A high-severity vulnerability was discovered and patched in the All-in-One WP Migration and Backup plugin, which has over five million installations. The vulnerability requires no user authentication, making it easier for an attacker to compromise a website, but this is mitigated by a restricted attack method.
The vulnerability was assigned a severity rating of 7.5 (High), which is below the highest severity level, labeled Critical.
Unauthenticated PHP Object Injection
The vulnerability is called an unauthenticated PHP object injection. But it’s less severe than a typical Unauthenticated PHP Object Injection where an attacker could directly exploit the vulnerability. This specific vulnerability requires that a user with administrator level credentials export and restore a backup with the plugin in order to trigger the exploit.
The way this kind of vulnerability works is that the WordPress plugin processes potentially malicious data during backup restoration without properly verifying it. But because there’s a narrow attack opportunity, it makes exploiting it less straightforward.
Nevertheless, if the right conditions are met, an attacker can delete files, access sensitive information, and run malicious code.
According to a report by Wordfence:
“The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the ‘replace_serialized_values’ function.
This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must export and restore a backup in order to trigger the exploit.”
The vulnerability affects versions up to and including 7.89. Users of the plugin are recommended to update it to the latest version which at the time of writing is 7.90.
Themes and plugin choices are more important than ever as some can hamper the site’s performance.
You can do many things to improve any WordPress site, and this post will cover just some of these optimizations that you can (hopefully) take action on immediately.
Choose A Reputable Web Hosting Company
Choosing a bad host can be harmful to a site’s performance.
While hosting on a shared server may seem the most cost-effective solution, it definitely comes with its issues. Sharing that server with other (potentially) troublesome sites can monopolize shared resources to the detriment of your own.
Hosting doesn’t cost the earth. I would always advise that you choose a web host that not only has great hardware specifications (on a dedicated server if budgets allow) but also understands both WordPress and has strong technical support. And look for hosts with server-level caching.
Whether your site resides on a managed WordPress hosting platform, a LiteSpeed server, or scalable cloud hosting, it’s always worth doing your own research and comparing a few companies before deciding.
Also, consider how SEO-friendly that host is. WordPress has a hosting page with a handful of recommended companies.
Optimize Server Settings And Use CDNs
Once the site is hosted on the server, there are further optimizations you can apply at the server level.
Newer protocols like HTTP/3 and QUIC reduce latency, especially on mobile devices.
Cloudflare and LiteSpeed support this out of the box, but it is still worth checking with your server settings as well.
There are several CDNs available, but my recommendation has always been to use Cloudflare.
Their free plan offers many optimizations, including image polishing, caching and compression (enable tiered caching to further optimize those requests).
Within Cloudflare, I recommend caching everything except wp-admin and dynamic content, serving stale content while revalidating cache in the background and using their Web Application Firewall (WAF) services that help block attacks and limit crawlers.
Disable XML-RPC
There are several optimizations to remove and limit resources that are enabled by default in WordPress core.
One good recommendations here would be to disable XML-RPC if it is not required:
Disable XML-RPC
add_filter('xmlrpc_enabled', '__return_false');
Implement Caching & Compression Techniques
In addition to server optimizations, you can implement further performance enhancements by adding caching and compression elements directly.
Using object caching such as Varnish or Redis can provide great results, as well as setting proper cache-control headers within.htaccess (Apache) or nginx.conf:
Header set Cache-Control "max-age=31536000, public"
Optimize Asset Loading
When caching and compression are in place, you can then take further steps to defer JavaScript.
For example:
Also, try to have any scripts load asynchronously so that they don’t degrade initial page load times.
When it comes to CSS, it’s always good to remove any unused styles where possible, although I wouldn’t say this is the biggest priority compared to other recommendations in this post.
Also, try to preload and pre-connect fonts for text that appears above the fold (custom fonts for the text in the footer doesn’t need to be preloaded) and other external resources where possible.
Here is an example of how this can be done:
Close Other Performance Gaps
If you’re a perfectionist like me, there’s always room for more optimizations.
Enable lazy loading for images where possible and replace YouTube embeds with static image previews.
Use Screaming Frog to detect unnecessary redirects.
Close redirect loops and chains, which are reported within Semrush site audits. Update internal links to point directly to the final destination URL.
Reduce third-party requests where possible. For example, load Google Analytics or Google Fonts locally instead of via external scripts.
Disable unused social media widgets and embeds.
Choose The Right Themes & Plugins
So, you have your hosting account set up and your WordPress site installed.
However, the abundance of choices you have when it comes to themes and plugins makes it hard to decide and choose trusted developers. This is a challenge that has always been present, and I have been writing about it since 2013 at least.
When choosing both themes and plugins, consider the following when doing so:
Is the theme compatible with the most recent versions of WordPress?
Does it adhere to WordPress best practices for theme and plugin development? You can check this using the Theme Check plugin for themes and the Plugin Check for plugins.
Does the author of the theme have developer E-E-A-T? Can you trust them?
Ensure there isn’t too much code bloat. The more a theme is generalized to the masses (e.g., “all-in-one themes for any business”), the more it will have to be developed to accommodate the widest of audiences. The more bespoke the theme, (presumably) the less of a chance of code bloat.
Read reviews and investigate support offerings. For themes and plugins offered within WordPress’s own repo, some reviews and ratings are always helpful to inform your decisions.
With so many plugins available today, it seems daunting to know which ones are the best and most trusted.
Of course, “it depends” comes into play again, but generally, I advise using as few plugins as possible.
If you can solve some issues away from a plugin (e.g., server-level), then do that first.
Depending on what optimizations you may have set up elsewhere, some of these plugins may be unnecessary to install, but if not, it’s always good to know preferable options.
Preloading:instant.page is a great recommendation here. Uses one line of code that you can implement or they offer a WordPress plugin that does the same.
Script deferring: Some plugins above offer this, but I personally use WP Meteor.
Image optimization:TinyPNG or Smush for image compression, WebP express for serving WebP images over PNG/JPG/EPS. For further optimization, use Edge Images for utilizing edge transformation services to markup.
SEO: While not directly connected to improving speed, Yoast SEO optimizes a site’s visibility performance [disclosure, I work for Yoast]. Most of these features provided in the free version help with this, but things such as IndexNow are included within Premium. However, if you want to enable IndexNow without Premium, Bing offers its own plugin.
When installing any plugin, it’s always good to look at all settings properly and disable anything that is unnecessary to save more processing time and reduce code bloat.
To take this to the next level, you may also want to install Plugin Organizer, which allows you to set conditions for plugins to load only within relevant pages/areas of the site.
Monitor Your Server
Lastly, it’s always good to have a good monitoring system, such as New Relic, on the server.
This system allows you to diagnose and fix any issues that may be hampering the site or server’s performance, as well as reduce further unnecessary server load by disabling non-essential PHP modules.
You can also set up logging for slow queries in MySQL:
SET GLOBAL slow_query_log = 'ON';
SET GLOBAL long_query_time = 1;
I also recommend the Query Monitor plugin. Or, installing Blackfire to pick up inefficient code snippets which cause slow server response time. It is a paid too, but highly recommended for enterprise level.
Error logs are always your friend, too, when diagnosing other issues.
WordPress also offers debug mode, which is extremely useful for diagnosing potential problems by adding the following in wp-config.php:
Note, this should never be enabled on a live production site as it may expose sensitive information. Use on staging only.
// Enable WP_DEBUG mode
define( 'WP_DEBUG', true );
// Enable Debug logging to the /wp-content/debug.log file
define( 'WP_DEBUG_LOG', true );
Conclusion: Enhance WordPress Performance While Preserving Functionality
As you can see, there is a lot one can do to improve a WordPress site, and it’s important to do so from multiple angles.
Do as much as you can above, ensuring the site functions as it should.
Test everything first to ensure everything you need is correctly implemented and doesn’t hamper other things on the site (e.g., sometimes caching or compressing JavaScript can create irregularities or stop some site elements from working) or make other conflicts. And then deploy!
A leaked WordPress Slack chat shows that Matt Mullenweg is considering limiting future WordPress releases to just one per year from now through 2027 and insists that the only way to get Automattic to contribute more is to pressure WP Engine to drop their lawsuit. One WordPress developer who read that message characterized it as blackmail.
WordPress Core Development
Mullenweg’s Automattic already reduced their contributions to core, prompting a WordPress developer attending WordCamp Asia 2025 to plead with Matt Mullenweg to increase Automattic’s contributions to WordPress because his and so many other businesses depend on WordPress. Mullenweg smiled and said no without actually saying the word no.
Automattic’s January 2025 statement about reducing contributions:
“…Automattic will reduce its sponsored contributions to the WordPress project. This is not a step we take lightly. It is a moment to regroup, rethink, and strategically plan how Automatticians can continue contributing in ways that secure the future of WordPress for generations to come. Automatticians who contributed to core will instead focus on for-profit projects within Automattic, such as WordPress.com, Pressable, WPVIP, Jetpack, and WooCommerce. Members of the “community” have said that working on these sorts of things should count as a contribution to WordPress.
As part of this reset, Automattic will match its volunteering pledge with those made by WP Engine and other players in the ecosystem, or about 45 hours a week that qualify under the Five For the Future program as benefitting the entire community and not just a single company. These hours will likely go towards security and critical updates.
We’ve made the decision to reallocate resources due to the lawsuits from WP Engine. This legal action diverts significant time and energy that could otherwise be directed toward supporting WordPress’s growth and health. We remain hopeful that WP Engine will reconsider this legal attack, allowing us to refocus our efforts on contributions that benefit the broader WordPress ecosystem.
WP Engine’s historically slim contributions underscore the imbalance that must be addressed for the health of WordPress. We believe in fairness and shared responsibility, and we hope this move encourages greater participation across all organizations that benefit from WordPress.”
Leaked Slack Post
The post on Slack blamed WP Engine for the slowdown and encourages others to put pressure on WP Engine to drop the suit.
The following is a leaked quote of Mullenweg’s post on the WordPress Slack channel, as posted in the Dynamic WordPress Facebook Group (must join the Facebook group to read the post) by a reliable source:
“Would like to put together a Zoom for core committers to discuss future release schedule, hopefully bringing together some of the conversations happening the past 6 weeks: 6.8 includes a lot of “overhang” contributions from Automatticians, including 890+ enhancements and bug fixes in Gutenberg.
I’d like to make sure we get extra testing on 6.8 from web hosts, especially if they can upgrade perhaps their company blogs or something, employee sites, etc to make sure upgrades and everything work well in all environments and with the most popular plugins without regressions. The Chromecast update issues today (https://x.com/james_dunthorne/status/1898871402049999126 )remind us how easily this can happen.
I’m willing to commit people to early roll-out to WP .com to provide widespread testing with hundreds of thousands of users. This is very resource-intensive, but has contributed a lot to making sure releases are stable before they deploy to the wider array of non-engaged web hosts in the past.
We should consider modifying the release schedule:Other corporate sponsors are protesting WPE’s actions by pulling back contributions, which I think will effect some of the other largest contributors after Automattic.
The court schedule in the WP Engine lawsuit against Automattic, me, and WordPress .org ( https://cloudup.com/c33IWQHdNMj ) goes to jury trial in 2027. WPE appears to be unresponsive to public pressure to resolve things earlier. (As I said at WC Asia, I’m ready to end it yesterday.)
We are approaching 7.0 in two releases, which has an emotional valence and I’d rather not be purely maintenance. (Nor do I want to break our naming structure and do 6.10.) One approach would be delaying 6.8 and making it the only release this year, 6.9 in 2026, and then aim for a 7.0 in late 2027 assuming a positive outcome of the jury trial.
FWIW I would estimate WPE is spending the equivalent of 60 engineers full-time salary at 250k/yr as plaintiffs / attackers, and Automattic a similar amount on defense. Imagine the project could do for democratizing publishing and competing against proprietary alternatives if that were going into core and community development. Drop any other thoughts or agenda items you may have in this thread.”
Response to Mullenweg’s leaked post:
One Facebook user accused Mullenweg of trying to “blackmail” the WordPress community to pressure WP Engine (WPE). They wrote that the community is largely sympathetic to WPE than to Mullenweg. But in general Mullenweg’s statement was met with a shrug because they feel that this will give core contributors the chance to catch up on maintaining the core which to them is a greater priority than adding more features to Gutenberg which many of the developers in this group apparently don’t use.
One lone commenter in the Facebook discussion asked if anyone in the discussion had made a positive contribution to WordPress. At the time of writing, nobody had cared to respond.
In a recent podcast interview, Matt Mullenweg shared his informal plans for ensuring the future of WordPress. He outlined several areas where WordPress is taking advantage of technological changes, including security, AI integration, and reducing technical debt. He also addressed the long-term future of WordPress leadership, emphasizing the importance of decisive vision.
Mullenweg outlined four ways WordPress is improving in the near future:
Plugins and themes will become more secure.
The suitability of AI integration with WordPress ensures its continued relevance.
WordPress is addressing technical debt.
Governance and succession planning will help maintain WordPress’s strength.
WordPress Will Become More Secure
One of WordPress’s strengths is the third-party themes and plugins that enable publishers to create exactly the kind of website they need. It’s also a shortcoming because the vast majority of vulnerabilities discovered in WordPress stem from coding flaws in plugins and themes, as well as user failure to keep third-party software updated.
Mullenweg mentions current security measures like bug bounties, which are payments made to individuals who discover and responsibly disclose vulnerabilities. The implication of his answer is that relying on humans to find vulnerabilities isn’t enough because the scale of the problem exceeds human capabilities.
He anticipates plugin and theme vulnerabilities becoming less problematic due to new AI code-scanning capabilities that can analyze millions of lines of code to identify patterns consistent with common flaws that lead to vulnerabilities.
Mullenweg shared his thoughts:
“… many of these plugins and themes don’t have the same sort of robust security and review process that core has. So that’s where when you hear about security issues with WordPress, it’s very rarely in core, anymore. We haven’t had a remote exploit in like… I think five years, six years something.
But in the plugins it can be somewhat more frequent. And so one thing I’m very, very excited about, the next year or two, is actually more automated scanning. Because obviously that code base is so many tens of millions, maybe over a hundred million lines of code at this point. It’s impossible for humans to review that.
So we kind of rely on developers to to review that and manage. And of course we have like bug bounties and everything so that when things are reported we fix it quickly.
But I can’t wait for more automated scanning there, and I think that could vastly upgrade the security of open source.”
AI-Powered Website Building
Another development Matt sees for WordPress is further integration of AI into WordPress so that it becomes an engine that an AI uses to develop websites for users. Matt acknowledges that this is already happening and he’s right. Some web hosts are already leveraging AI to assist users in building websites through a chatbot interface.
He explains that writing the code is a strength of AI but that maintaining the code base is a problem that WordPress solves. Software like WordPress currently rely on PHP and other technologies to power those websites and make them interactive but they are constantly improving which means that the software that runs on those technologies must also be maintained. Mullenweg explains that AI can build on top of those technologies as engines that power what they create, building on top of them without having to worry about maintaining the underlying technology that makes them work.
He said that this scenario of building on top of open source is more powerful than leveraging a closed source system. What’s implied in what he said, and went unspoken, is that open source projects like WordPress are not threatened by AI but rather they stand to benefit greatly from it. Thus, Matt foresees that WordPress has a strong future as AI technology progresses.
Matt explained:
“The other thing that’s really exciting is that right now, you see people building apps and stuff and it’s custom generated code. But I think the next generation of these models… as everyone knows, just writing the code is one part of it. It’s maintaining it that really becomes the life cycle of it.
And I think that if, and they’re starting to do that, is when the open source model, you say, build me a website, it actually installs WordPress and builds on top of that and customizes on top of that. Then you get for free, that core engine that’s always being edited and updated and getting passkey support, whatever the new things are, sort of continuously, and the new custom stuff can be on top of that. Which I think is a lot more powerful than sort of building something proprietary or custom from the ground up.”
Technical Debt Needs To Be Addressed
At this point, Lenny observes how everything you acquire carries the burden of having to maintain it, saying that they all have that hidden cost. Mullenweg agreed, saying that WordPress has a similar thing called technical debt which is an issue that WordPress is addressing in order to improve it. Technical debt is a reference to the accumulated burden of outdated code, complexity and development decisions that make future changes more difficult.
Mullenweg said:
“Well, that’s why I think technical debt is one of the most interesting concepts. You know, there’s so many companies …that maybe have like big market caps. But I feel like they might have billions or tens of billions of dollars of technical debt. …how their products interface with themselves.
And I think about that a lot in our own company. We definitely have some products, …we have some variable quality around some of our things right now. …There are parts of WordPress and WordPress.com that we’re a little embarrassed and ashamed of… we kind of have to…. we have a really large surface area that we cover with relatively few people. So there are some parts that we haven’t looked at in a little while that we need to get around to.
And it’s our big focus for us this year, is actually going back to basics, back to core. And improving all of those nooks and crannies… and also ruthlessly editing and and cutting as much as possible. Because we’ve just launched a lot of stuff over the past 21 years that isn’t as relevant today or doesn’t need to be there.”
Governance and Leadership
Mullenweg also debunked the idea of WordPress as an entity that’s led by a single person and shared his vision for how WordPress will be governed in the future. He said that WordPress is a true community where most of the decisions are made by committees formed by core contributors. He also affirmed that he believes that for WordPress to succeed it must have a strong leader who serves as the final decision-maker and that this doesn’t make it weaker, it makes it stronger.
On the points of project leadership and succession he shared:
“If you look at the daily commits and activity and everything, it is run by the community. So it’s hundreds of volunteers everyday that are actually doing the day-to-day work and making the data decisions, everything happens.
…There has been a radical delegation. However, there’s ultimately a hierarchy, and I’m kind of… I’m like a final, final decision-maker.
And you know, I definitely think about succession planning, everything like that, but if for when I’m gone, I don’t want to pass it to a committee, I want to pass it to someone else who could have a role somewhere to mine and really sort of try to be a steward.”
Takeaways
WordPress Security
Matt Mullenweg discussed three plans for improving WordPress in the near future, acknowledging that plugins and themes remain the biggest security risks for WordPress but that advancements in AI technology will enable greater mitigation of those issues.
WordPress Set To Remain The Market Leader
He also said that WordPress is ideally suited for becoming the engine that powers website development in the future, an advantage over closed source systems in that companies will be able to develop layers of AI-powered functionality and conveniences on top of the free WordPress open source CMS.
Addressing Technical Debt
Mullenweg acknowledged that WordPress has many years of technical debt to address and that WordPress is prioritizing the reduction of outdated code and complexity this year.
His statements confirm that WordPress’s long-term stability and viability are assured by technological advancements, adaptability and greater focus on code efficiency.
WordPress Leadership
Lastly, he addressed WordPress governance, insisting that it is led by the community because the overwhelming majority of decisions are made by individual contributors, and that his role is more along the lines of a final decision-maker. He argued that the best software is created through a combination of committees and strong leadership that oversees the long-term direction of the project. Interestingly, he also said that the community serves as a system of checks and balances because contributors are always free to leave and fork their own version of the project.
Watch the interview here:
Matt Mullenweg on the future of open source and why he’s taking a stand
Featured image is a screenshot from the interview.
With the rise in ecommerce, we live in a borderless world. Someone sitting on one side of the world could be shopping with a business on the other.
This is cool until businesses encounter language barriers that stunt their growth in global markets.
Very few people in China can speak English. So, if your business only sells online in English, it may struggle with reaching its customers in China.
A WordPress multilingual website can help you break these barriers, tap into new markets, and reach new audiences for maximized sales.
What Is A Multilingual Website?
A multilingual website is a collection of webpages presenting information in multiple languages.
The content on such websites is translated into different languages so the website and the entity behind it can communicate with a wider audience.
Steps To Creating A Multilingual Website On WordPress
WordPress holds the largest market share among content management systems (CMS), powering 43.7% of all websites. That’s huge. And it makes sense.
WordPress is simple, accessible, and has thousands of plugins that can add unimaginable functionality to your website.
From allowing secure payment gateways to building multilingual versions of your website, there is a WordPress plugin for almost everything.
Building a multilingual website on WordPress is not just possible, it is relatively simple as well.
There are three different methods for creating a multilingual site using WordPress. I’ll share a step-by-step approach for all these methods in this guide.
1. Choose Your Languages
You don’t want to build a multilingual website just for the sake of having it.
You want it to be meaningful and add real, tangible value to your business. The first step towards doing that is choosing the right language.
When choosing the languages to translate your website, you should consider factors like your business type, targeted location, budget, resources, etc.
For example, if you want to expand your business, then you should find your biggest markets and target languages that are widely used by those regions (markets).
English is the internet’s most popular language, accounting for 49.2% of all web content. But, simply targeting the most popular languages is not necessarily the right approach.
Canada is a good example. Suppose you’re an ecommerce business and want to launch or expand in Canada. Then, should you translate your website into French, Mandarin, and Punjabi?
French is the second language of Canada and the main language in some areas. After this, Punjabi is spoken by more than half a million people, ranking alongside Mandarin as one of the most widely spoken languages in the country.
But, are Punjabi or Mandarin speakers your target market in Canada?
It is good to start with a few high-priority languages in the beginning and for businesses working with a limited budget and resources.
2. Decide On A Domain Strategy
The next step is to decide how you want to store the translated versions of your website.
Do you want them to live on their own separate domains or stay under the main domain?
If you want the translated version of your website to have its own domain, you would want to go with a country code top-level domain (ccTLD) like:
abc.us (for USA).
abc.ca (for Canada).
abc.fr (for French).
Going with a ccTLD means creating a separate website for each language.
It means multiple websites to manage, requires proper domain mapping and SEO from scratch for each site, and requires more budget and resources to successfully manage it.
So, I don’t recommend going the ccTLD route unless using geo servers is a priority or you have enough resources, team, and budget.
You can check this guide to choose the domain strategy for your multilingual website.
The next option is using subdomains.
The subdomain is the secondary domain of your main domain. It helps to organize a website and enhance user navigation.
Here is how a subdomain URL looks like:
us.abc.com.
ca.abc.com.
fr.abc.com.
Subdomains may seem better than using separate ccTLD domains for each language, but Google views a subdomain as a separate website.
So, the authority you build with backlinks on the main website may not extend to the subdomains, and therefore, they may struggle to rank.
In my opinion, the best option is to use subdirectories when building a multilingual website.
Subdirectories are the subparts of your website, stored under the same domain as folders.
Subdirectories are more helpful for SEO because Google views them as part of the primary website. So, the existing authority of the website helps subdirectories rank higher in a short time period. For example:
abc.com/us/
abc.com/ca/
abc.com/fr/
Subdirectories are the simplest way to create a multilingual website. That’s why leading brands, like Notion and Apple, are using it.
It is an open-source platform that gives you full control and freedom to customize your website as much as you want.
WordPress has a strong community of users who can help build and manage a WordPress website. Also, thousands of plugins allow you to add any required functionality to your website.
If you don’t have a WordPress website, you can create one by installing WordPress on your web hosting (you can ask the hosting support team to do it for you).
Once you have a primary WordPress site, you can easily convert it into a multilingual website using one of these two options:
1. WordPress Multisite
WordPress Multisite is a WordPress feature that allows you to create multiple sites within one installation.
With a multisite setup, you can create multilingual websites using any domain strategy: ccTLDs, subdomains, or subfolders.
You need to set up domain mapping for it. You can follow this guide to properly set up domain mapping for your multisite.
When using a multisite setup for a multilingual website, you have a separate site for each language. It makes things easier to manage and optimize.
You check this guide to learn more about multisite and how to create one.
2. WordPress Plugins
Another simple option is to use a multilingual plugin. WordPress has many plugins to help you add multilingual versions to your primary site.
Polylang, WPML, and TranslatePress are popular plugins developers use to convert a WordPress website into a multilingual one.
These plugins provide all the tools you need to translate your website’s content and allow users to seamlessly switch between different versions of your website.
To use a plugin, you need to:
Install a plugin on your website.
Configure it according to your requirements.
Select the languages to translate your website.
It will automatically add multilingual functionality for those languages.
4. Translate
Once your website is ready, it’s time to upload content.
Remember, while translating your existing web content using machine translators like ChatGPT or Google Translate may sound like a great idea, but they will not be able to account for the linguistic nuances and cultural context.
As a result, you may end up with a substandard translation that does little to improve your website’s user experience.
So, it’s always better to hire professional translators who can keep the nuances of the language and cultural context in mind when translating your content.
5. Improve SEO
Your new, user-friendly multilingual website is of little value to your business if it cannot get to the people it is intended for.
You must invest in multilingual SEO to ensure your website can rank for a relevant audience, attract traffic, and take your business to new markets.
Multilingual SEO requires independent, language-specific keyword research. Find relevant keywords in the target language and see how your competitors use them.
For example, if you want to sell high-neck sweaters for men in Canada, you would want to translate your content into French and target relevant keywords.
A quick search for [pull à col montant homme] (high-neck sweater men) results in a list of ecommerce websites selling high-neck sweaters for men.
Screenshot for search for [pull à col montant homme], Google, February 2025
Now you know this could be a potential keyword you want to target in your translated website.
Besides using the right keywords, you will also have to use hreflang tags. These tags appear in the source code of your website and tell Google which language your website is in. This helps your site appear for searches in the relevant countries for the language.
Ensure the translated website is easy to navigate and offers a good user experience to maximize your SEO results.
Benefits Of Having A Multilingual Website
Building a multilingual website can be resource-intensive. You may have to hire developers and translators to help with the process. You might also have to work with locals for quality content production.
But these efforts can pay off really well if you play all your cards right.
Here are some of the benefits a multilingual website can offer:
Reach More Customers
Customers spend most or all of their time on websites in their own language.
Translating your website into different languages makes it more accessible to a broader audience, expanding your reach, driving brand awareness, and bringing more customers into the sales funnel.
Improve User Experience
All digital-savvy business owners understand the importance of personalization. But we often overlook language when building a personalization strategy.
Nothing personalizes a user’s experience more than language. When you offer your customers content in their own language, you enhance their experience.
If someone has a good experience on your website, not only are they more likely to shop, but they are also more likely to return for repeat purchases.
Better Conversion Rates
People are more likely to convert if you offer content in their language, with 76% of shoppers preferring to make purchases from a store in their native language. This is because when you speak their language, they feel more connected and understood.
Consumers who experience an emotional connection with a brand are likely to spend twice as much when shopping with them.
Competitive Advantage
Nowadays, businesses pull all sorts of levers in an effort to get ahead of their competitors. Nothing gives you a competitive edge more than having an engaged, international customer base.
With a multilingual website, your business reaches, interacts with, and sells to international consumers helping you get ahead of the local competitors.
Building A Multilingual Website: Next Step In Your Business Growth Plan
Selling to more people across the globe is becoming increasingly simple and more doable with growing ecommerce and modern technology.
But as accessible as it may become, you can never really tap into a global market unless your website speaks the local language.
This is why a multilingual website can be your gateway to becoming a multinational business.
Fortunately, WordPress makes building a multilingual website simple.
But before you get started building your multilingual website, make sure to choose the right language relevant to the most opportunity-rich market.
Always work with human translators to ensure your content is contextually relevant and culturally and linguistically accurate.
Remember, your business will only benefit from a multilingual website if it offers a good experience, accuracy, ease of navigation, and accessibility, which are all part of your user experience.
Matt Mullenweg, co-creator of WordPress, recently held a question-and-answer session at WordCamp Asia 2025, where he faced several tough questions. Topics included whether he was open to discussing change, the steep learning curve of WordPress, and whether he would reconsider reducing Automattic’s contributions to WordPress core.
As tough as those questions were, Matt answered each of them gracefully and focused on staying positive, even when he was saying no.
Mullenweg Says Being Adaptable To Change Is Important
In one of these exchanges someone asked what WordPress would be like in five years and he couldn’t answer it. He explained it that not having a plan beyond Gutenberg was essentially a feature and not a bug, explaining that a shorter term perspective is good for staying agile in a rapidly changing technological environment.
He said:
“Outside of Gutenberg, we haven’t had a roadmap that goes six months or a year, or a couple versions, because the world changes in ways you can’t predict.
But being responsive is, I think, really is how organisms survive.
You know, Darwin, said it’s not the fittest of the species that survives. It’s the one that’s most adaptable to change. I think that’s true for software as well.”
Change Is Not Coming To WordPress
In a seeming about face about the importance of WordPress being adaptable to change, Matt Mullenweg drew the line at being adaptable to change when it comes to governance.
“I’m Taco, co-owner of Progress Planner. I was wondering, you were talking about adaptability before and survival of the fittest. That means being open to change. What we’ve seen in the last couple of months is that people who were talking about change got banned from the project. How open are you to discussing change in the project?
Matt answered:
“Sure. I don’t want to go too far into this but I will say that talking about change will not get you banned. There’s other behaviors… but just talking about change is something that we do pretty much every day. And we’ve changed a lot over the years. We’ve changed a lot in the past year. So yeah. But I don’t want to speak to anyone personally, you know. So keep it positive.”
Calls For Change In Governance
There have been many high profile calls for a change in how WordPress is governed, most notably by Joost de Valk, the creator of Yoast SEO software and currently a co-owner of the Progress Planner WordPress plugin.
“A lot has happened over the last few months, that I think all comes down to the above. I’ve often considered how the WordPress world “worked” unhealthy. I’ve spoken to many slightly outside of our industry over the past months about what was happening and several people, independent of each other, described WordPress as “a cult” to me. And I understand why.
I think it’s time to let go of the cult and change project leadership. I’ve said it before: we need a “board”. We can’t wait with doing that for the years it will take for Automattic and WP Engine to fight out this lawsuit. As was already reported, Matt said recently in Post Status that “it’s hard to imagine wanting to continue working on WordPress after this”. A few days later, he gave a completely conflicting message in the State of the Word. Yet he never came back on that first statement or clarified that he’d changed his mind. He also didn’t come back to talk to the community he turned his back on.”
Joost de Valk was supposed to speak at WordPress Asia 2025 but the co-owner of Progress Planner was there and asked the hard question.
Mullenweg Challenged To Adapt To Change
His statement about being adaptable to change set up another awkward moment at the 6:55:47 minute mark where Taco Verdonschot, co-owner of Progress Planner, stood up to the microphone and asked Mullenweg if he really was committed to being adaptable.
Taco Verdonschot is formerly of Yoast SEO and currently sponsored to work on WordPress by Emilia Capital (owned by Joost de Valk and Marieke van de Rakt).
Taco asked:
“I’m Taco, co-owner of Progress Planner. I was wondering, you were talking about adaptability before and survival of the fittest. That means being open to change. What we’ve seen in the last couple of months is that people who were talking about change got banned from the project. How open are you to discussing change in the project?”
Mullenweg responded:
“Sure. I don’t want to go too far into this but I will say that talking about change will not get you banned. There’s other behaviors… but just talking about change is something that we do pretty much every day. And we’ve changed a lot over the years. We’ve changed a lot in the past year. So yeah. But I don’t want to speak to anyone personally, you know. So keep it positive.”
A newly released page builder plugin called Builderius elicited enthusiastic feedback in a private WordPress Facebook group. A conversation with one of its principals, Elvis Krstulović, underscored how WordPress’s open source flexibility allows developers to rethink site building itself, creating tools that prioritize flexibility, maintainability, and professional development practices.
Is Builderius A Page Builder?
I saw a discussion in a private WordPress Facebook group called Dynamic WordPress and reached out to one of the developers to learn more. The interview is as much about how WordPress inspires people to create new and interesting products as it is about Builderius.
What is Builderius, is it a page builder?
“Yes, Builderius is a page builder but it’s also a developer tool. We prefer to call it a visual development environment. This name better captures what Builderius actually does – it brings powerful web development practices into a visual, easy-to-use interface. Instead of just decorating content with visual elements, Builderius helps you build websites the way professional developers do, but without the steep learning curve.
Builderius brings professional development workflows right into WordPress. Things like version control and staging environments – which normally require technical knowledge – are simplified into intuitive buttons and workflows in your admin panel. You get all the benefits of professional development practices without needing to learn complex systems like Git or server management.”
How Designing A Site With Builderius Works
I next asked how designing a site with Builderius works, what it’s like in a general sense.
Krstulović answered:
“All the work a Builderius user is doing is completely invisible outside on the live site until that work has been saved AND published as a public release. This means, for instance, that you can safely work on a busy live website, and nobody will know. Even if you make a mistake in Builderius, you will be the only one to know. When the work you have done is finished and signed off, you click a button and that site feature, redesign whatnot, is live for everyone to see and use.
Releases are small packages that contain JSON and some assets used in the Builderius environment and nothing else, so the processing of moving a release from dev to prod branch is mostly super quick. This means no site downtime even for major rework. It also means safe and easy rollback. Just go back to previous release, and you are back to where you were.”
Minimal And Flexible Approach To Styling A Website
Krstulović next described their design philosophy with their page builder:
“Builderius is built on good development principles that make websites more maintainable and easier to update. For example, we keep content separate from styling – a professional approach that makes websites easier to manage as they grow. If you have an element used across the website, you can easily change how it looks without having to rebuild it at each instance, since the data, the markup and styling are independent.
For example, we do not ship elements (like Elementor widgets) called for instance “post title”. We give the user an agnostic “html container” which can be any HTML element, a single one or a more complex combination of elements, which you can then link to any dynamic data via our dynamic data tags. You can pick these from a pop-up living near any content input, or HTML attribute input.
So to make a post title, you would add a heading, and then link it to post title data tag. It’s a step more, but it makes everything way more minimal and flexible at the same time. You can then swap the markup with anything, change the data it shows… and so much more.
When it comes to styling, Builderius gives you complete freedom. Unlike other page builders that limit what CSS selectors you can use, we let you write any selector right in the interface. For example, when styling the “post content” from within the Builderius template, you can target post content child elements using logical/compound CSS selectors – and not via custom code.
We ship with an our open-source CSS framework, choosing this approach over theme settings or presets because frameworks are more modular and flexible. You can remove parts you don’t need or bring your own framework if you prefer.”
Who Is This Page Builder For?
A lot of the people in the Dynamic WordPress Facebook group who are excited about this page builder are advanced web developers who build sites for clients. So I asked him if that’s who their end users are or if it’s appropriate for businesses looking for drag and drop solution?
Krstulović answered:
“We believe it provides different benefits for different user groups. For a front-end developer who is struggling with a sometimes messy WordPress development experience, it provides a clean and organized workflow, what developers expect from modern web dev. And it makes it faster. Frontend tasks are handled with visual tools and data is pulled into place with convenient data tags.
For aspiring web builders that want to learn and advance in their craft, it is an easier way into this demanding field. It is easier because visual tools are generally easier for most people, and because Builderius does so much for the user in terms of organizing the development process, from the version tracking and all that, to compiling code, and handling templating.
For developers that care about accessibility, Builderius offers ultimate control over every aspect of HTML.
Builderius is not for everyone. It is most certainly not for a business looking for a simple drag and drop solution, and it’s not for someone whose primary goal is to make things easy to do without understanding them.
But for developers who care about details, who get frustrated by limitations of tools that make them bend the design around the tool rather than the other way around, Builderius might just be for them.
If a user takes time to learn the tool, they’ll be able to build super fast, and exactly the way they’re asked to. And maybe even more importantly, if you learn Builderius you can take that knowledge elsewhere. No proprietary names, weird workarounds, just visual web development.”
Why Use Builderius Instead Of Gutenberg Blocks?
I next asked why someone would choose to use Builderius over the WordPress native Gutenberg blocks. Does it expand creative freedom or simplify the site building experience?
Krstulović answered:
“The answer is yes. Builderius provides more freedom to you as a developer or a site builder, and less freedom for the person who might use that freedom to break things, through website management roles. Developers provide development, and content people provide content.
For the creatives out there: When Builderius takes control of a page, it removes all that WordPress has put there that has to do with its scope of work. It removes various assets, the HTML, all. For instance, block CSS is gone. In return, you get a clean slate where you have nothing to override. You can use the least specific CSS possible and it will work. This means you can use some completely non-WP CSS library without fear it will interfere with WordPress stuff. It is super free, and super tidy.
This approach actually makes site building simpler in the long run. While blocks are great for quick layouts, they can become complicated when you need something specific. You might end up hunting through JSON settings, searching for hidden options, or even writing custom React code.
With Builderius, there’s a clearer path. Everything is where you’d expect it to be, following the same patterns that professional web development uses.
It also starts a bit more steep, but as you progress, site building becomes simple and quicker to do.
For example, you can easily build your own blueprint, save it as release, and pull that in at every site build start. This can have whatever you want inside, an extended CSS framework, custom components, custom template wireframes… and more.
And each and every aspect remains editable to be completely changed if you so desire. Flexibility, precision and control of the process.”
What Expectations Should Users Have?
Builderius is a 1.0 version software. So I asked Krstulović what a reasonable expectation would be for Builderius. Krstulović answered that the page builder is a beta version but a very functional one.
He answered:
“This is in fact a version 1.0 beta of the Free version of Builderius. So we are at the very start.
But this does not mean it’s not to be used or that it can do very little. We believe that the Free version serves an important role in the future adoption of Builderius. Its role is to expand the ecosystem, and make the builder more widely used, tested, integrated with other tools etc.
We’ve carefully designed the Free version to be genuinely useful for real projects, not just a demo. We wanted to find the right balance where it has enough features to build professional websites while still reserving some advanced capabilities for the paid version.
Builderius Free is built to be a very elegant builder for building fairly simple websites in terms of scale and dynamic data complexity, but also for those websites that are rigorous with regard to styling control, accessibility, performance and so on.
In short, if you can build the site with ACF or Metabox simple fields (so no repeaters and similar), with default posts and pages, and loop those posts on the templates that employ the main WordPress query (Archives, Search results, Blog index), you can build it with the free version.
So do not expect to loop over remote data just yet. Do not expect to modify the template rendering based on user interaction, or URL parameters… not in the free version. But if it’s a simple site, and you want to make it professionally, Free might be a good fit.
We also have some bugs to squash during this beta period, of course.”
Takeaways
What I learned from this interview is that Builderius is a developer-focused page builder that’s more accurately described as a visual development environment rather than a drag-and-drop tool. It also integrates professional development workflows like version control and staging directly into WordPress. So for that reason, Builderius is not designed for businesses looking for a simple drag-and-drop solution. It’s more for front-end developers who appreciate a structured, efficient workflow within WordPress.
A new analysis predicts that the number of reported vulnerabilities will reach record highs in 2025, continuing the trend of rising cybersecurity risks and increased vulnerability disclosures.
Analysis By FIRST
The analysis was published by the Forum of Incident Response and Security Teams (FIRST), a global organization that helps coordinate cybersecurity responses. It forecasts almost 50,000 vulnerabilities in 2025, an increase of 11% over 2024 and a 470% increase from 2023. The report suggest that organizations need to shift from reactive security measures to a more strategic approach that prioritizes vulnerabilities based on risk, planning patching efforts efficiently, and preparing for surges in disclosures rather than struggling to keep up after the fact.
Why Are Vulnerabilities Increasing?
There are three trends driving the increase in vulnerabilities.
1. AI-driven discovery and open-source expansion are accelerating CVE disclosures.
AI is vulnerability discovery, including machine learning and automated tools are making it easier to detect vulnerabilities in software which in turn leads to more CVE (Common Vulnerabilities and Exposures) reports. AI allows security researchers to scan larger amounts of code to quickly identify flaws that would have gone unnoticed using traditional methods.
The press release highlights the role of AI:
“More software, more vulnerabilities: The rapid adoption of open-source software and AI-driven vulnerability discovery has made it easier to identify and report flaws.”
2. Cyber Warfare And State-Sponsored Attacks
State-sponsored attacks are increasing which in turn leads to more of these kinds of vulnerabilities being discovered.
The press release explains:
“State-sponsored cyber activity: Governments and nation-state actors are increasingly engaging in cyber operations, leading to more security weaknesses being exposed.”
3. Shifts In CVE Ecosystem
Patchstack, a WordPress security company, identifies and patches vulnerabilities. Their work is adding to the number of vulnerabilities discovered every year. Patchstack offers vulnerability detection and virtual patches. Patchstack’s participation in this ecosystem is helping expose more vulnerabilities, particularly those affecting WordPress.
The press release provided to Search Engine Journal states:
“New contributors to the CVE ecosystem, including Linux and Patchstack, are influencing disclosure patterns and increasing the number of reported vulnerabilities. Patchstack, which focuses on WordPress security, is playing a role in surfacing vulnerabilities that might have previously gone unnoticed. As the CVE ecosystem expands, organizations must adapt their risk assessment strategies to account for this evolving landscape.”
Eireann Leverett, FIRST liaison and lead member of FIRST’s Vulnerability Forecasting Team, highlighted the accelerating growth of reported vulnerabilities and the need for proactive risk management, stating:
“For a small to medium-sized ecommerce site, patching vulnerabilities typically means hiring external partners under an SLA to manage patches and minimize downtime. These companies usually don’t analyze each CVE individually, but they should anticipate increased demands on their third-party IT suppliers for both planned and unplanned maintenance. While they might not conduct detailed risk assessments internally, they can inquire about the risk management processes their IT teams or external partners have in place. In cases where third parties, such as SOCs or MSSPs, are involved, reviewing SLAs in contracts becomes especially important.
For enterprise companies, the situation is similar, though many have in-house teams that perform more rigorous, quantitative risk assessments across a broad (and sometimes incomplete) asset register. These teams need to be equipped to carry out emergency assessments and triage individual vulnerabilities, often differentiating between mission-critical and non-critical systems. Tools like the SSVC (https://www.cisa.gov/ssvc-calculator) and EPSS (https://www.first.org/epss/) can be used to inform patch prioritization by factoring in bandwidth, file storage, and the human element in maintenance and downtime risks.
Our forecasts are designed to help organizations strategically plan resources a year or more in advance, while SSVC and EPSS provide a tactical view of what’s critical today. In this sense, vulnerability forecasting is like an almanac that helps you plan your garden months ahead, whereas a weather report (via EPSS and SSVC) guides your daily outfit choices. Ultimately, it comes down to how far ahead you want to plan your vulnerability management strategy.
We’ve found that Boards of Directors, in particular, appreciate understanding that the tide of vulnerabilities is rising. A clearly defined risk tolerance is essential to prevent costs from becoming unmanageable, and these forecasts help illustrate the workload and cost implications of setting various risk thresholds for the business.”
Looking Ahead to 2026 and Beyond
The FIRST forecast predicts that over 51,000 vulnerabilities will be disclosed in 2026, signaling that cybersecurity risks will continue to increase. This underscores the growing need for proactive risk management rather than relying on reactive security measures.
For users of software like WordPress, there are multiple ways to mitigate cybersecurity threats. Patchstack, Wordfence, and Sucuri each offer different approaches to strengthening security through proactive defense strategies.
The main takeaways are:
Vulnerabilities are increasing – FIRST predicts up to 50,000 CVEs in 2025, an 11% rise from 2024 and 470% increase from 2023.
AI and open-source adoption are driving more vulnerability disclosures.
State-sponsored cyber activity is exposing more security weaknesses.
Shifting from reactive to proactive security is essential for managing risks.
AA WordPress developer pleaded with Matt Mullenweg at WordCamp Asia 2025, asking him to restore Automattic’s contributions to the WordPress core. Mullenweg apologized and said it’s not up to him; it’s up to WP Engine to drop their lawsuit, and he encouraged the community to put pressure on WP Engine.
Automattic’s Scaled-Back WordPress Contributions
Automattic announced in January 2025 that they were scaling back contributions to the WordPress core to those related to security and critical updates. Contributions that would otherwise had gone to core would be diverted to for-profit initiatives related to Automattic and WordPress.com.
Automattic attributed its January 2025 decision to WP Engine’s lawsuits:
“We’ve made the decision to reallocate resources due to the lawsuits from WP Engine. This legal action diverts significant time and energy that could otherwise be directed toward supporting WordPress’s growth and health. We remain hopeful that WP Engine will reconsider this legal attack, allowing us to refocus our efforts on contributions that benefit the broader WordPress ecosystem.”
WP Engine’s lawsuits, however, were a response to Matt Mullenweg’s WordCamp USA 2024 statements and also activities against WP Engine (like the WP Engine Tracker website) . A federal judge has since sided with WP Engine and granted its request for a preliminary injunction against Automattic and Mullenweg.
WordCamp Attendee Urges Mullenweg To Reinstate Core Contributions
A WordCamp Asia 2024 attendee stepped up during the Q&A portion of the conference and shared his concerns, as a business owner and a plugin developer, for the stagnation of WordPress core development.
He said:
“Hi Matt. So this is not about a question, but I am a bit concerned about like if I see that the last five years or even ten years Automattic is the biggest core contributor in the code base and everything. So it’s not actually biggest, maybe 60%, 70% of the commit… as a company, Automattic do that.
So you recently published in a blog post that you are pulling out all the contribution and everything. So as a developer, as a business owner, …my whole business depends on WordPress. We build WordPress plugins, I think if there is no Automattic in the core contribution, the whole development will be super slow.
I want to request you to reconsider that, and at least in the core development maybe you can make some changes, give more resources in the core. Because it’s complicated, …someone needs to work and I think Automattic has lots of resources, experienced people in there, so I want to request you to reconsider your position and give more developers to the core.”
Matt Mullenweg States Condition For Restoring Core Contributions
Mullenweg responded that Automattic’s spending millions of dollars to defend itself against WP Engine. He insisted that the decision to restore Automattic’s core contributions hinges on WP Engine dropping their lawsuits and encouraged the person to ask WP Engine.
Mullenweg answered:
“Yeah, thank you. Well, it’s definitely not a situation I want to be in. As we said, we’re pausing things. But very, very excited to return to having all those hundred-ish folks back doing some of the work we were doing before.
But right now we’re facing not just a maker and taker program problem… but maker-attacker. So well Automattic’s having to spend millions of dollars, per month sometimes, to defend against these attacks from WP Engine and with the court injunction, it’s just hard to be both be motivated and to just spare the resources to contribute so much.
Now, they could end it tomorrow. And I would love to welcome WP Engine back into the fold, back at WordCamp and everything. But we can’t end it, we can only defend it, you know, to all the legal attacks and they are increasing actually. And they’re coming after me personally too. As soon as they stop that, we’ll get back to it.
So please, I can’t stop it. Ask them.”
Mullenweg Asks Audience To Pressure WP Engine To Drop Lawsuit
The person asking the question said he understood Mullenweg’s position but insisted that, as an end user, he wants the software to continue to thrive. For that reason, he pleaded for Automattic to find a way to restore core contributions.
Mullenweg answered the developers second plea and asked the audience to pressure WP Engine to drop the lawsuit:
“I can’t until the lawsuit is over. So if there’s anything y’all can do to put pressure for the lawsuit to end, that would be the fastest thing to get our contributions back.”
He ended his response with a smile, saying:
“So… sorry about that.”
Concern Over Cuts To Core Contribution
The WordPress developer expressed deep concern and anxiety about the pace of WordPress core development. He emphasized that Automattic has historically provided a significant portion of core contributions and feared that without its support, WordPress development would slow significantly, impacting his business and those of others who rely on the platform.
Matt Mullenweg’s response did not directly address the WordPress developer’s plea to reconsider Automattic’s core contribution cuts. His answer framed the decision to restore core contributions as out of his control because it is dependent on WP Engine dropping its lawsuit. He stated that the lawsuit costs Automattic millions of dollars.
Mullenweg’s main points in his response to restoring Automattic’s core contributions were:
Automattic’s reduced contributions result from the financial and legal burden of defending against WP Engine’s lawsuit.
WP Engine’s legal actions make it difficult for Automattic to contribute at previous levels.
He urged the audience to pressure WP Engine to drop the lawsuit.
Watch The Question and Answer segment at the 6:21:32 minute mark:
An awkward Q&A at WordCamp Asia 2025 saw Matt Mullenweg struggle to answer where WordPress will be in five years. Apparently caught off guard, he turned to the Lead Architect of Gutenberg for ideas, but he couldn’t answer either.
Project Gutenberg
Gutenberg is a reimagining of how WordPress users can build websites without knowing any code, with a visual interface of blocks for different parts of a web page, which is supposed to make it easy. Conceived as a four phase project, it’s been in development since 2017 and is currently in phase three.
The four phases are:
Phase 1: Easier Editing
Phase 2: Customization
Phase 3: Collaborative Editing
Phase 4: Multilingual Support
There’s a perception that Project Gutenberg has not been enthusiastically received by the WordPress developer community or by regular users, even though there are currently 85.9 million installations of the Gutenberg WordPress editor.
However, one developer at WordCamp Asia told Matt Mullenweg at the end of conference Q&A session that she was experiencing hesitations from people she speaks with about using WordPress and expressed frustration about how difficult it was to use it.
She said:
“Some of those hesitations were it’s easy to get overwhelmed. You know, when you look up how to learn WordPress, and I had to be really motivated… for myself to actually study it and kind of learn the basics of blocks… So do you have any advice on how I could convince my friends to start a WordPress site or how to address these challenges myself? You know like, getting overwhelmed and feeling like there’s just so much. I’m not a coder and things like that… any advice you can offer small business owners?”
The whole purpose of the Gutenberg block editor was to make it easier for non-coders to use WordPress. So a WordPress user asking for ideas on how to convince people to use WordPress presented an unflattering view of the success of the WordPress Gutenberg Project.
Where Will WordPress Be In Five Years?
Another awkward moment was when someone else asked Matt Mullenweg where he saw WordPress being in five years. The question seemingly caught him off guard as he was unable to articulate what the plan is for the world’s most popular content management system.
Mullenweg had been talking about the importance of AI and of some integrations being tested in the commercial version at WordPress.com. So the person asking the question asked if he had any other ideas beyond AI.
The person asked:
“If you have other ideas beyond AI or even how we consume WordPress five years from now that might be different from today.”
Matt Mullenweg answered:
“Yeah, it’s hard to think about anything except AI right now. And as I said a few years ago, before ChatGPT came out, learn AI deeply. Everyone in the room should be playing with it. Try out different models. Check out Grok, check out DeepSeek, two of the coolest ones that just launched.
And for WordPress, at that point will be past all the phases of Gutenberg. I think… I don’t know…”
It was at this point that Mullenweg calls on Matías Ventura, Lead Architect of Gutenberg, to ask him if he has any ideas of where WordPress is headed in five years.
He continued:
“Matías, what do you think? What’s post-Gutenberg? We’ve been working for so long, it’s…”
Matías Ventura, Lead Architect of Gutenberg, came up to a microphone to help Mullenweg answer the question he was struggling with.
Matías answered:
“I mean, hopefully we’ll be done by then so…”
Mullenweg commented:
“Sometimes that last 10% takes, you know, 90% of the time.”
Matías quipped that it can take a hundred years then continued his answer, which essentially admitted that there were no plans without actually admitting that there were no plans for five years out.
He continued his answer:
“I don’t know, I think, well in the talk I gave I… also reflected a bit that part of the thing is just discovering as we go, like figuring out how like, right now it’s AI that’s shaping reality but who knows, in a few decades what it would be. And to me, the only conviction is that yeah, we’ll need to adapt, we’ll need to change. And that’s part of the fun of it, I think. So I’m looking forward to whatever comes.”
Mullenweg jumped in at this point with his thoughts:
“That’s a good point of the, you know, how many releases we have of WordPress right now, 60 or whatever… 70 probably…. Outside of Gutenberg, we haven’t had a roadmap that goes six months or a year, or a couple versions, because the world changes in ways you can’t predict.
But being responsive is, I think, really is how organisms survive.
You know, Darwin, said it’s not the fittest of the species that survives. It’s the one that’s most adaptable to change. I think that’s true for software as well.”
Mullenweg Challenged To Adapt To Change
His statement about being adaptable to change set up another awkward moment at the 6:55:47 minute mark where Taco Verdonschot, co-owner of Progress Planner, stood up to the microphone and asked Mullenweg if he really was committed to being adaptable.
Taco Verdonschot is formerly of Yoast SEO and currently sponsored to work on WordPress by Emilia Capital (owned by Joost de Valk and Marieke van de Rakt).
Taco asked:
“I’m Taco, co-owner of Progress Planner. I was wondering, you were talking about adaptability before and survival of the fittest. That means being open to change. What we’ve seen in the last couple of months is that people who were talking about change got banned from the project. How open are you to discussing change in the project?”
Mullenweg responded:
“Sure. I don’t want to go too far into this but I will say that talking about change will not get you banned. There’s other behaviors… but just talking about change is something that we do pretty much every day. And we’ve changed a lot over the years. We’ve changed a lot in the past year. So yeah. But I don’t want to speak to anyone personally, you know. So keep it positive.”
Biggest Challenges WordPress Will Face In Next Five Years
