Fear mongering journalist pointlessly blasts WordPress

wp-in-govI encountered an article today that made my blood boil. Phillip Thomson wrote about the cost of three websites for the Australian Minister of Foreign Affairs for the Sydney Morning Herald.

The article blasts Julie Bishop and her department for spending $113,000 on upgrades and maintenance for three websites. I have no opinion on Australian politics, this politician, or the value of these three websites. I am an American.

However, I do have an opinion about the complete failure to do due-diligence by this author, the ridiculous fear-mongering attitude displayed toward open source technology, as well as the moronic quotes by the “security expert” in the article.

Three websites for Foreign Minister Julie Bishop's foreign affairs portfolio have cost taxpayers $113,130, according to answers to questions on notice at Senate budget estimates.

Let's use bits of the article to understand more about the $113,00 expenditure.

The costs include more than $68,000 for “website testing”, $19,000 for training, $15,000 for “website release management” and $10,000 for “website deployment”.

“I assume [website deployment] means pushing the button to put it up,” said Labor Senator Joseph Ludwig, who was asking top bureaucrats about the costs in the hearing on Wednesday morning.

I'm sure Senator Joseph Ludwig is an expert about website deployment.

As an aside, I'd like to point out to Mr. Ludwig and Mr. Thomson that $113,000 is not an extreme amount of money for maintenance and upgrades for three government websites. If you research a variety of governments' expenditures, you'll find that it's probably fairly normal.

Now, onto the stupid.

Keen-eyed readers have since pointed out that Ms Bishop's electorate website juliebishop.com.au is built on WordPress, a free online platform. Although heavily customised, it uses the 2012 theme template and many of the tools readily available to novice website designers.

Aha! Now Mr. Thomson has really nailed her. WordPress is free! What a waste of tax-payer funds!

Hilariously, Ms. Bishop's office corrected the author, stating that her personal website was not part of the expenses. Think about that for a second. It means that the rest of these false statements are also, in fact, completely pointless.

Mr. Thomson, allow me to teach you a few things.

  • Around 22% of the internet (yes, the whole internet) runs on WordPress.
  • It's the CMS (that means content management system) of choice for well over half of all websites that use one.
  • WordPress is used for far more complex applications than as tools for simply “novice website designers”. Although, it is quite usable for all — even ill-informed journalists.
  • Six and seven figure projects are not uncommon for website development and maintenance. In government especially, navigating requirements, project management costs, bureaucracy, and many other non-technological factors can quickly cause a project’s cost to go up.
  • Governments around the world consider WordPress a fine tool for web applications. NASA, the United States military, Sweden, the European Commission, and many others use it. This doesn't even include the countless cities, county, and state governments that use WordPress (typically self-hosted!). Here's a spotlight from WordPress.com VIP about WordPress in government.

Now, let's break your number down. If you divide $113,000 by $150 per hour (a common rate, and probably too low for most government consulting work), you get 753 hours. That's about 15 hours per week of work on three websites throughout the year — a very typical amount of time for even normal maintenance, much less upgrades. Even if these dollars are quarterly costs, that's only one person's time to manage these three websites.

Not that it matters. The websites in question are not even WordPress. Yet you continue to put FUD in your article about WordPress and open source technology.

Security expert Phil Kernick of CQR Security pointed to the potted security history of WordPress and questioned the use of the popular platform for a government official's site.

“I'd never build it on Worpress or Joomla or any of those other tools if I wanted a secure website. When you are a public figure, you have to manage your identity carefully. I can't imagine why anyone would do that,” Mr Kernick said.

Let me put this as simply as I can, Mr. Thomson. Your security source is an idiot regarding open source technology.

As noted above, WordPress is trusted by countless public and government entities, as well as businesses. Also, it's actively developed by hundreds of talented developers. There have been no major core WordPress security breaches in years. Even when there are minor security vulnerabilities found, they are patched and updates are released in a matter of days, or even hours. The same goes for Joomla and other popular pieces of open source software.

Furthermore, open source is almost always a cheaper and better option for website development, because proprietary systems often “lock in” clients, making it very difficult to fire a consultant. With open source, hundreds or even thousands of consultants can work on the same technology systems. These open source technologies help your government avoid abusive consulting relationships and save money.

Last week, US-based firm Sucuri identified two security vulnerabilities on a plug-in that affects all WordPress websites. In March, security blogger Brian Krebs warned other users to be vigilant in light of a bruce-force attack on WordPress, adding to security incidents in previous years.

Mr. Thomson, I hate to tell you again, but you are once again wrong. The All In One SEO plugin referenced is in fact not on all WordPress websites. It's popular, yes, but not even close to all websites. It's not even installed on Ms. Bishop's website, in fact.

And to bolster your argument, you link to blog posts that warn WordPress site owners to be vigilant about security. Mr. Thomson, in what world is it not a good idea to be vigilant about security? In addition, brute force attacks on WordPress were not due to WordPress vulnerabilities, but rather the goal of attackers to hit the biggest target, and — as you'll remember from above — WordPress is a big target.

Mr. Thomson, I have to give you credit. You managed to pull a triple whammy.

Not only did you make a non-issue an issue, rousing feathers of an uneducated audience by criticizing a department about spending a relatively normal amount of money on their websites, but you also were able to get the facts completely wrong, as well as falsely blast an ecosystem and technology that doesn't deserve it and wasn't even party to your critique.

Nevertheless, your ridiculous article will live on as another source of WordPress and open source being a bad idea for government use, when in fact both are a very good idea. You've contributed to the problem of perception that many have attempted to refute.

Oh, and allow me to recommend Jeff Waugh and Pia Waugh for your future articles regarding open source technology in Australian government.

Next time, please do your research. Your article is an embarrassment.

*Image credit, WP VIP