I’m not really sure where to start here. Matt Mullenweg, the founder of WordPress, recently attacked me publicly after I wrote a guest post for the very well-known WP Tavern blog, which covers all kinds of WordPress-related news.
In the post I advocated for the hurried deprecation of XML-RPC, a rather unstable technology included by default in WordPress software that allows remote connections to WordPress-based websites, and which has been the cause of literally millions of DDoS attacks, hacked websites, and crashed servers over the last few years. Although I’m not a software engineer, my article was carefully researched, with arguments already echoed by dozens of WordPress “experts” on the web, including Jeff Chandler, the very owner and editor of the WP Tavern blog itself, who was “trackbacked to death.”
Despite being (already) one of the most positively-commented stories of 2015 on WPTavern.com, for some reason Mullenweg decided to stop by — not to share his perspective, but to publicly insult me in the comments section:
“This is definitely one of the most misinformed and misleading things I’ve read on Tavern in a long time, but I guess the author was trying to create ‘controversial issues.'” — Matt Mullenweg
In response to Matt’s ad hominem attack on me, developer Peter Cralen replied, telling Matt flatly, “It would be cool if you post why to keep XML-RPC in core.” Now a few days later, and Matt has still refused to provide any explanation whatsoever as to why he feels so strongly about retaining (?) the volatile XML-RPC technology.
Personally, I’ve never met Matt nor do I know much about him. That being said, I’ve noticed in recent years (apparently with good reason) that he acts rather boyish and douchey, based on some of the things I’ve seen him do/say, and based on the general lack of business acumen (let alone juvenile hypocrisy) that he seems to exude. And while there is surely something to be said about Matt’s success and growing fortunes, the truth is that 99% of WordPress is achieved by the nameless, faceless volunteers that contribute thousands of hours to coding, supporting, and marketing WordPress across the globe.
I do not aim to prolong or exacerbate a personal conflict with Matt; that being said, how ridiculous and disappointing that the “man-child” currently at the helm of the most widely-used CMS on the globe stoops to ad hominem attacks on my character (which I’m now forced to engage in, apparently) rather than addressing the elephant in the room — the massive rise in automated hacking attempts being carried out against WordPress-powered websites world-wide.
But seriously, what motivates such an immature, desperate attack?
I’m not sure, but it could have something to do with the fact that Matt has been steadily commandeering “free” plugins from wordpress.org like WP Super Cache, Brute Force Protect, etc, into his proprietary WordPress.com universe (which itself has now become the rather bloated XML-RPC-reliant Jetpack universe… Mullenweg admitted in a 2014 interview with Forbes that over 80% of Automattic’s revenue comes from upgrades purchased directly at WordPress.com, i.e. via Jetpack).
It could have something to do with the fact that Matt is terrified of the likes of Medium, Tumblr, etc. pulling the rug right out from underneath him and stealing the platform-PLUS-publisher stage from WordPress.com. It could have something to do with the fact that Matt’s leadership style consists mostly of snobby, self-serving sound bites, or that his approach to scaling his business consists largely of wildly-changing pricing for services like VIP, Akismet, PollDaddy, VaultPress, or WordPress.com, all of which have several BETTER and/or more affordable options currently on the market.
Despite Automattic’s best (smartest) acquisition to date – WooCommerce, a massively popular and well-designed eCommerce plugin for WordPress – for some reason, Matt is still living in a delusional Jetpack-infused world that is aimed not at talented web developers, but at webmasters too stupid to even setup a custom domain name for their website.
(No joke, the guy even recommended the terrifying Jetpack plugin to a BANK in Arizona for “better security”, which would quite possibly breech the FTC’s federal guidelines on securing customer financial information.)
It was Matt himself who boldy declared on Reddit in 2014 that, “First and foremost the most important things for a platform are stability, speed, and security.” It was also Matt who chastised MySQL’s rapid decline after they decided to focus on profits vs. open-source quality, stating, “Most open source companies are not good. Meaning that you can’t look at a MySQL or something like that and say, ‘They did what was best for the community and they were really successful.’ They sold for a billion dollars, good for them, but in the meantime they completely lost the database market.”
To both these ends, Matt… why in the @#$%! are you so obsessed with blindly pushing XML-RPC and Jetpack onto the WordPress community? While I’m sure the pressure for “profits” from your investors is strong, I strongly encourage you to see WooCommerce as your golden goose of the future, and not @#$%! Jetpack.
For now, let’s hope that the forthcoming JSON API leads to the quick demise of XML-RPC in WordPress, and that “remote connections” again become an OPTIONAL feature of the platform, in the name of “stability, speed, and security.”
P.S. Matt, in case you’re not aware… your WordPress site takes a ludicrous 14 seconds to load, in contrast with LittleBizzy.com coming in at under 0.4 seconds… if you are looking for better hosting, you know where to find me :)