The Latest Rumors About WordPress Are Wrong
Calypso has been the hottest topic in the WordPress community over the past week, following this announcement from Matt Mullenweg. While many have praised the development as genius, and a long time in coming, others have been less generous in their comments. In fact, there are some rumors and ideas being fervently discussed in various WordPress groups that are flat out wrong.
It all stems from confusion about what Calypso really is, and how it’s changing WordPress and the future development of that platform. Developers who have invested incredible amounts of time to create themes and plugins that are based on the traditional WordPress platform are understandably concerned that all of that work, and the basis for their businesses, could be going up in smoke.
We’re going to review how WordPress works today, how Calypso changes the platform, and what that really means to developers and site owners alike.
To understand how WordPress works in the background, let’s think about what happens when you go to a fast food restaurant. You order a burger and a few moments later you’re walking to your table with a tray filled with food. Is it magic? Nope. Behind the scenes, several employees were working hard to get your burger assembled to the chain’s standards. In the same fashion, when you load a web page, several things go on behind the scenes until a few moments later you see the page you requested.
PHP is considered a server-side language. It’s just one of many, but like any server-side language, it has no say whatsoever in what the browser does. The same goes for MySQL, one of many database systems. The web server calls the PHP script, which in turn calls the database, before generating the HTML code that gets sent back to the browser. That’s pretty much all that the browser reads.
For example, here’s what the wordpress.org site looks like with- and without CSS styling.
REST means Representational State Transfer. It is an architecture style that relies on regular HTTP requests from the front-end to the back-end. In short, it’s basically a one page load that calls several other mini page loads during the same run. Each mini call loads a piece of information.
WordPress is a Content Management System; system being the operative word. Its strength comes from the ability to extend it with plugins and themes. All WordPress plugins and themes are written in PHP and use MySQL to fetch and store data. In WordPress.com, the number of plugins and themes are limited and users do not have the power to install new ones – only to turn on those already vetted by WP.com. Self-hosted WordPress.org users have over 10,000 plugins to choose from, again, all of which are built in PHP/MySQL.
Now, let’s get back to Calypso. I saw a slew of incorrect reports and conclusions because of this statement on Calypso’s home page:
This statement led people to believe that WordPress.com no longer uses any PHP and MySQL. If that were true, it would mean that either they broke hundreds of plugins and themes that relied on the database, or modified them all to work with the new technology. Neither are likely. Especially since they say they use REST API.
It’s also a very confusing statement. The new WordPress.com codebase communicates with itself using their REST API? If you’re running from inside a single codebase, there’s really no reason to make an external HTTP request to yourself.
The fact is that Calypso, WordPress.com’s new Admin Interface is mostly just that – an Interface – a Client Side interface. Using our fast food analogy, to suggest that WordPress.com would no longer use PHP/MySQL is like you asking yourself for a burger, not using any bread or meat, and still expecting to get a tray filled with the same exact food as a result.
The PHP server language, and the MySQL database structure, is still a very necessary element to WordPress’s ability to deliver filling content.
This has been confirmed by WordPress:
@vinnyusestrict The site management and editor interfaces are in JS, and the REST API is in PHP. Hope that helps!
— WordPress.com (@wordpressdotcom) December 1, 2015
WP.org and Security Concerns
Calypso is the new Admin interface for WordPress.com. It can, however, work for self-hosted WordPress sites. (We recommend self-hosted WordPress, where you can use the SBI! for WP plugin. If you’ve installed WordPress from cPanel or downloaded it directly from WordPress.org, you have self-hosted WordPress.) If you have Jetpack installed and its Manage module enabled, you can use the new Calypso admin interface. However, if you follow the basics of WordPress security, then you’ll find that it won’t work at all. This is because it relies on the XML-RPC API, which many WordPress professionals agree should be turned off at all times as it has been the target of extensive attacks. WordPress 4.4 will be releasing an improved REST API, and hopefully Calypso will adopt that for communicating with self-hosted WordPress sites.
Alternatives to Calypso
So, you saw that you can manage multiple sites with Calypso and you really want to be able to do that without putting your self-hosted site at risk by enabling XML-RPC? ManageWP, InfiniteWP, and WPDash, just to name a few, provide good alternatives.
WordPress User Impact
What does Calypso mean to the average self-hosted WordPress user? Absolutely nothing. Maybe in the future, but not now. So there’s no need for alarm or action. But you should be aware of it, because it may create some changes for self-hosted WordPress in the future. And we don’t want you to be caught off guard. Trust us to give you up-to-date, ACCURATE information, without hype.