WordPress 6.8 Cecil is out, and it’s a great release. It’s unbelievable that it’s already been downloaded over 6 million times as I write this. That feeling never gets old.

It’s a funny time in WordPress because there are a lot of really interesting open questions:

• Can we iterate faster with canonical plugins?
• What’s the fun thing we can put in to celebrate 7.0, and when will that be? (I was rooting for real-time co-editing like Notion/Canva/Google Docs.)
• How can we use AI to automate our manual work around WordPress.org?
• Can AI help us make 60k+ open source plugins and themes in the directory more secure? (I think so.)
• What should we do with our 13k issue backlog? (That’s a lot of bug gardening.)
• How will AI change how people build and update sites?
• Just like RSS and web standards supercharged WordPress for the podcasting and search revolutions, what standards or APIs can we ship to help 40%+ of the web work with AI agents? (Plus an entire rabbit hole of all the new sloppy crawlers using so many resources.)

Some of these broad changes are mixed. At one point, I used Google to search for things and would visit their top result, which is great for website owners. Nowadays, Google pulls almost everything I need into the results page, so I don’t see as many random sites. But on Perplexity, sometimes I’ll read the answer and then visit 4-5 of the sources it cites to learn more, so I’m visiting 4-5x more random websites, usually powered by WordPress, than I would have even in the early days of Google. We don’t know how this all plays out yet.

These questions are also against the backdrop of some of the brightest minds in WordPress spending more time with legal code than computer code, which could last until 2027 or longer with appeals.

Speaking for myself, I was in my first deposition today. I really appreciated the due process and decorum of the rule of law, and just like code, law has a million little quirks, global variables, loaded libraries, and esoteric terminology. But wow, after a full day of that, I’m mentally exhausted. Hence, I’m posting about 6.8 after it’s had 6 million downloads. I’m more impressed than ever by what smart lawyers do, and the entire thing, though sometimes imperfect and frustrating, is a blessing to our democracy. However, I can’t wait to return to spending the plurality of my days with engineers and designers again. I’m sure many other folks in the WordPress community would agree.

One thing you’ll see on every host that offers WordPress is claims about how secure they are, however they don’t put their money where their mouth is. When you dig deeper, if your site actually gets hacked they’ll hit you with remediation fees that can go from hundreds to thousands of dollars.

They may try to sell you a security plan that for example at Godaddy goes from $300 to $700 a year on top of your hosting. (Don’t be fooled by the low entry price, look at renewal.) It’s heartbreaking to hear stories of non-technical people forced into these high fees to fix something their host should have prevented in the first place.

When a host is powered by WP.cloud, it doesn’t need to do this because hacks are so incredibly rare. (That’s why it may appear more expensive, but the total cost of ownership or being a WP.cloud-powered host is much lower when you factor in human time.)

One problem we’ve had on WordPress.com is we do all these amazing things and don’t tell anyone about it, something we’re trying to change with our focus this year on developers and developer tooling. One great example is we’re so confident about our security, if your site gets hacked we’ll fix it for free! We’ve actually been doing this for the better part of a decade, just never mentioned it anywhere.

Pressable (which is WP.cloud-powered) does a better job talking about these things and has a nice landing page on malware cleaning and hack recovery that says essentially the same thing.

WordPress has done a ton over the years to move the hosting industry around upgrading PHP and MySQL, PHP extensions, free SSL, and in general using our clout to advocate for user rights and freedoms from even the largest hosting companies, and I’m proud to say there are a good number, for example the ones you see at WordCamps, that have not just embraced these values but actually been more commercially successful as they’ve done so. I hope security and auto-upgrades not just for core but for plugins and themes becomes the next standard. (Jetpack does this for free, some hosts charge $100/yr per site.)

I’ve been really enjoying the book Creativity Inc by Ed Catmull of Pixar, it was recommended to me by my colleague Dave Martin a while back and I finally got around to it. There’s an interesting story in it where George Lucas had asked him to develop a film editing system that was digital.

While George wanted this new video-editing system in place, the film editors at Lucasfilm did not. They were perfectly happy with the system they had already mastered, which involved actually cutting film into snippets with razor blades and then pasting them back together. They couldn’t have been less interested in making changes that would slow them down in the short term. They took comfort in their familiar ways, and change meant being uncomfortable. […] If left up to the editors, no new tool would ever be designed and no improvements would be possible.

This made me think a lot about the early days of Gutenberg and the huge resistance it had in the community, including causing the fork of ClassicPress. Now that we’re much further along there’s a pretty widespread acceptance of Gutenberg, and it’s responsible for the vast majority of all WP posts and pages made, however if we had taken a vote for whether it should happen or not, it probably wouldn’t have ever gotten off the ground.

What’s funny is if you go back even further, using a visual WYSIWYG editor in the first place was very controversial, and many people didn’t want the classic editor brought into WordPress.

WordPress.com launched a new update to Studio this week, and we’re already seeing some buzz.

Studio is our free and open source app for local WordPress development, enabling you to spin up unlimited WordPress sites on your personal computer.

Through its newest feature, Studio Sync, you have complete freedom to:

• Connect your Studio site to and from a WordPress.com production or staging site, included for free in Business and Commerce hosting plans.
• Push and pull changes as a team by connecting a local Studio site to a shared WordPress.com site.
• Synchronize your local and hosted sites at any time with one click.

Studio is an excellent tool to have in your development arsenal, and you can download it for free, explore the docs, and become a contributor on GitHub.

It’s a dream come true being here in Tokyo for State of the Word 2024. We’re going to be in an amazing venue that looks over the city. Most of WordPress and Automattic’s senior leadership is here, and we’ll also have several hundred folks from the local community and press.

(Update: If you’d like a fantastic recap of how the event went, check out this post on .org.)