There's a lot of essential functionality missing from WordPress, meaning you have to install plugins. Depending on what you need to do.
But it's such a bad platform that there really isn't any reason for anybody to use WordPress for anything. No matter your use case, there will be a better alternative to WordPress.
Can you recommend an alternative for a non-technical organization, where there's someone who needs to be able to edit pages and upload documents on a regular basis, so they need as user-friendly an interface as possible for that? Especially when they don't have a budget for it, and you're helping them out as a favor? It's so easy to spin up Wordpress for them, but I'm not a fan either.
I've tried Drupal in the past for such situations, but it was too complicated for them. That was years ago, so maybe it's better now.
Drupal has been around for a while, but I've never heard of "Drupal CMS" as a separate product until now.
It appears Drupal CMS is a customized version of Drupal that is easier for less tech-savvy folks to get up and running. At least, that's the impression I got reading through the marketing hype that "explains" it with nothing but buzzwords.
I find it very telling that there's no 2 responses to this post recommending the same thing. Confirms my belief that there is no real alternative to Wordpress for a free and open-source CMS that is straightforward to install and usable to build and edit pages by non-tech-experts.
Yes I can. There's an excellent and stable solution called SurrealCMS, made by an indie developer. You connect it by FTP to any traditional web design (HTML+CSS+JS), and the users get a WYSIWYG editor where the published output looks exactly as it looked when editing. It's dirt cheap at $9 per month.
Edit: I actually feel a bit sorry for the SurrealCMS developer. He has a fantastic product that should be an industry standard, but it's fairly unknown.
> Can you recommend an alternative for a non-technical organization, where there's someone who needs to be able to edit pages and upload documents on a regular basis, so they need as user-friendly an interface as possible for that
25 years ago we used Microsoft Frontpage for that, with the web root mapped to a file share that the non-technical secretary could write to and edit it as if it were a word processor.
Somehow I feel we have regressed from that simplicity, with nothing but hand waving to make up for it. This method was declared "obsolete" and ... Wordpress kludges took its place as somehow "better". Someone prove me wrong.
I think you're mistaken. The use of WebDAV was not a requirement. Frontpage could function in "HTML editor" mode and just write to the filesystem. In that case, any WYSIWYG editor would do but FP was there and available.
For those on macOS, RapidWeaver still exists: https://www.realmacsoftware.com/rapidweaver/. (Shame that it's now subscriptionware, though – could've sworn it used to be an outright purchase per major version.)
YES! I have switched to it for professional and personal CMS work and it's great. Incredibly flexible and simplistic in my opinion. I use it both as headful and headless.
We have a (internally accessible only) WP instance where the content is exported using a plugin as a ZIP file and then deployed to NGINX servers with a bit of scripting/Ansible.
Could be automated better (drop ZIP to a share somewhere where it gets processed and deployed) but best of both worlds.
Jekyll and other static site generators do not repo Wordpress any more than notepad repos MSWord
In one, multiple users can login, edit WYSIWYG, preview, add images, etc, all from one UI. You can access it from any browser including smart phones and tablets.
In the other, you get to instruct users on git, how to deal with merge conflicts, code review (two people can't easily work on a post like they can in wordpress), previews require a manual build, you need a local checkout and local build installation to do the build. There no WYSIWYG, adding images is a manual process of copying a file, figuring out the URL, etc... No smartphone/tablet support. etc....
I switched by blog from wordpress install to a static site geneator because I got tired of having to keep it up to date but my posting dropped because of friction of posting went way up. I could no longer post from a phone. I couldn't easily add images. I had to build to preview. And had to submit via git commits and pushes. All of that meant what was easy became tedious.
what are your favorite static site generators? I googled it and cloudflare article came up with Jekyll,Gatsby,Hugo,Next.js, Eleventy. But would like to avoid doing research if can be helped on pros/cons of each.
I looked recently when thinking of starting some new shared blog. My criteria was "based on tech I know". I don't know Ruby so Jekyll was out. I tried Eleventy and Hexo. I chose Hexo but then ultimately decided I wasn't going to do this new blog.
IIRC, Eleventy printed lots of out-of-date warnings when I installed it and/or the default style was broken in various ways which didn't give me much confidence.
My younger sister asked me to help her start a blog. I just pointed her to substack. Zero effort, easy for her.
I work with Ruby but I never had to use Ruby to use Jekyll. I downloaded the docker image and run it. It checks a host directory for updates and generates the HTML files. It could be written in any other language I don't know.
I don’t have much experience with other SSGs, but I’ve been using Eleventy for my personal site for a few years and I’m a big fan. It’s very simple to get started with, it’s fast to build, it’s powerful and flexible.
I build mine with GitHub Actions and host it free on Pages.
Just not true, although entirely aligned with HN users who often believe that the levels of nerdery on HN are common in the real world. WP isn’t bad, you’ve just done it wrong, and there really isn’t a better alternative for hundreds and hundreds of use cases..
My perspective is that WordPress is too complicated and too nerdy for most real world users. They are usually better off with a solution that is tailor made for their use case. And there's plenty of such solutions. Even for blogging, there are much better solutions than WordPress for non-technical users.
I do custom web dev so am way out of the website hosting game. What are good frameworks now if I want to say, light touch help someone who is slightly technical set up a website? Not full react SPA with an API.
By the sound of your question I will guess you want to make a website for a small or medium sized organization? jQuery is probably the only "framework" you should need.
If they are selling anything on their website, it's probably going to be through a cloud hosted third party service and then it's just an embedded iframe on their website.
If you're making an entire web shop for a very large enterprise or something of similar magnitude, then you have to ask somebody else than me.
jQuery's still the third most used web framework, behind React and before NextJS. If you use jQuery to build Wordpress websites, you'd be specializing in popular web technologies in the year 2025.
I've seen this site linked for many years among web devs, but I just don't understand the purpose? jQuery code is much cleaner and easier to understand, and there's a great amount of solutions written for jQuery available online for almost any need you have.
Then WordPress is just your private CMS/UI for making changes, and it generates static files that are uploaded to a webhost like CloudFlare Pages, GitHub Pages, etc.
I think a crawler that generates a static directory from your site probably the best approach since it generalizes over any site. Even better if you're able to declare all routes ahead of time.
I once worked for a US state government agency and my coworker was the main admin of our WordPress based portal and it was crazy how much work it was to keep working.
I think most of those are Instagram shoving it in your face. Yeah I'm a "Threads user", but only because of the inline feed in Instagram. I'm annoyed when there is a notification blip but it turns out to be Threads spam.
Threads' launch was intentionally rushed in order to capitalize on the user discontent at the time. Without a large alternative, enthusiasm to migrate to another social network would have waned. Note that Bluesky was still invite-only when Threads launched.
How many users on X (Twitter) or Bluesky are bots? It's reasonable to assume the percentages are the same, given the lack of public information for the major text-based broadcast social networks. X is estimated to have 250M daily active users. Mark Zuckerberg recently stated that Threads' DAUs were 100M. Threads achieving a bit under half the size in such a short time is impressive, especially since Threads still lacks many features that X has had for years.
> It's reasonable to assume the percentages are the same
It's reasonable to assume they're worse. Bluesky doesn't have Facebook's network or surveillance apparatus. Neither does Twitter, except it's a higher-value target than Bluesky and Threads combined.
Daily Active Users (DAUs) and Monthly Active User counts represent the amount of users that perform activity on the application daily and monthly, respectively.
I think it's relevant that Transmit is a local native app. There's no hosted app exposed to the internet to hack here. Google made one lengthy process that doesn't fit this use case.
Panic runs a cloud-hosted sync service that syncs your credentials and connection info between different instances of Transmit you may have.
No idea if that's what google is targeting here, but that is a cloud service, that presumably gets a copy of people's Google Drive OAuth keys if they use Google Drive with Transmit and the sync service.
That isn't a factor in Google's decision making. An app is an app as far as they're concerned, whether it's a local client or some sort of hosted service.
How can you be so sure? Even after reading all the source code, there still can be bugs, attacks, demanding letters from different agencies, misconfigurations, vulnerabilities in code and in libraries, etc. etc. etc.
If your threat model is the NSA leaning on a developer to ship a compromised build, KPMG is not going to catch that. If it’s that you’re going to use Transmit to connect to a server which is compromised and exploits your client to exfiltrate your Drive files, guess what else they’re not going to prevent?
It’d be one thing if Project Zero was running serious audits but this policy is designed to let them check audit checkboxes so when you lose data, it’s hard to sue Google.
exposed to the internet and connected to the internet are different. Exposed implies that traffic originating from the internet reaches the app. You still do have to worry about things like parsing malicious files, but the class of relevant attacks is much smaller and generally easier to defend against.
Everything's connected to the internet, what the OP was talking about was attack vectors and since Transmit is a local app it really isn't one unless your whole machine is compromised, which in that case you're screwed.
There are lots of ways a local app can be compromised. It can read a local config value unsafely which can be influenced by some other app that does talk to the Internet, for example.
There's a reason why airgapping is the only way to secure important systems (and of course that can also have a number of vulnerabilities).
And besides, how do you know it's a local only app if you haven't audited it?
This is absolutely a thing in 2024. Or less drastically the many examples of a development team being cut, further development being sporadic and bug prone, and a detached and patronizing ticket system for support instituted.
Why shouldn't that work? Dropbox and SMB both just need to read/write/watch files like any normal process. I do the same thing at home with Syncthing/SMB and it works fine.
From a theoretical perspective, sure, but the product Dropbox sells is either a website or an app each end user gets that adds local sync and some other useful sharing features. They certainly don’t intend it as a centralized system that people expose over the network in a bespoke way, and I can fully sympathize with why they’d tell this user that’s not something they want to support.
Congratulations: you've just created a culture where people are afraid to report potential issues for fear of losing their jobs. Maybe there are some cases where you find that specific individuals end up acting irrationally more often than not, but on the whole, it is better to treat these acts as if they were good faith until proven otherwise.
I’m saddened the sarcasm flew over the heads here. A disappointing reflection of the number of companies that really do act like that now, which was my point.
Don't be sad. I found out several times myself that irony without emotion hints, misses its goal. Otoh When you add the /s hint, it's more like explaining a joke to a listener.
Agreed. Also often the gap between what people will pay for a hobby project and what money is being made at a tech company by the people who have the hobby is vast. Sometimes there are contractual restrictions on taking money from other jobs simultaneously that complicate it.
reply