In a recent podcast interview, Matt Mullenweg shared his informal plans for ensuring the future of WordPress. He outlined several areas where WordPress is taking advantage of technological changes, including security, AI integration, and reducing technical debt. He also addressed the long-term future of WordPress leadership, emphasizing the importance of decisive vision.
Mullenweg outlined four ways WordPress is improving in the near future:
- Plugins and themes will become more secure.
- The suitability of AI integration with WordPress ensures its continued relevance.
- WordPress is addressing technical debt.
- Governance and succession planning will help maintain WordPress’s strength.
WordPress Will Become More Secure
One of WordPress’s strengths is the third-party themes and plugins that enable publishers to create exactly the kind of website they need. It’s also a shortcoming because the vast majority of vulnerabilities discovered in WordPress stem from coding flaws in plugins and themes, as well as user failure to keep third-party software updated.
Mullenweg mentions current security measures like bug bounties, which are payments made to individuals who discover and responsibly disclose vulnerabilities. The implication of his answer is that relying on humans to find vulnerabilities isn’t enough because the scale of the problem exceeds human capabilities.
He anticipates plugin and theme vulnerabilities becoming less problematic due to new AI code-scanning capabilities that can analyze millions of lines of code to identify patterns consistent with common flaws that lead to vulnerabilities.
Mullenweg shared his thoughts:
“… many of these plugins and themes don’t have the same sort of robust security and review process that core has. So that’s where when you hear about security issues with WordPress, it’s very rarely in core, anymore. We haven’t had a remote exploit in like… I think five years, six years something.
But in the plugins it can be somewhat more frequent. And so one thing I’m very, very excited about, the next year or two, is actually more automated scanning. Because obviously that code base is so many tens of millions, maybe over a hundred million lines of code at this point. It’s impossible for humans to review that.
So we kind of rely on developers to to review that and manage. And of course we have like bug bounties and everything so that when things are reported we fix it quickly.
But I can’t wait for more automated scanning there, and I think that could vastly upgrade the security of open source.”
AI-Powered Website Building
Another development Matt sees for WordPress is further integration of AI into WordPress so that it becomes an engine that an AI uses to develop websites for users. Matt acknowledges that this is already happening and he’s right. Some web hosts are already leveraging AI to assist users in building websites through a chatbot interface.
He explains that writing the code is a strength of AI but that maintaining the code base is a problem that WordPress solves. Software like WordPress currently rely on PHP and other technologies to power those websites and make them interactive but they are constantly improving which means that the software that runs on those technologies must also be maintained. Mullenweg explains that AI can build on top of those technologies as engines that power what they create, building on top of them without having to worry about maintaining the underlying technology that makes them work.
He said that this scenario of building on top of open source is more powerful than leveraging a closed source system. What’s implied in what he said, and went unspoken, is that open source projects like WordPress are not threatened by AI but rather they stand to benefit greatly from it. Thus, Matt foresees that WordPress has a strong future as AI technology progresses.
Matt explained:
“The other thing that’s really exciting is that right now, you see people building apps and stuff and it’s custom generated code. But I think the next generation of these models… as everyone knows, just writing the code is one part of it. It’s maintaining it that really becomes the life cycle of it.
And I think that if, and they’re starting to do that, is when the open source model, you say, build me a website, it actually installs WordPress and builds on top of that and customizes on top of that. Then you get for free, that core engine that’s always being edited and updated and getting passkey support, whatever the new things are, sort of continuously, and the new custom stuff can be on top of that. Which I think is a lot more powerful than sort of building something proprietary or custom from the ground up.”
Technical Debt Needs To Be Addressed
At this point, Lenny observes how everything you acquire carries the burden of having to maintain it, saying that they all have that hidden cost. Mullenweg agreed, saying that WordPress has a similar thing called technical debt which is an issue that WordPress is addressing in order to improve it. Technical debt is a reference to the accumulated burden of outdated code, complexity and development decisions that make future changes more difficult.
Mullenweg said:
“Well, that’s why I think technical debt is one of the most interesting concepts. You know, there’s so many companies …that maybe have like big market caps. But I feel like they might have billions or tens of billions of dollars of technical debt. …how their products interface with themselves.
And I think about that a lot in our own company. We definitely have some products, …we have some variable quality around some of our things right now. …There are parts of WordPress and WordPress.com that we’re a little embarrassed and ashamed of… we kind of have to…. we have a really large surface area that we cover with relatively few people. So there are some parts that we haven’t looked at in a little while that we need to get around to.
And it’s our big focus for us this year, is actually going back to basics, back to core. And improving all of those nooks and crannies… and also ruthlessly editing and and cutting as much as possible. Because we’ve just launched a lot of stuff over the past 21 years that isn’t as relevant today or doesn’t need to be there.”
Governance and Leadership
Mullenweg also debunked the idea of WordPress as an entity that’s led by a single person and shared his vision for how WordPress will be governed in the future. He said that WordPress is a true community where most of the decisions are made by committees formed by core contributors. He also affirmed that he believes that for WordPress to succeed it must have a strong leader who serves as the final decision-maker and that this doesn’t make it weaker, it makes it stronger.
On the points of project leadership and succession he shared:
“If you look at the daily commits and activity and everything, it is run by the community. So it’s hundreds of volunteers everyday that are actually doing the day-to-day work and making the data decisions, everything happens.
…There has been a radical delegation. However, there’s ultimately a hierarchy, and I’m kind of… I’m like a final, final decision-maker.
And you know, I definitely think about succession planning, everything like that, but if for when I’m gone, I don’t want to pass it to a committee, I want to pass it to someone else who could have a role somewhere to mine and really sort of try to be a steward.”
Takeaways
WordPress Security
Matt Mullenweg discussed three plans for improving WordPress in the near future, acknowledging that plugins and themes remain the biggest security risks for WordPress but that advancements in AI technology will enable greater mitigation of those issues.
WordPress Set To Remain The Market Leader
He also said that WordPress is ideally suited for becoming the engine that powers website development in the future, an advantage over closed source systems in that companies will be able to develop layers of AI-powered functionality and conveniences on top of the free WordPress open source CMS.
Addressing Technical Debt
Mullenweg acknowledged that WordPress has many years of technical debt to address and that WordPress is prioritizing the reduction of outdated code and complexity this year.
His statements confirm that WordPress’s long-term stability and viability are assured by technological advancements, adaptability and greater focus on code efficiency.
WordPress Leadership
Lastly, he addressed WordPress governance, insisting that it is led by the community because the overwhelming majority of decisions are made by individual contributors, and that his role is more along the lines of a final decision-maker. He argued that the best software is created through a combination of committees and strong leadership that oversees the long-term direction of the project. Interestingly, he also said that the community serves as a system of checks and balances because contributors are always free to leave and fork their own version of the project.
Watch the interview here:
Matt Mullenweg on the future of open source and why he’s taking a stand
[embedded content]
Featured image is a screenshot from the interview.