the rich WordPress ecosystem will significantly lighten that load. Because so much has been built in, on, and around WordPress, it's relatively easy to find the tools you need, get help working with them, or have something built with them.

WordPress 4.0 is a modest release in terms of new features, but with the new "plug-in first" development philosophy, we can look forward to more of our favorite third-party features becoming part of the core product. Here's hoping that includes the enterprise functionality that makes WordPress into so much more than a blogging platform.

This article, "Review: WordPress 4 plugs in, turns on, grows up," was originally published at Follow the latest developments in applications and open source software at For the latest business technology news, follow on Twitter.

Read more about applications in InfoWorld's Applications Channel.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags softwareapplicationscontent managementcmsopen source software

More about CacheCMSRackspaceTechnology

Show Comments