What the WordPress Needs Now

I haven’t always been kind to open-source software (read exhibits A and B), but sometimes you’ve got to give credit where credit is due. WordPress — whose version 2.2.2 powers this blog, as of this writing — is a remarkably polished CMS with an extended community that rivals that of Mozilla Firefox. Me likey WordPress.

wordpress.jpg

But WordPress has some irksome shortcomings that need to be overcome if it’s going to reach that Firefox level of ubiquity and respectability. I can’t pretend to be savvy enough to give any kind of real assessment of the shortcomings under the hood. But as a user and a web developer, here are some of the improvements I’d like to see to WordPress.

  1. Simple plugin updates. Since it’s so easy to create a WordPress plugin, thousands of people have thrown together plugins of varying quality and durability. I’ve got about a dozen plugins running on my WordPress installation, but the only way to check for updates is to browse to the developers’ websites one at a time. Sometimes I’ll go for months without bothering to check. There needs to be an easier way to update plugins — or at the very least an easier way to notify WordPress users that plugin updates are available. (I see from this entry on the official WordPress blog that this is a feature slated for version 2.3. Hurrah!)
  2. Better word processing window. For an application that revolves around words, WordPress has a pretty lousy word processor. That’s not entirely WordPress’s fault, since it uses the TinyMCE JavaScript Content Editor, itself an impressive open source project. Still, the TinyMCE editor has a number of irritating quirks. Formatting often breaks in mid-composition, and once this happens the only thing you can do is save and reload the page. The editor will often do some very bizarre things with spacing that aren’t apparent until you publish. But the worst sins are the sins of omission. There are no buttons for simple tags like headlines and horizontal lines, and you can’t add id’s or classes to your HTML elements without switching to “Code” view. I’m aware that there are plugins out there to extend and customize TinyMCE. But honestly, headline tags should be available out of the box.
  3. Page sections. WordPress takes a very limited view of what type of content you can have on your page. All the default installation allows is one big text blob surrounded by preconfigured dynamic sidebars. But what if you want to include a callout box in your article? What if you want to subdivide your article into multiple sections with different formatting rules for each? Currently the only way to accomplish this is by digging through the HTML and CSS code and rolling your own sections by hand.
  4. Better caching options. Movable Type and some other blogging systems allow you to publish your entire blog as static pages. For the non-technically inclined, a static page is one that’s already assembled and ready to be served; a dynamic page is one that the server assembles on the fly from PHP scripts and database content every time you visit. For most situations, dynamic pages work just fine. But as soon as your site gets dugg or slashdotted, 47 million people will try to hit your website and overload the server with all those dynamic page requests. Recent versions of WordPress supposedly have improved caching abilities to deal with this problem, but I’m not a believer. I’d prefer the option to just turn on static caching with the click of a button.
  5. Better Windows server support. Users who run WordPress off Windows servers are second-class citizens. You can’t have permalinks unless you have an ugly “index.php” stuck in the middle of the URL; article and archive pagination simply doesn’t work. Some of these issues come from limitations of the IIS web server or your ISP. But these problems really need to be fixed, or at the very least, clearly documented. If the problem can be solved with ISAPI extensions, then include ’em in the installation. If not, then these limitations need to be clearly spelled out in the interface and documentation. Currently there are too many cryptic problems with Windows installations that can only be solved with lots of irritating detective work. (The first person to say “that’s what you get for not using Linux and Apache” will get their eyebrows forcibly shaved off by me with a rusty butter knife. I’m in the process of moving to a Linux host, but it’s going to take some time.)
  6. Administrative RSS feeds. This is a feature in the Ruby-on-Rails-powered Mephisto blogging system that I’ve grown rather fond of. Every time someone creates or edits an article in Mephisto, a new item gets written to the administrative RSS feed. This makes it very easy to keep track of what’s happening in your blog. All you need to do is subscribe to the RSS feed and you can keep up to date with a minimum of fuss. Very useful for group blogs. (See screenshot that gives you a snippet of this feature below.)

    Mephisto blogging system with RSS admin feed

  7. Better backward compatibility. Standards on WordPress seem to get deprecated too quickly. The system’s only been around since 2003 — that’s four years, as of this writing — and already there are lots of older tags, functions, and database calls that won’t work with newer versions of the software. On the one hand, that’s the sign of a technology that’s rapidly growing and improving. On the other hand, that’s also a sign that some of the structural underpinnings of WordPress weren’t that well vetted in the first place. As a result, you often find plugins will break just by upgrading WP from version x.x.1 to x.x.2. I’m sure that this is usually the fault of the plugin authors themselves — but given the jumbled state of the official WP documentation, you can’t entirely blame plugin authors for being confused.
  8. Easy integration of multimedia. In addition to the ability to upload plain ol’ image files, WordPress needs easily built-in methods of inserting multimedia from popular sites like Flickr and YouTube. Or how about a quick n’ dirty way of uploading Flash? I doubt I’d use many of these things myself — honestly, I dislike multimedia-heavy websites — but there are plenty of people out there that would jump at the chance to integrate such things into their blogs.
  9. Usability overview. The WordPress interface is fairly user-friendly, but not quite user-friendly enough. Here’s a perfect example: I’ve been using WordPress for a year and a half now — and I just realized a week ago that the software has a built-in image uploader. I feel like an idiot for not realizing this before. But in my defense, the image management suffers from poor usability. I honestly had no idea what the “Upload” box did, and it never really occurred to me to give it a whirl and find out. There are lots of examples of poor usability throughout the WordPress interface, and I’m certain they cause users lots of grief. Someone go hire Jakob Nielsen.
  10. Tagging. There’s some controversy about this. From what I remember, the WordPress people are confident that their “categories” system works just as well as other “tagging” systems. Ideally I’d like to be able to use both — file a post under a single category (say, “Web 2.0”) but still be able to give it a wide variety of more granular tags (say, “WordPress, CMS, blogging systems, Dave’s kvetching…”). I used to use a plugin called Jerome’s Keywords, but for some reason it stopped working on one of the recent upgrades (see #7 above).
  11. Inadequate built-in search. By default, the search bar built into WordPress only searches blog posts, not static pages. It doesn’t search user comments or profiles either. Recently I found a plugin that accomplishes all this and more — it’s called Search Unleashed by Urban Giraffe, and it’s really quite good. But again, some of this functionality should be available out of the box.
  12. A security overhaul. You want to read something frightening? Read this interview with PHP security expert Steffan Esser about the serious problems with WordPress security. In addition to a few high profile flubs — including one recent nightmare where hackers managed to stick exploitable code into the actual WordPress distribution — Esser reveals all kinds of frightening security problems. One example:

    And when [the WordPress team] finally released their update, I told them that the fix was broken and the exploit just needed a modification to still work. Their reaction was to hide that fact by silently changing the download tarball. They did not increase the version number, they just fixed the vulnerable code hours after the update was out. And later they publically stated that the previous tarball was only online shortly, while the timestamps inside the tarball clearly proved that shortly were several hours.

    I’m not considering switching to another blogging system after reading this… but it’s certainly got me rethinking the frequency of my backups.