WordPress Archives WordPress

Mar 5 2025

WordPress’s Next Phase: Mullenweg Shares What’s Ahead via @sejournal, @martinibuster

In a recent podcast interview, Matt Mullenweg shared his informal plans for ensuring the future of WordPress. He outlined several areas where WordPress is taking advantage of technological changes, including security, AI integration, and reducing technical debt. He also addressed the long-term future of WordPress leadership, emphasizing the importance of decisive vision.

Mullenweg outlined four ways WordPress is improving in the near future:

Plugins and themes will become more secure.
The suitability of AI integration with WordPress ensures its continued relevance.
WordPress is addressing technical debt.
Governance and succession planning will help maintain WordPress’s strength.

WordPress Will Become More Secure

One of WordPress’s strengths is the third-party themes and plugins that enable publishers to create exactly the kind of website they need. It’s also a shortcoming because the vast majority of vulnerabilities discovered in WordPress stem from coding flaws in plugins and themes, as well as user failure to keep third-party software updated.

Mullenweg mentions current security measures like bug bounties, which are payments made to individuals who discover and responsibly disclose vulnerabilities. The implication of his answer is that relying on humans to find vulnerabilities isn’t enough because the scale of the problem exceeds human capabilities.

He anticipates plugin and theme vulnerabilities becoming less problematic due to new AI code-scanning capabilities that can analyze millions of lines of code to identify patterns consistent with common flaws that lead to vulnerabilities.

Mullenweg shared his thoughts:

“… many of these plugins and themes don’t have the same sort of robust security and review process that core has. So that’s where when you hear about security issues with WordPress, it’s very rarely in core, anymore. We haven’t had a remote exploit in like… I think five years, six years something.

But in the plugins it can be somewhat more frequent. And so one thing I’m very, very excited about, the next year or two, is actually more automated scanning. Because obviously that code base is so many tens of millions, maybe over a hundred million lines of code at this point. It’s impossible for humans to review that.

So we kind of rely on developers to to review that and manage. And of course we have like bug bounties and everything so that when things are reported we fix it quickly.

But I can’t wait for more automated scanning there, and I think that could vastly upgrade the security of open source.”

AI-Powered Website Building

Another development Matt sees for WordPress is further integration of AI into WordPress so that it becomes an engine that an AI uses to develop websites for users. Matt acknowledges that this is already happening and he’s right. Some web hosts are already leveraging AI to assist users in building websites through a chatbot interface.

He explains that writing the code is a strength of AI but that maintaining the code base is a problem that WordPress solves. Software like WordPress currently rely on PHP and other technologies to power those websites and make them interactive but they are constantly improving which means that the software that runs on those technologies must also be maintained. Mullenweg explains that AI can build on top of those technologies as engines that power what they create, building on top of them without having to worry about maintaining the underlying technology that makes them work.

He said that this scenario of building on top of open source is more powerful than leveraging a closed source system. What’s implied in what he said, and went unspoken, is that open source projects like WordPress are not threatened by AI but rather they stand to benefit greatly from it. Thus, Matt foresees that WordPress has a strong future as AI technology progresses.

Matt explained:

“The other thing that’s really exciting is that right now, you see people building apps and stuff and it’s custom generated code. But I think the next generation of these models… as everyone knows, just writing the code is one part of it. It’s maintaining it that really becomes the life cycle of it.

And I think that if, and they’re starting to do that, is when the open source model, you say, build me a website, it actually installs WordPress and builds on top of that and customizes on top of that. Then you get for free, that core engine that’s always being edited and updated and getting passkey support, whatever the new things are, sort of continuously, and the new custom stuff can be on top of that. Which I think is a lot more powerful than sort of building something proprietary or custom from the ground up.”

Technical Debt Needs To Be Addressed

At this point, Lenny observes how everything you acquire carries the burden of having to maintain it, saying that they all have that hidden cost. Mullenweg agreed, saying that WordPress has a similar thing called technical debt which is an issue that WordPress is addressing in order to improve it. Technical debt is a reference to the accumulated burden of outdated code, complexity and development decisions that make future changes more difficult.

Mullenweg said:

“Well, that’s why I think technical debt is one of the most interesting concepts. You know, there’s so many companies …that maybe have like big market caps. But I feel like they might have billions or tens of billions of dollars of technical debt. …how their products interface with themselves.

And I think about that a lot in our own company. We definitely have some products, …we have some variable quality around some of our things right now. …There are parts of WordPress and WordPress.com that we’re a little embarrassed and ashamed of… we kind of have to…. we have a really large surface area that we cover with relatively few people. So there are some parts that we haven’t looked at in a little while that we need to get around to.

And it’s our big focus for us this year, is actually going back to basics, back to core. And improving all of those nooks and crannies… and also ruthlessly editing and and cutting as much as possible. Because we’ve just launched a lot of stuff over the past 21 years that isn’t as relevant today or doesn’t need to be there.”

Governance and Leadership

Mullenweg also debunked the idea of WordPress as an entity that’s led by a single person and shared his vision for how WordPress will be governed in the future. He said that WordPress is a true community where most of the decisions are made by committees formed by core contributors. He also affirmed that he believes that for WordPress to succeed it must have a strong leader who serves as the final decision-maker and that this doesn’t make it weaker, it makes it stronger.

On the points of project leadership and succession he shared:

“If you look at the daily commits and activity and everything, it is run by the community. So it’s hundreds of volunteers everyday that are actually doing the day-to-day work and making the data decisions, everything happens.

…There has been a radical delegation. However, there’s ultimately a hierarchy, and I’m kind of… I’m like a final, final decision-maker.

And you know, I definitely think about succession planning, everything like that, but if for when I’m gone, I don’t want to pass it to a committee, I want to pass it to someone else who could have a role somewhere to mine and really sort of try to be a steward.”

Takeaways

WordPress Security

Matt Mullenweg discussed three plans for improving WordPress in the near future, acknowledging that plugins and themes remain the biggest security risks for WordPress but that advancements in AI technology will enable greater mitigation of those issues.

WordPress Set To Remain The Market Leader

He also said that WordPress is ideally suited for becoming the engine that powers website development in the future, an advantage over closed source systems in that companies will be able to develop layers of AI-powered functionality and conveniences on top of the free WordPress open source CMS.

Addressing Technical Debt

Mullenweg acknowledged that WordPress has many years of technical debt to address and that WordPress is prioritizing the reduction of outdated code and complexity this year.

His statements confirm that WordPress’s long-term stability and viability are assured by technological advancements, adaptability and greater focus on code efficiency.

WordPress Leadership

Lastly, he addressed WordPress governance, insisting that it is led by the community because the overwhelming majority of decisions are made by individual contributors, and that his role is more along the lines of a final decision-maker. He argued that the best software is created through a combination of committees and strong leadership that oversees the long-term direction of the project. Interestingly, he also said that the community serves as a system of checks and balances because contributors are always free to leave and fork their own version of the project.

Watch the interview here:

Matt Mullenweg on the future of open source and why he’s taking a stand

Featured image is a screenshot from the interview.

Ecommerce MGMT 0 Comments

Mar 3 2025

How To Create A Multilingual Website On WordPress via @sejournal, @atuljindal01

With the rise in ecommerce, we live in a borderless world. Someone sitting on one side of the world could be shopping with a business on the other.

This is cool until businesses encounter language barriers that stunt their growth in global markets.

Very few people in China can speak English. So, if your business only sells online in English, it may struggle with reaching its customers in China.

A WordPress multilingual website can help you break these barriers, tap into new markets, and reach new audiences for maximized sales.

What Is A Multilingual Website?

A multilingual website is a collection of webpages presenting information in multiple languages.

The content on such websites is translated into different languages so the website and the entity behind it can communicate with a wider audience.

Steps To Creating A Multilingual Website On WordPress

WordPress holds the largest market share among content management systems (CMS), powering 43.7% of all websites. That’s huge. And it makes sense.

WordPress is simple, accessible, and has thousands of plugins that can add unimaginable functionality to your website.

From allowing secure payment gateways to building multilingual versions of your website, there is a WordPress plugin for almost everything.

Building a multilingual website on WordPress is not just possible, it is relatively simple as well.

There are three different methods for creating a multilingual site using WordPress. I’ll share a step-by-step approach for all these methods in this guide.

1. Choose Your Languages

You don’t want to build a multilingual website just for the sake of having it.

You want it to be meaningful and add real, tangible value to your business. The first step towards doing that is choosing the right language.

When choosing the languages to translate your website, you should consider factors like your business type, targeted location, budget, resources, etc.

For example, if you want to expand your business, then you should find your biggest markets and target languages that are widely used by those regions (markets).

English is the internet’s most popular language, accounting for 49.2% of all web content. But, simply targeting the most popular languages is not necessarily the right approach.

Canada is a good example. Suppose you’re an ecommerce business and want to launch or expand in Canada. Then, should you translate your website into French, Mandarin, and Punjabi?

French is the second language of Canada and the main language in some areas. After this, Punjabi is spoken by more than half a million people, ranking alongside Mandarin as one of the most widely spoken languages in the country.

But, are Punjabi or Mandarin speakers your target market in Canada?

It is good to start with a few high-priority languages in the beginning and for businesses working with a limited budget and resources.

2. Decide On A Domain Strategy

The next step is to decide how you want to store the translated versions of your website.

Do you want them to live on their own separate domains or stay under the main domain?

If you want the translated version of your website to have its own domain, you would want to go with a country code top-level domain (ccTLD) like:

abc.us (for USA).
abc.ca (for Canada).
abc.fr (for French).

Going with a ccTLD means creating a separate website for each language.

It means multiple websites to manage, requires proper domain mapping and SEO from scratch for each site, and requires more budget and resources to successfully manage it.

So, I don’t recommend going the ccTLD route unless using geo servers is a priority or you have enough resources, team, and budget.

You can check this guide to choose the domain strategy for your multilingual website.

The next option is using subdomains.

The subdomain is the secondary domain of your main domain. It helps to organize a website and enhance user navigation.

Here is how a subdomain URL looks like:

us.abc.com.
ca.abc.com.
fr.abc.com.

Subdomains may seem better than using separate ccTLD domains for each language, but Google views a subdomain as a separate website.

So, the authority you build with backlinks on the main website may not extend to the subdomains, and therefore, they may struggle to rank.

In my opinion, the best option is to use subdirectories when building a multilingual website.

Subdirectories are the subparts of your website, stored under the same domain as folders.

Subdirectories are more helpful for SEO because Google views them as part of the primary website. So, the existing authority of the website helps subdirectories rank higher in a short time period. For example:

abc.com/us/
abc.com/ca/
abc.com/fr/

Subdirectories are the simplest way to create a multilingual website. That’s why leading brands, like Notion and Apple, are using it.

3. Choose The Right CMS

There are many CMS platforms to create a multilingual website, but WordPress is the most useful CMS.

It is an open-source platform that gives you full control and freedom to customize your website as much as you want.

WordPress has a strong community of users who can help build and manage a WordPress website. Also, thousands of plugins allow you to add any required functionality to your website.

If you don’t have a WordPress website, you can create one by installing WordPress on your web hosting (you can ask the hosting support team to do it for you).

Once you have a primary WordPress site, you can easily convert it into a multilingual website using one of these two options:

1. WordPress Multisite

WordPress Multisite is a WordPress feature that allows you to create multiple sites within one installation.

With a multisite setup, you can create multilingual websites using any domain strategy: ccTLDs, subdomains, or subfolders.

You need to set up domain mapping for it. You can follow this guide to properly set up domain mapping for your multisite.

When using a multisite setup for a multilingual website, you have a separate site for each language. It makes things easier to manage and optimize.

You check this guide to learn more about multisite and how to create one.

2. WordPress Plugins

Another simple option is to use a multilingual plugin. WordPress has many plugins to help you add multilingual versions to your primary site.

Polylang, WPML, and TranslatePress are popular plugins developers use to convert a WordPress website into a multilingual one.

These plugins provide all the tools you need to translate your website’s content and allow users to seamlessly switch between different versions of your website.

To use a plugin, you need to:

Install a plugin on your website.
Configure it according to your requirements.
Select the languages to translate your website.

It will automatically add multilingual functionality for those languages.

4. Translate

Once your website is ready, it’s time to upload content.

Remember, while translating your existing web content using machine translators like ChatGPT or Google Translate may sound like a great idea, but they will not be able to account for the linguistic nuances and cultural context.

As a result, you may end up with a substandard translation that does little to improve your website’s user experience.

So, it’s always better to hire professional translators who can keep the nuances of the language and cultural context in mind when translating your content.

5. Improve SEO

Your new, user-friendly multilingual website is of little value to your business if it cannot get to the people it is intended for.

You must invest in multilingual SEO to ensure your website can rank for a relevant audience, attract traffic, and take your business to new markets.

Multilingual SEO requires independent, language-specific keyword research. Find relevant keywords in the target language and see how your competitors use them.

For example, if you want to sell high-neck sweaters for men in Canada, you would want to translate your content into French and target relevant keywords.

A quick search for [pull à col montant homme] (high-neck sweater men) results in a list of ecommerce websites selling high-neck sweaters for men.

Screenshot for search for [pull à col montant homme], Google, February 2025

Now you know this could be a potential keyword you want to target in your translated website.

Besides using the right keywords, you will also have to use hreflang tags. These tags appear in the source code of your website and tell Google which language your website is in. This helps your site appear for searches in the relevant countries for the language.

Ensure the translated website is easy to navigate and offers a good user experience to maximize your SEO results.

Benefits Of Having A Multilingual Website

Building a multilingual website can be resource-intensive. You may have to hire developers and translators to help with the process. You might also have to work with locals for quality content production.

But these efforts can pay off really well if you play all your cards right.

Here are some of the benefits a multilingual website can offer:

Reach More Customers

Customers spend most or all of their time on websites in their own language.

Translating your website into different languages makes it more accessible to a broader audience, expanding your reach, driving brand awareness, and bringing more customers into the sales funnel.

Improve User Experience

All digital-savvy business owners understand the importance of personalization. But we often overlook language when building a personalization strategy.

Nothing personalizes a user’s experience more than language. When you offer your customers content in their own language, you enhance their experience.

If someone has a good experience on your website, not only are they more likely to shop, but they are also more likely to return for repeat purchases.

Better Conversion Rates

People are more likely to convert if you offer content in their language, with 76% of shoppers preferring to make purchases from a store in their native language. This is because when you speak their language, they feel more connected and understood.

Consumers who experience an emotional connection with a brand are likely to spend twice as much when shopping with them.

Competitive Advantage

Nowadays, businesses pull all sorts of levers in an effort to get ahead of their competitors. Nothing gives you a competitive edge more than having an engaged, international customer base.

With a multilingual website, your business reaches, interacts with, and sells to international consumers helping you get ahead of the local competitors.

Building A Multilingual Website: Next Step In Your Business Growth Plan

Selling to more people across the globe is becoming increasingly simple and more doable with growing ecommerce and modern technology.

But as accessible as it may become, you can never really tap into a global market unless your website speaks the local language.

This is why a multilingual website can be your gateway to becoming a multinational business.

Fortunately, WordPress makes building a multilingual website simple.

But before you get started building your multilingual website, make sure to choose the right language relevant to the most opportunity-rich market.

Always work with human translators to ensure your content is contextually relevant and culturally and linguistically accurate.

Remember, your business will only benefit from a multilingual website if it offers a good experience, accuracy, ease of navigation, and accessibility, which are all part of your user experience.

More Resources:

Featured Image: Pixel-Shot/Shutterstock

Ecommerce MGMT 0 Comments

Mar 1 2025

Mullenweg Asked If He’s Adaptable To Change via @sejournal, @martinibuster

Matt Mullenweg, co-creator of WordPress, recently held a question-and-answer session at WordCamp Asia 2025, where he faced several tough questions. Topics included whether he was open to discussing change, the steep learning curve of WordPress, and whether he would reconsider reducing Automattic’s contributions to WordPress core.

As tough as those questions were, Matt answered each of them gracefully and focused on staying positive, even when he was saying no.

Mullenweg Says Being Adaptable To Change Is Important

In one of these exchanges someone asked what WordPress would be like in five years and he couldn’t answer it. He explained it that not having a plan beyond Gutenberg was essentially a feature and not a bug, explaining that a shorter term perspective is good for staying agile in a rapidly changing technological environment.

He said:

“Outside of Gutenberg, we haven’t had a roadmap that goes six months or a year, or a couple versions, because the world changes in ways you can’t predict.

But being responsive is, I think, really is how organisms survive.

You know, Darwin, said it’s not the fittest of the species that survives. It’s the one that’s most adaptable to change. I think that’s true for software as well.”

Change Is Not Coming To WordPress

In a seeming about face about the importance of WordPress being adaptable to change, Matt Mullenweg drew the line at being adaptable to change when it comes to governance.

Taco Verdonschot (LinkedIn profile) stood up to ask the question.

“I’m Taco, co-owner of Progress Planner. I was wondering, you were talking about adaptability before and survival of the fittest. That means being open to change. What we’ve seen in the last couple of months is that people who were talking about change got banned from the project. How open are you to discussing change in the project?

Matt answered:

“Sure. I don’t want to go too far into this but I will say that talking about change will not get you banned. There’s other behaviors… but just talking about change is something that we do pretty much every day. And we’ve changed a lot over the years. We’ve changed a lot in the past year. So yeah. But I don’t want to speak to anyone personally, you know. So keep it positive.”

Calls For Change In Governance

There have been many high profile calls for a change in how WordPress is governed, most notably by Joost de Valk, the creator of Yoast SEO software and currently a co-owner of the Progress Planner WordPress plugin.

Joost had written:

“A lot has happened over the last few months, that I think all comes down to the above. I’ve often considered how the WordPress world “worked” unhealthy. I’ve spoken to many slightly outside of our industry over the past months about what was happening and several people, independent of each other, described WordPress as “a cult” to me. And I understand why.

I think it’s time to let go of the cult and change project leadership. I’ve said it before: we need a “board”. We can’t wait with doing that for the years it will take for Automattic and WP Engine to fight out this lawsuit. As was already reported, Matt said recently in Post Status that “it’s hard to imagine wanting to continue working on WordPress after this”. A few days later, he gave a completely conflicting message in the State of the Word. Yet he never came back on that first statement or clarified that he’d changed his mind. He also didn’t come back to talk to the community he turned his back on.”

Joost de Valk was supposed to speak at WordPress Asia 2025 but the co-owner of Progress Planner was there and asked the hard question.

Mullenweg Challenged To Adapt To Change

His statement about being adaptable to change set up another awkward moment at the 6:55:47 minute mark where Taco Verdonschot, co-owner of Progress Planner, stood up to the microphone and asked Mullenweg if he really was committed to being adaptable.

Taco Verdonschot is formerly of Yoast SEO and currently sponsored to work on WordPress by Emilia Capital (owned by Joost de Valk and Marieke van de Rakt).

Taco asked:

“I’m Taco, co-owner of Progress Planner. I was wondering, you were talking about adaptability before and survival of the fittest. That means being open to change. What we’ve seen in the last couple of months is that people who were talking about change got banned from the project. How open are you to discussing change in the project?”

Mullenweg responded:

“Sure. I don’t want to go too far into this but I will say that talking about change will not get you banned. There’s other behaviors… but just talking about change is something that we do pretty much every day. And we’ve changed a lot over the years. We’ve changed a lot in the past year. So yeah. But I don’t want to speak to anyone personally, you know. So keep it positive.”

Featured Image by Shutterstock/StarLine

Ecommerce MGMT 0 Comments

Mar 1 2025

Does WordPress Need Another Site Building Tool? Builderius Thinks So. via @sejournal, @martinibuster

A newly released page builder plugin called Builderius elicited enthusiastic feedback in a private WordPress Facebook group. A conversation with one of its principals, Elvis Krstulović, underscored how WordPress’s open source flexibility allows developers to rethink site building itself, creating tools that prioritize flexibility, maintainability, and professional development practices.

Is Builderius A Page Builder?

I saw a discussion in a private WordPress Facebook group called Dynamic WordPress and reached out to one of the developers to learn more. The interview is as much about how WordPress inspires people to create new and interesting products as it is about Builderius.

What is Builderius, is it a page builder?

“Yes, Builderius is a page builder but it’s also a developer tool. We prefer to call it a visual development environment. This name better captures what Builderius actually does – it brings powerful web development practices into a visual, easy-to-use interface. Instead of just decorating content with visual elements, Builderius helps you build websites the way professional developers do, but without the steep learning curve.

Builderius brings professional development workflows right into WordPress. Things like version control and staging environments – which normally require technical knowledge – are simplified into intuitive buttons and workflows in your admin panel. You get all the benefits of professional development practices without needing to learn complex systems like Git or server management.”

How Designing A Site With Builderius Works

I next asked how designing a site with Builderius works, what it’s like in a general sense.

Krstulović answered:

“All the work a Builderius user is doing is completely invisible outside on the live site until that work has been saved AND published as a public release. This means, for instance, that you can safely work on a busy live website, and nobody will know. Even if you make a mistake in Builderius, you will be the only one to know. When the work you have done is finished and signed off, you click a button and that site feature, redesign whatnot, is live for everyone to see and use.

Releases are small packages that contain JSON and some assets used in the Builderius environment and nothing else, so the processing of moving a release from dev to prod branch is mostly super quick. This means no site downtime even for major rework. It also means safe and easy rollback. Just go back to previous release, and you are back to where you were.”

Minimal And Flexible Approach To Styling A Website

Krstulović next described their design philosophy with their page builder:

“Builderius is built on good development principles that make websites more maintainable and easier to update. For example, we keep content separate from styling – a professional approach that makes websites easier to manage as they grow. If you have an element used across the website, you can easily change how it looks without having to rebuild it at each instance, since the data, the markup and styling are independent.

For example, we do not ship elements (like Elementor widgets) called for instance “post title”. We give the user an agnostic “html container” which can be any HTML element, a single one or a more complex combination of elements, which you can then link to any dynamic data via our dynamic data tags. You can pick these from a pop-up living near any content input, or HTML attribute input.

So to make a post title, you would add a heading, and then link it to post title data tag. It’s a step more, but it makes everything way more minimal and flexible at the same time. You can then swap the markup with anything, change the data it shows… and so much more.

When it comes to styling, Builderius gives you complete freedom. Unlike other page builders that limit what CSS selectors you can use, we let you write any selector right in the interface. For example, when styling the “post content” from within the Builderius template, you can target post content child elements using logical/compound CSS selectors – and not via custom code.

We ship with an our open-source CSS framework, choosing this approach over theme settings or presets because frameworks are more modular and flexible. You can remove parts you don’t need or bring your own framework if you prefer.”

Who Is This Page Builder For?

A lot of the people in the Dynamic WordPress Facebook group who are excited about this page builder are advanced web developers who build sites for clients. So I asked him if that’s who their end users are or if it’s appropriate for businesses looking for drag and drop solution?

Krstulović answered:

“We believe it provides different benefits for different user groups. For a front-end developer who is struggling with a sometimes messy WordPress development experience, it provides a clean and organized workflow, what developers expect from modern web dev. And it makes it faster. Frontend tasks are handled with visual tools and data is pulled into place with convenient data tags.

For aspiring web builders that want to learn and advance in their craft, it is an easier way into this demanding field. It is easier because visual tools are generally easier for most people, and because Builderius does so much for the user in terms of organizing the development process, from the version tracking and all that, to compiling code, and handling templating.

For developers that care about accessibility, Builderius offers ultimate control over every aspect of HTML.

Builderius is not for everyone. It is most certainly not for a business looking for a simple drag and drop solution, and it’s not for someone whose primary goal is to make things easy to do without understanding them.

But for developers who care about details, who get frustrated by limitations of tools that make them bend the design around the tool rather than the other way around, Builderius might just be for them.

If a user takes time to learn the tool, they’ll be able to build super fast, and exactly the way they’re asked to. And maybe even more importantly, if you learn Builderius you can take that knowledge elsewhere. No proprietary names, weird workarounds, just visual web development.”

Why Use Builderius Instead Of Gutenberg Blocks?

I next asked why someone would choose to use Builderius over the WordPress native Gutenberg blocks. Does it expand creative freedom or simplify the site building experience?

Krstulović answered:

“The answer is yes. Builderius provides more freedom to you as a developer or a site builder, and less freedom for the person who might use that freedom to break things, through website management roles. Developers provide development, and content people provide content.

For the creatives out there: When Builderius takes control of a page, it removes all that WordPress has put there that has to do with its scope of work. It removes various assets, the HTML, all. For instance, block CSS is gone. In return, you get a clean slate where you have nothing to override. You can use the least specific CSS possible and it will work. This means you can use some completely non-WP CSS library without fear it will interfere with WordPress stuff. It is super free, and super tidy.

This approach actually makes site building simpler in the long run. While blocks are great for quick layouts, they can become complicated when you need something specific. You might end up hunting through JSON settings, searching for hidden options, or even writing custom React code.

With Builderius, there’s a clearer path. Everything is where you’d expect it to be, following the same patterns that professional web development uses.

It also starts a bit more steep, but as you progress, site building becomes simple and quicker to do.

For example, you can easily build your own blueprint, save it as release, and pull that in at every site build start. This can have whatever you want inside, an extended CSS framework, custom components, custom template wireframes… and more.

And each and every aspect remains editable to be completely changed if you so desire. Flexibility, precision and control of the process.”

What Expectations Should Users Have?

Builderius is a 1.0 version software. So I asked Krstulović what a reasonable expectation would be for Builderius. Krstulović answered that the page builder is a beta version but a very functional one.

He answered:

“This is in fact a version 1.0 beta of the Free version of Builderius. So we are at the very start.

But this does not mean it’s not to be used or that it can do very little. We believe that the Free version serves an important role in the future adoption of Builderius. Its role is to expand the ecosystem, and make the builder more widely used, tested, integrated with other tools etc.

We’ve carefully designed the Free version to be genuinely useful for real projects, not just a demo. We wanted to find the right balance where it has enough features to build professional websites while still reserving some advanced capabilities for the paid version.

Builderius Free is built to be a very elegant builder for building fairly simple websites in terms of scale and dynamic data complexity, but also for those websites that are rigorous with regard to styling control, accessibility, performance and so on.

In short, if you can build the site with ACF or Metabox simple fields (so no repeaters and similar), with default posts and pages, and loop those posts on the templates that employ the main WordPress query (Archives, Search results, Blog index), you can build it with the free version.

So do not expect to loop over remote data just yet. Do not expect to modify the template rendering based on user interaction, or URL parameters… not in the free version. But if it’s a simple site, and you want to make it professionally, Free might be a good fit.

We also have some bugs to squash during this beta period, of course.”

Takeaways

What I learned from this interview is that Builderius is a developer-focused page builder that’s more accurately described as a visual development environment rather than a drag-and-drop tool. It also integrates professional development workflows like version control and staging directly into WordPress. So for that reason, Builderius is not designed for businesses looking for a simple drag-and-drop solution. It’s more for front-end developers who appreciate a structured, efficient workflow within WordPress.

Available At The WordPress.org Repository

If you’re interested in Builderius it’s now available for download at the official WordPress.org Plugin repository.

Read more about Builderius at the Builderius.io website.

Featured Image by Shutterstock/RSplaneta

Ecommerce MGMT 0 Comments

Feb 27 2025

Analysis Forecasts More Vulnerabilities In 2025 via @sejournal, @martinibuster

A new analysis predicts that the number of reported vulnerabilities will reach record highs in 2025, continuing the trend of rising cybersecurity risks and increased vulnerability disclosures.

Analysis By FIRST

The analysis was published by the Forum of Incident Response and Security Teams (FIRST), a global organization that helps coordinate cybersecurity responses. It forecasts almost 50,000 vulnerabilities in 2025, an increase of 11% over 2024 and a 470% increase from 2023. The report suggest that organizations need to shift from reactive security measures to a more strategic approach that prioritizes vulnerabilities based on risk, planning patching efforts efficiently, and preparing for surges in disclosures rather than struggling to keep up after the fact.

Why Are Vulnerabilities Increasing?

There are three trends driving the increase in vulnerabilities.

1. AI-driven discovery and open-source expansion are accelerating CVE disclosures.

AI is vulnerability discovery, including machine learning and automated tools are making it easier to detect vulnerabilities in software which in turn leads to more CVE (Common Vulnerabilities and Exposures) reports. AI allows security researchers to scan larger amounts of code to quickly identify flaws that would have gone unnoticed using traditional methods.

The press release highlights the role of AI:

“More software, more vulnerabilities: The rapid adoption of open-source software and AI-driven vulnerability discovery has made it easier to identify and report flaws.”

2. Cyber Warfare And State-Sponsored Attacks

State-sponsored attacks are increasing which in turn leads to more of these kinds of vulnerabilities being discovered.

The press release explains:

“State-sponsored cyber activity: Governments and nation-state actors are increasingly engaging in cyber operations, leading to more security weaknesses being exposed.”

3. Shifts In CVE Ecosystem

Patchstack, a WordPress security company, identifies and patches vulnerabilities. Their work is adding to the number of vulnerabilities discovered every year. Patchstack offers vulnerability detection and virtual patches. Patchstack’s participation in this ecosystem is helping expose more vulnerabilities, particularly those affecting WordPress.

The press release provided to Search Engine Journal states:

“New contributors to the CVE ecosystem, including Linux and Patchstack, are influencing disclosure patterns and increasing the number of reported vulnerabilities. Patchstack, which focuses on WordPress security, is playing a role in surfacing vulnerabilities that might have previously gone unnoticed. As the CVE ecosystem expands, organizations must adapt their risk assessment strategies to account for this evolving landscape.”

Eireann Leverett, FIRST liaison and lead member of FIRST’s Vulnerability Forecasting Team, highlighted the accelerating growth of reported vulnerabilities and the need for proactive risk management, stating:

“For a small to medium-sized ecommerce site, patching vulnerabilities typically means hiring external partners under an SLA to manage patches and minimize downtime. These companies usually don’t analyze each CVE individually, but they should anticipate increased demands on their third-party IT suppliers for both planned and unplanned maintenance. While they might not conduct detailed risk assessments internally, they can inquire about the risk management processes their IT teams or external partners have in place. In cases where third parties, such as SOCs or MSSPs, are involved, reviewing SLAs in contracts becomes especially important.

For enterprise companies, the situation is similar, though many have in-house teams that perform more rigorous, quantitative risk assessments across a broad (and sometimes incomplete) asset register. These teams need to be equipped to carry out emergency assessments and triage individual vulnerabilities, often differentiating between mission-critical and non-critical systems. Tools like the SSVC (https://www.cisa.gov/ssvc-calculator) and EPSS (https://www.first.org/epss/) can be used to inform patch prioritization by factoring in bandwidth, file storage, and the human element in maintenance and downtime risks.

Our forecasts are designed to help organizations strategically plan resources a year or more in advance, while SSVC and EPSS provide a tactical view of what’s critical today. In this sense, vulnerability forecasting is like an almanac that helps you plan your garden months ahead, whereas a weather report (via EPSS and SSVC) guides your daily outfit choices. Ultimately, it comes down to how far ahead you want to plan your vulnerability management strategy.

We’ve found that Boards of Directors, in particular, appreciate understanding that the tide of vulnerabilities is rising. A clearly defined risk tolerance is essential to prevent costs from becoming unmanageable, and these forecasts help illustrate the workload and cost implications of setting various risk thresholds for the business.”

Looking Ahead to 2026 and Beyond

The FIRST forecast predicts that over 51,000 vulnerabilities will be disclosed in 2026, signaling that cybersecurity risks will continue to increase. This underscores the growing need for proactive risk management rather than relying on reactive security measures.

For users of software like WordPress, there are multiple ways to mitigate cybersecurity threats. Patchstack, Wordfence, and Sucuri each offer different approaches to strengthening security through proactive defense strategies.

The main takeaways are:

Vulnerabilities are increasing – FIRST predicts up to 50,000 CVEs in 2025, an 11% rise from 2024 and 470% increase from 2023.
AI and open-source adoption are driving more vulnerability disclosures.
State-sponsored cyber activity is exposing more security weaknesses.
Shifting from reactive to proactive security is essential for managing risks.

Read the 2025 Vulnerability Forecast:

Vulnerability Forecast for 2025

Featured Image by Shutterstock/Gorodenkoff

Ecommerce MGMT 0 Comments

Feb 25 2025

Mullenweg Rebuffs Plea To Restore Automattic’s WordPress Core Contributions via @sejournal, @martinibuster

AA WordPress developer pleaded with Matt Mullenweg at WordCamp Asia 2025, asking him to restore Automattic’s contributions to the WordPress core. Mullenweg apologized and said it’s not up to him; it’s up to WP Engine to drop their lawsuit, and he encouraged the community to put pressure on WP Engine.

Automattic’s Scaled-Back WordPress Contributions

Automattic announced in January 2025 that they were scaling back contributions to the WordPress core to those related to security and critical updates. Contributions that would otherwise had gone to core would be diverted to for-profit initiatives related to Automattic and WordPress.com.

Automattic attributed its January 2025 decision to WP Engine’s lawsuits:

“We’ve made the decision to reallocate resources due to the lawsuits from WP Engine. This legal action diverts significant time and energy that could otherwise be directed toward supporting WordPress’s growth and health. We remain hopeful that WP Engine will reconsider this legal attack, allowing us to refocus our efforts on contributions that benefit the broader WordPress ecosystem.”

WP Engine’s lawsuits, however, were a response to Matt Mullenweg’s WordCamp USA 2024 statements and also activities against WP Engine (like the WP Engine Tracker website) . A federal judge has since sided with WP Engine and granted its request for a preliminary injunction against Automattic and Mullenweg.

WordCamp Attendee Urges Mullenweg To Reinstate Core Contributions

A WordCamp Asia 2024 attendee stepped up during the Q&A portion of the conference and shared his concerns, as a business owner and a plugin developer, for the stagnation of WordPress core development.

He said:

“Hi Matt. So this is not about a question, but I am a bit concerned about like if I see that the last five years or even ten years Automattic is the biggest core contributor in the code base and everything. So it’s not actually biggest, maybe 60%, 70% of the commit… as a company, Automattic do that.

So you recently published in a blog post that you are pulling out all the contribution and everything. So as a developer, as a business owner, …my whole business depends on WordPress. We build WordPress plugins, I think if there is no Automattic in the core contribution, the whole development will be super slow.

I want to request you to reconsider that, and at least in the core development maybe you can make some changes, give more resources in the core. Because it’s complicated, …someone needs to work and I think Automattic has lots of resources, experienced people in there, so I want to request you to reconsider your position and give more developers to the core.”

Matt Mullenweg States Condition For Restoring Core Contributions

Mullenweg responded that Automattic’s spending millions of dollars to defend itself against WP Engine. He insisted that the decision to restore Automattic’s core contributions hinges on WP Engine dropping their lawsuits and encouraged the person to ask WP Engine.

Mullenweg answered:

“Yeah, thank you. Well, it’s definitely not a situation I want to be in. As we said, we’re pausing things. But very, very excited to return to having all those hundred-ish folks back doing some of the work we were doing before.

But right now we’re facing not just a maker and taker program problem… but maker-attacker. So well Automattic’s having to spend millions of dollars, per month sometimes, to defend against these attacks from WP Engine and with the court injunction, it’s just hard to be both be motivated and to just spare the resources to contribute so much.

Now, they could end it tomorrow. And I would love to welcome WP Engine back into the fold, back at WordCamp and everything. But we can’t end it, we can only defend it, you know, to all the legal attacks and they are increasing actually. And they’re coming after me personally too. As soon as they stop that, we’ll get back to it.

So please, I can’t stop it. Ask them.”

Mullenweg Asks Audience To Pressure WP Engine To Drop Lawsuit

The person asking the question said he understood Mullenweg’s position but insisted that, as an end user, he wants the software to continue to thrive. For that reason, he pleaded for Automattic to find a way to restore core contributions.

Mullenweg answered the developers second plea and asked the audience to pressure WP Engine to drop the lawsuit:

“I can’t until the lawsuit is over. So if there’s anything y’all can do to put pressure for the lawsuit to end, that would be the fastest thing to get our contributions back.”

He ended his response with a smile, saying:

“So… sorry about that.”

Concern Over Cuts To Core Contribution

The WordPress developer expressed deep concern and anxiety about the pace of WordPress core development. He emphasized that Automattic has historically provided a significant portion of core contributions and feared that without its support, WordPress development would slow significantly, impacting his business and those of others who rely on the platform.

Matt Mullenweg’s response did not directly address the WordPress developer’s plea to reconsider Automattic’s core contribution cuts. His answer framed the decision to restore core contributions as out of his control because it is dependent on WP Engine dropping its lawsuit. He stated that the lawsuit costs Automattic millions of dollars.

Mullenweg’s main points in his response to restoring Automattic’s core contributions were:

Automattic’s reduced contributions result from the financial and legal burden of defending against WP Engine’s lawsuit.
WP Engine’s legal actions make it difficult for Automattic to contribute at previous levels.
He urged the audience to pressure WP Engine to drop the lawsuit.

Watch The Question and Answer segment at the 6:21:32 minute mark:

Ecommerce MGMT 0 Comments

Feb 25 2025

WordCamp Asia: No Plans For WordPress In 5 Years via @sejournal, @martinibuster

An awkward Q&A at WordCamp Asia 2025 saw Matt Mullenweg struggle to answer where WordPress will be in five years. Apparently caught off guard, he turned to the Lead Architect of Gutenberg for ideas, but he couldn’t answer either.

Project Gutenberg

Gutenberg is a reimagining of how WordPress users can build websites without knowing any code, with a visual interface of blocks for different parts of a web page, which is supposed to make it easy. Conceived as a four phase project, it’s been in development since 2017 and is currently in phase three.

The four phases are:

Phase 1: Easier Editing
Phase 2: Customization
Phase 3: Collaborative Editing
Phase 4: Multilingual Support

There’s a perception that Project Gutenberg has not been enthusiastically received by the WordPress developer community or by regular users, even though there are currently 85.9 million installations of the Gutenberg WordPress editor.

However, one developer at WordCamp Asia told Matt Mullenweg at the end of conference Q&A session that she was experiencing hesitations from people she speaks with about using WordPress and expressed frustration about how difficult it was to use it.

She said:

“Some of those hesitations were it’s easy to get overwhelmed. You know, when you look up how to learn WordPress, and I had to be really motivated… for myself to actually study it and kind of learn the basics of blocks… So do you have any advice on how I could convince my friends to start a WordPress site or how to address these challenges myself? You know like, getting overwhelmed and feeling like there’s just so much. I’m not a coder and things like that… any advice you can offer small business owners?”

The whole purpose of the Gutenberg block editor was to make it easier for non-coders to use WordPress. So a WordPress user asking for ideas on how to convince people to use WordPress presented an unflattering view of the success of the WordPress Gutenberg Project.

Where Will WordPress Be In Five Years?

Another awkward moment was when someone else asked Matt Mullenweg where he saw WordPress being in five years. The question seemingly caught him off guard as he was unable to articulate what the plan is for the world’s most popular content management system.

Mullenweg had been talking about the importance of AI and of some integrations being tested in the commercial version at WordPress.com. So the person asking the question asked if he had any other ideas beyond AI.

The person asked:

“If you have other ideas beyond AI or even how we consume WordPress five years from now that might be different from today.”

Matt Mullenweg answered:

“Yeah, it’s hard to think about anything except AI right now. And as I said a few years ago, before ChatGPT came out, learn AI deeply. Everyone in the room should be playing with it. Try out different models. Check out Grok, check out DeepSeek, two of the coolest ones that just launched.

And for WordPress, at that point will be past all the phases of Gutenberg. I think… I don’t know…”

It was at this point that Mullenweg calls on Matías Ventura, Lead Architect of Gutenberg, to ask him if he has any ideas of where WordPress is headed in five years.

He continued:

“Matías, what do you think? What’s post-Gutenberg? We’ve been working for so long, it’s…”

Matías Ventura, Lead Architect of Gutenberg, came up to a microphone to help Mullenweg answer the question he was struggling with.

Matías answered:

“I mean, hopefully we’ll be done by then so…”

Mullenweg commented:

“Sometimes that last 10% takes, you know, 90% of the time.”

Matías quipped that it can take a hundred years then continued his answer, which essentially admitted that there were no plans without actually admitting that there were no plans for five years out.

He continued his answer:

“I don’t know, I think, well in the talk I gave I… also reflected a bit that part of the thing is just discovering as we go, like figuring out how like, right now it’s AI that’s shaping reality but who knows, in a few decades what it would be. And to me, the only conviction is that yeah, we’ll need to adapt, we’ll need to change. And that’s part of the fun of it, I think. So I’m looking forward to whatever comes.”

Mullenweg jumped in at this point with his thoughts:

“That’s a good point of the, you know, how many releases we have of WordPress right now, 60 or whatever… 70 probably…. Outside of Gutenberg, we haven’t had a roadmap that goes six months or a year, or a couple versions, because the world changes in ways you can’t predict.

But being responsive is, I think, really is how organisms survive.

You know, Darwin, said it’s not the fittest of the species that survives. It’s the one that’s most adaptable to change. I think that’s true for software as well.”

Mullenweg Challenged To Adapt To Change

Taco Verdonschot is formerly of Yoast SEO and currently sponsored to work on WordPress by Emilia Capital (owned by Joost de Valk and Marieke van de Rakt).

Taco asked:

“I’m Taco, co-owner of Progress Planner. I was wondering, you were talking about adaptability before and survival of the fittest. That means being open to change. What we’ve seen in the last couple of months is that people who were talking about change got banned from the project. How open are you to discussing change in the project?”

Mullenweg responded:

“Sure. I don’t want to go too far into this but I will say that talking about change will not get you banned. There’s other behaviors… but just talking about change is something that we do pretty much every day. And we’ve changed a lot over the years. We’ve changed a lot in the past year. So yeah. But I don’t want to speak to anyone personally, you know. So keep it positive.”

Biggest Challenges WordPress Will Face In Next Five Years

Watch the question and answer at the 6:19:24 mark

Ecommerce MGMT 0 Comments

Feb 24 2025

Mullenweg & Automattic Sued in Class Action Filing Over WPE Dispute via @sejournal, @martinibuster

A new lawsuit seeking class action status alleges that WordPress co-creator Matt Mullenweg and Automattic engaged in unfair business practices to harm managed WordPress web host WP Engine (WPE) and its customers.

According to the lawsuit:

“Plaintiff and the class seek equitable relief pursuant to Cal. Bus. & Prof. Code § 17203 to end Defendants’ wrongful practices including requiring Defendants to cease its tortious interference with contract.”

…Plaintiff and the class also seek an order requiring Defendants to make full restitution of all monies it received through its wrongful conduct, along with all other relief permitted under Cal. Bus. & Prof. Code §§ 17200 et seq.”

The lawsuit makes multiple claims against Mullenweg and Automattic:

That defendants interfered with access to WordPress resources, disrupting WPE customers.
Interfered with customers’ ability to manage their websites hosted on WP Engine (WPE).
The lawsuit claims that the actions were not legitimate trademark enforcement efforts but a pretext for degrading WP Engine’s services and pressuring customers to leave.
The complaint also accuses the defendants of monopolistic behavior, alleging that they wielded control over the WordPress ecosystem for financial gain, harming WPE customers.

According to the legal filing:

“Defendants deliberately wielded their power over the WordPress.org website like a cudgel, not only blocking access to the website but stealing resources like the ACF plugin, forcing visitors to click a checkbox asserting they are not associated with WPE, publishing WPE customer website addresses in an attempt to pressure customers to leave WPE, and repeatedly threatening future consequences including the risk of additional service disruptions for class members who did not leave WPE. “

Why the Lawsuit Seeks Class Action Status

The legal filing asserts that the lawsuit qualifies for class action certification based on allegations that Mullenweg and Automattic engaged in conduct that harmed not just the plaintiff but a broader group of WP Engine (WPE) customers. The plaintiff contends that the defendants’ actions, including interfering with WPE’s services, blocking access to essential WordPress tools, disrupting and degrading service, and pressuring customers to leave WPE, resulted in harm that, according to the lawsuit, meets the criteria for class certification under Rule 23. The lawsuit claims that WPE customers faced service disruptions, financial losses, and potential security risks.

The justification for the class action is outlined in paragraph 58 of the lawsuit:

“Plaintiff brings this action as a class action pursuant to Rules 23(a) and 23(b)(1)-(3) of the Federal Rules of Civil Procedure, on behalf of himself, his business and a Nationwide Class defined as:

All persons in the United States who had ongoing active WPE WordPress Web Hosting Plans on or before September 24, 2024 through December 10, 2024.”

The legal filing asserts that numerous public statements and court records, including filings related to WP Engine, support the allegation that the defendants caused harm to the plaintiff and the alleged class. It then details the plaintiff’s personal experiences as further evidence of the alleged harm.

Section III, ‘Plaintiff’s Experiences,’ outlines how the defendant’s actions harmed the plaintiff, Keller, including:

Service Disruptions
Business and Financial Impact
Personal Website Impact
Security Risks
Customer Relationship Concerns
Consideration of Alternative Hosting

The legal filing details the following:

“Defendants’ interference significantly impacted the business of Plaintiff Keller. While Plaintiff Keller was happy with WPE services and intended to continue using WPE services, the service disruption and degraded service, coupled with repeated public statements and threats made by Defendants, led Plaintiff to explore moving his website and all those operated by his business to another managed web host.

Plaintiff’s livelihood revolves around building and operating websites, and significant disruptions will impact his business including his own capacity to fulfill his contractual obligations to his own clients.

Plaintiff Keller’s websites were significantly impacted by outages despite WPE’s attempts to create workarounds.

Plaintiff Keller has had to spend significant time and expense responding to the service disruptions and degradations, preparing for moving his and his clients’ websites to a new host, and in investigating a new host environment after a long and successful prior partnership with WPE. He is not alone in the harm he has suffered.

Plaintiff Keller’s personal website was also significantly impacted. Access to the WordPress backend was available intermittently, and Plaintiff Keller received emails related to this downtime.

Plaintiff Keller pays WPE $3,300 per year for its “Scale Plan,” 2 additional websites, and GeoTargeting and Multi-Site services. Due to Defendants’ actions, Plaintiff Keller was unable to update his website in a standard marketing cycle adjustment. Plaintiff Keller had to spend time and expense to manage, update, and modify his website as a result of Defendants cutting off WPE
from the WordPress ecosystem and therefore, did not receive the benefit of his bargain with WPE as Plaintiff Keller had to do the work that he pays WPE for.”

A New Phase In Dispute Between Mullenweg/Automattic And WPE

This class action lawsuit is a new phase in the dispute between Mullenweg, Automattic and WP Engine. It expands the legal battle to include claims from individual customers. With allegations of unfair competition, monopolistic behavior, and deliberate service disruptions, the class action lawsuit adds another layer to a dispute that has led some in the WordPress community to call for a change in governance to the WordPress open source project.

Read the text of the lawsuit here: (PDF)

Featured Image by Shutterstock/BCFC

Ecommerce MGMT 0 Comments

Feb 20 2025

WordPress Offers New 100-Year Domain Name Registrations via @sejournal, @martinibuster

WordPress.com updated their 100-year domain and hosting plan, unlocking the opportunity to secure a domain name for a one hundred year period for only $2,000. The new service is a breakout from the 100-year plan which is another offering that includes hosting and other benefits for $38,000.

100 Year Domain Name Registration

The new domain name registration is available for .com, .org, .net, or .blog domains and is managed in a trust account controlled by the person registering the domain. This service was previously available as part of a 100-year plan that came with hosting at a price of $38,000. The domain registration fee of $2,000 is more affordable and a good value for those who require the security of knowing the domain isn’t changing hands by mistake.

WordPress.com offers the following benefits:

No expiration surprises.
No lost domains due to admin mistakes.
No stress about renewals—ever (or 100 years, whichever comes first).
A full century of security for your domain.
One setup. 100 years of ownership.

They’ve also reimagined their 100-year plan so that it comes with numbered trust accounts controlled by the owner of the domain and hosting plus contingencies that guarantee the continued web presence should anything happen to WordPress.com or Automattic.

Read more about the new 100-year domain name registration:

Secure Your Domain For the Next Century

Featured Image by Shutterstock/gcafotografia

Ecommerce MGMT 0 Comments

Feb 19 2025

How To Manage Multiple Websites On WordPress

WordPress is the most popular content management system (CMS) in the world.

Many sites worldwide use it for good reasons: It extensibility means that you can build more than just a website; its open-source nature means you own your site, and it tends to rank pretty well in search engines. Your only limit when it comes to WordPress is your imagination.

However, like a lot of other forms of websites, it does need some care to manage to make sure it’s safe and secure.

This can be a bit intimidating for a new user, but with a bit of planning, you can have a management strategy for your WordPress websites that works and is scalable for your business.

In this article I’ll share the questions I ask myself to manage WordPress in a scalable fashion.

Which Version Of WordPress Is Right For You?

The first question to ask is before your WordPress website is even built and how your project is structured.

If you are running multiple instances of WordPress where each one is relatively similar, WordPress multisite may be suitable.

This is where you run one instance of WordPress but have multiple websites running off one database, and one copy of every plugin and theme. It means scheduled tasks, such as plugin updates and backups, only need to run on one codebase.

WordPress multisite is great for larger sites that are all relatively similar – so subdomains for each department, or different languages or locales are perfect for multisite.

If you have, for example, a site and a blog subdomain, both running on WordPress, then I’d recommend looking at this approach. You can even have a WooCommerce solution in one of those subdomains.

If you’re an SEO agency running multiple WordPress sites, I recommend managing each instance separately.

The bespoke nature of client work could mean that the amount of plugins and themes installed and available for every user will be massive.

There could be client confidentiality issues. Every client could potentially see each other’s themes and plugins.

Also, there are potential security implications with one point of failure. If one site is compromised, then all the other sites in the network could be at risk.

Furthermore, not all hosts support WordPress multisite, so you really should speak to your host. It also requires a bit more technical knowledge to implement.

Should you wish to investigate multisite, then WordPress has a guide on how to install WordPress multisite network. However, for the rest of this guide, I assume you’re using the vanilla version of WordPress.

Begin With Tools You May Not Know You Have (But Don’t Rely On Them)

WordPress and your host may have some tools available to you that you can use to automate some of the management.

Speak to your host and find out if they offer backups, how often, and where they are stored (backups hosted on the same server as the WordPress sites are next to useless!).

If they do, go through the process of restoring the backup of a staging server and document that process. Some hosts also put their backups behind a paywall, so you don’t want to rely on them.

WordPress has the ability to enable auto-updates. Before enabling this, run through a test update of all plugins and themes on a staging server and review.

If themes have been edited without the creation of a child theme, then theme edits will be overwritten. Likewise, if changes were made to the plugins, then there could be errors.

If things haven’t been updated for a while, jumping from a very old version of the site to the latest may fail. Running through these changes on a staging server and testing thoroughly before deploying to live will minimize potential issues.

If both those tests are completed fine, they should be safe to auto-update. Even if there is a problem and the site triggers a fatal error, the update will usually roll back to a working version of the site.

Even with both enabled, please don’t rely on them. There are often gotchas, especially with more complex solutions, that you may need to work around.

This is learned knowledge you put into your plan of action. Furthermore, hosts can go bust or change their offering, often at short notice, so it’s a good idea to have a host-independent plan.

Prepare A Plan

Before managing multiple WordPress sites, you need to have a plan. This is what you do on a daily, weekly, and monthly basis.

For “daily” tasks, they should be automated – these are your uptime and security monitoring, automatic backups, and updates.

Weekly tasks are more manual tasks – any updates that were missed by the daily tasks, visual checks, and testing if functionality on the site works as intended.

Every month, some time should be dedicated to analyzing Google Search Console errors, testing the loading time of key pages, and searching for broken links. You should also dedicate some time every few months to review plugins and identify ones that have been either abandoned or removed from the WordPress repository. Doing such reviews can help fend off security issues arising in the future.

For weekly and monthly tasks, pick a number of pages to look at. These are key pages – either high conversion or traffic pages or pages that have unique functionality.

If you have an ecommerce site, place a test order too.

Finally, you should put a plan in place for what happens if something goes wrong. This is typically if the site gets hacked, or if the site goes down for a considerable length of time.

Do a dummy restore of the site, to make sure it works, and have a plan for what occurs when a minor security breach (such as a vulnerability) is discovered. A well built website with up-to-date plugins and themes, on a good host, is unlikely to be hacked, but nipping security vulnerabilities in the bud can help this. Below, I share a few tools that have security monitoring linked to services like Patchstack.

Store this plan somewhere. I have a spreadsheet I use to manage my clients, containing the client name and contact, what package they are subscribed to, the key pages, as well as any gotchas associated with the client’s sites. After setting this up, you’re ready to go.

Tools You Can Use To Manage Multiple Websites On WordPress

Thankfully, to save time, there are a number of tools to help you manage multiple WordPress sites.

These will tend to allow you to update multiple sites from one dashboard, and handle things such as security and uptime monitoring.

They are largely very similar, and unless you have a particularly bad experience, you are unlikely to move them.

Here are some of the main players:

ManageWP allows free updates and monthly backups for free. Payment services are usually “addons,” which start at $1-$2 per site for each addon such as EU and U.S. server backups, uptime monitoring (which integrates with Slack), security and performance monitoring, and link monitoring. A site with all premium add-ons would cost $9/month. If you have over 25 sites, you can bundle services, with a maximum cost of $150/month, for 100 sites. For full disclosure, I use ManageWP.
MainWP also allows free updates. It’s popular in the industry but a bit more complex, as it offers 30+ extensions that handle security and uptime monitoring, as well as integration with popular plugins like WooCommerce, Yoast, and WP Rocket, so you can analyze and update all your sites in one place. You will need to set up backups separately, and it costs $199/yr for unlimited sites or $599 for a lifetime license.
InfiniteWP has a free tier which allows you to update WordPress and plugins, and backup manually that you can download. Its premium tier, however, allows scheduled backups to the cloud, malware scanning, uptime monitoring, broken link checkers, and 15+ other features. Pricing for premium is tiered, starting at $147/year for 10 sites, up to $647/yr for unlimited sites and users.
WPRemote allows you to update plugins and themes for free. It has premium tiers with backups, staging site creation, uptime monitoring, and security and vulnerability scans. Premium tiers start at $299/year for five sites at the “Basic” level to $9,999/year for 100 sites at the “Pro” level.

A Simple Plan For Managing Multiple WordPress Websites

If you are part of in-house development, or a marketing team managing multiple similar WordPress websites, then a WordPress multisite installation may be suitable for your needs.

For the vast majority of agencies, multiple WordPress installations with separate databases and potentially hosts is the way forward. Running an entire agencies clients websites through a WordPress multisite installation would become unwieldy quickly.

For both approaches, a few simple steps can be taken to help manage multiple WordPress websites:

Prepare a task list for all WordPress sites to be split into daily, weekly and monthly tasks.
To begin, run through each task with each client, to manually identify potential gotchas, and include these in your notes.
Come up with a disaster recovery plan for worst case scenarios.
Offload as many tasks as possible, such as security and uptime monitoring and backups to a third party.

Doing this will keep your website secure, up to date, and with every performant optimisation in the latest versions of WordPress on your sites as quickly as possible.

More Resources:

Featured Image: fizkes/Shutterstock

Ecommerce MGMT 0 Comments