I’m increasingly convinced there’s a market out there for some kind of managed WordPress hosting. A provider with special expertise in WordPress, PHP and MySQL. Someone who can look after patches etc automatically for you. Who has the knowledge and tools to offer better-than-average security. But crucially, who is also happy for competent people to mess around a bit.
There’s really no argument with the power of WordPress, its simplicity, and (of course) its price. So the point for debate when I go to pitch a WP-based idea, is where it will sit, how secure it will be there, and who will look after patches and updates. Of course, there are good answers to those questions:
- use wordpress.com, and let Automattic themselves take care of it all;
- self-host, and self-manage;
- some kind of rolling arrangement, where you bring Mr Consultant back in as and when;
but I’m thinking of a brilliant answer. One whereby the supplier pledges to apply additional security measures, and to install any patches / security updates to WordPress, PHP or MySQL as soon as they become available… but still gives freedom to designers / developers to make reasonable use of plugins (etc).
Of course, that doesn’t cover you for potential weaknesses in the plugins: and the perfect host would take some responsibility here too – vetting, approving, updating, whatever. I’d be looking for some kind of proactive communication, bringing things to my attention as and when. And of course, let’s not forget the inevitable hosting questions of bandwidth, 24/7 monitoring, disaster recovery, and so on.
If such a hosting provider exists, I’ve yet to find them. I know of several well-regarded services aimed at serious developers; but I haven’t yet seen any aimed at the emerging class of designers with reasonable tech skills.
And I’m steadily becoming convinced there are enough of us around, small-scale operators producing customised WordPress sites, to make it a viable business. Clients would unquestionably pay a decent premium annually for managed hosting like this, especially when the base software itself is free of charge.
It’s not something a solo operator could take on, but I’m wondering if there are people reading this who could help make it happen. Some kind of cooperative, perhaps? Somebody already in the hosting business, with PHP and MySQL skills, but no WordPress t-shirt yet?
Please, if anyone has any thoughts, suggestions or draft business plans… stick a note in the comments, or drop me an email.
Oops. I wrote this piece yesterday, wishing that WordPress offered Long Term Support for occasional releases, along the lines of Ubuntu. I then get a comment from Mr WordPress himself, Matt Mullenweg, telling me that there actually is a long-term supported release. Here it is for the record…
The official policy from Team WordPress about software upgrades, as described by Matt Mullenweg last month, is pretty straightforward: when we release a new version, you should upgrade. Like, immediately. But when you’re dealing with the corporate world, where you deliver a project and effectively walk away, it isn’t quite so simple… and I’d personally welcome a Long Term Support approach along the lines of Ubuntu.
WordPress was built for bloggers: technically literate self-publishers, with some grasp at least of what’s involved in running a website. But as I’ve documented here countless times, and as my continuing mortgage payments demonstrate, comms professionals with no particular IT skills find its convenience, flexibility and simplicity (not to mention the price) equally appealing.
But the chink in the armour, if you like, is WordPress updates. Corporate projects tend to come with lists of requirements, which push well beyond normal blog-based sites. Normally, these requirements are achievable using plugins or a bit of custom code. But as Matt acknowledges, when an upgrade comes, there’s no guarantee that a particular plugin will work. And even worse, given that most plugins are offered up by volunteers, there’s no guarantee that the plugin will be updated accordingly.
I’m afraid Matt’s assertion that ‘having a secure site is much more important than the functionality of a single plugin’ won’t really stand up in the corporate context. You’ll ultimately face a decision between a site which might be at risk, but does everything you want; or (to put it provocatively) an under-performing site which still won’t be 100% secure anyway, because nothing ever is. And I’m afraid most marketing or communications people will choose the former.
There’s also the issue of the high-visibility upgrade notifications in the more recent WordPress releases. Whilst these are fantastic for those of us who run our own server setups, and aren’t scared of the upgrade process, I’ve had several phone calls from clients who are seeing this warning, and panicking (I’d say) unnecessarily. And I can’t honestly promise them that ‘hey, just do it, nothing can possibly go wrong.’
There is a compromise solution here: and that’s the model of Ubuntu‘s Long Term Support releases.
There’s a new version of Ubuntu’s Linux package every six months, with a promise to offer product support (ie minor fixes) for at least 18 months. But some of these are designated as having Long Term Support: these come with a promise of three years’ worth of fixes for the desktop version, and five years’ worth for server versions. It doesn’t mean that you’ll never have to do a major upgrade. But it’s a guarantee that the fundamentals won’t change for a considerable period – long enough to put the IT manager’s mind at rest.
That’s the kind of commitment I’d value as a WordPress ‘developer’. I want to present pitches to clients based on guarantees, not probability. And I’ve seen specific examples of excellent WordPress plugins, perfectly secure and stable in their own rights, which suddenly become obsolete because something changes in the next major WordPress release. Looking back, the changes are almost certainly for the better overall; but not if I’ve built a particular function around a particular plugin which no longer works.
The v2.5 release of WordPress takes it to a new level of maturity. A policy of LTS releases, ideally via simple ‘overwrite this file with that file’ patching, would signal the product’s readiness to be taken most seriously in corporate environments. And it would make an already strong proposition almost undeniable.
… and here’s the info about the ‘legacy 2.0 branch’ which is almost exactly what I was asking for. Now, I consider myself fairly well versed in the ways of WordPress, but I’d never even heard of this, and various Google searches yielded nothing.
I guess my only response would be that the description of the legacy branch needs to be rethought. The word ‘legacy’ (to me anyway) sounds negative; the idea of ‘Long Term Support’ sounds positive.
My thanks to Matt for correcting me, without making me sound like a total idiot.