Why Wordpress Sucks

This post will quickly explain why the engineering behind Wordpress is horrific – and hence why there is a need for a new CMS to take over.

• Wordpress PHP plugins run with the same execution privileges as the host Wordpress framework. No wonder Wordpress is so hack-prone!
• Each page load on a vanilla Wordpress installation usually takes up 20 MB of memory......
  • but add in 10-20 plugins, and memory usage can balloon to 128+ MB.
  • or maybe Woocommerce! And now it's 200+ MB per request easily.
• Each page load usually does 50 MySQL queries. Sometimes 300-500 queries.

This is why web hosting is still so expensive.

There's no reason why a basic website should cost $5/month.

If all you have is a 50-100 MB of content, it should be free.

We're planning on offering free web hosting! Subscribe to the email list to be notified when we're done with a basic version.

Why Wordpress is so easily hacked

After talking to an engineer who didn't understand it straight away, I'm realizing this requires some technical explanation.

Wordpress framework is written in PHP. This executes from index.php

Wordpress plugins are written in PHP. The host framework calls the plugin. There is no sandboxing. The plugin has the same execution privileges as the host framework.

If you're an engineer, you should immediately understand now how Wordpress is so easily hacked. There really only needs to be one insecure plugin, and your entire virtual machine is screwed.

What is proper sandboxing?

Good example is Chrome and Chrome extensions. These are properly sandboxed.

Chrome is written in C++. Chrome extensions are written in Javascript. Sandboxed!

C++ compiles down to machine code. Imagine if Chrome extensions were simply machine code, executed with the same privileges as Chrome. Seems crazy, doesn't it? Yet that is the exact situation happening in Wordpress and Wordpress plugins!!!