Goodbye Wordpress

 | 2 min

Dear WordPress,

We've been together a long time, I know. It's hard to believe that it's been more than ten years already. Although I have dabbled with other blogging platforms and CMSs over the years (hi Blogger!, hi SilverStripe!), you knew it wasn't serious, and I always came back to you.

In fact, I was so serious about you that I became a plugin developer. My Crafty Social Buttons plugin has more than 10,000 active installs. I built some very complex and custom systems on top of you, as well as just running ordinary blogs.

You are so much more popular now than you were back when we first met. Some say you power 20% of the internet. I can believe it, because I see how much of a target you have become. My blogs are completely unknown, and yet every day I get thousands of login attempts, with people trying to brute force or dictionary attack my password. I know you do your best to keep patching security holes, but you and I both know that it's only a matter of time.

In fact, it's already happened, in a way. I had to leave a previous hosting provider because you kept getting hacked. Not because of anything I did, but because someone else on the shared host had a weak password, or a vulnerable plugin, or just an out of date version. Because of their lack of care, I lost weeks trying to clean out the malware, restore from backups and harden my system, only to have to do it all again because someone else wasn't so diligent.

I don't have the same problem now that I have my own dedicated virtual machine, but I have a different one. I'm my own sysadmin, and I'm not a very experienced one. I've done my best to learn about it and to secure my server as best I can, but I can't really compete with thousands of people scouring your code looking for vulnerabilities that they can then automate and exploit. I just really don't want the hassle

You're also written in PHP. Sorry, but it's true. I've just never really liked that aspect of you. And I don't use it for anything else, just you. I recently rewrote an entire webapp that was originally based on you because I just couldn't stand the thought of spending more time writing PHP.

You're also fairly resource hungry. My blog gets almost zero traffic, but just running two instances of you on my previous hosting provider was enough to bring you both to a crawl. My current server can handle it, but given how completely non-dynamic my content is, you really seem incredibly wasteful of resources.

I realised recently, that my content is almost entirely static. My blog posts don't really change after I write them, and I don't have any fancy dynamic stuff happening on my sites. Sometimes nothing changes on my blog for months at a time, and yet you still dynamically generate every single page for every single request. You really are overkill for what I need.

And so I have abandoned you. My sites are now entirely static. The botnets can have fun trying to password guess a static html page. With no server side scripting of any kind on my sites, I don't have to worry so much about being hacked. And with my new static site generator, I can still generate all my pages using a theme, and even have search!

So, sorry Wordpress, but this is goodbye. I've left you for Metalsmith.