Technical articles

People can be quite snobbish about WordPress, just as they are about many successful things. But there’s a very good reason for WordPress’s tremendous success.

Probably more than any other software in the world, WordPress has done a magnificent job making web content management not just available, but easy and effective too, for a huge number of people.



The story of WordPress’s success

There’s a lot to learn from the success of WordPress - especially if like us you’d rather find a way to emulate that success than decry WordPress’s supposed failings.

WordPress has succeeded by lowering barriers. It’s easy to install, deploy, use, upgrade and customise. By design, it is easy to expand with plugins. The language it’s written in, PHP, is available on almost every personal computer and web server in the world.

PHP has its detractors too, but the fact is that PHP also offers a supremely easy path into web programming: drop a snippet of PHP into an HTML page, and you’re on your way. It gives users quick results and confidence to continue further, just like any education system should. Once again, we certainly have no intention of criticising that.

As a result, WordPress also enjoys an army of programmers who contribute to its ecosystem and have produced an incredible array of plugins and addons to expand its power.

Once you’ve got your WordPress site set up, you can install new plugins and update WordPress itself, right from the WordPress control panel in your browser, at the click of a button. For end users, it couldn’t be easier - they love WordPress for very good reasons. Other systems in the PHP world offer similar mechanisms, such as Drupal and Joomla, and they too have empowered a legion of web content producers simply by making things easy.



Meanwhile in Djangoland

Back in Python and Django land, it’s a slightly different story. We do think that the Python/Django/django CMS combination is actually better than PHP/WordPress - more elegant, versatile, powerful and secure. We do find that migrants from PHP/WordPress, once they’ve had a taste of Django and have got going, are very unlikely to go back.

But, before they get to that point, there’s a steeper learning curve in front of them than WordPress users have to face. Python can’t be put straight into action in the same easy way as PHP. It requires a WSGI server and an interface to the Python code. You can’t set up Django or django CMS using a simple web interface, you have to install and deploy them using the command line. People are very aware what a difference this makes: no Python or Django conference seems to be complete without a talk or panel on the subject of installation and deployment, and how it could be made easier.



Security vs frictionless deployment

On the other hand, Python and Django do things the way they do for a good reason, and in fact the PHP world has paid a price for its ease of installation, upgrade and deployment: security. WordPress’s built-in upgrade functionality for example downloads the new package, and overwrites the files in the application directory. Python and Django make this kind of thing difficult or near impossible, by design: the same mechanisms that make installation and upgrades so easy in WordPress also represent vulnerabilities.

In other words, there’s a trade-off between security and frictionless deployment. The more you have of one, the less you can have of the other. Python/Django and PHP/WordPress have made different choices. In recent weeks alone, PHP systems including WordPress and Drupal have been in several news headlines and information security reports for exposing users to vulnerabilities that exploit filesystem access through similar mechanisms and policies to the ones that also make their web-administered updates possible.



Beating the trade-off

We, like many others in the Python/Django world, have found this trade-off tremendously frustrating. We’d love to offer our users the easy deployment experience that WordPress users enjoy, but we’re also committed to stringent security principles.

We’ve spent the past five years building an automation platform that seeks to bridge this gap between security and ease-of-deployment.

The Aldryn Cloud is built around Python/Django best practices for deployment and installation, and automates them, using industry-standard tools. It then provides interfaces to the system, to launch the processes and interact with them (for example with our web-based Control Panel, the Aldryn Desktop application and the Aldryn command-line client).



The video below shows how you can launch a new django CMS project and have it live on the web in under three minutes, running on a secure server in a portable Docker container.

Behind the scenes the processes that are launched are far more complex than those involved in say a WordPress update. What unfolds is an operation that would take an experienced human operator several hours to complete, following a lengthy checklist, but can be launched with a single command or click.

For the first time, the ease-of-deployment that has been such a benefit to WordPress and its community is available to Django users. We’re getting closer to the empowering painless management that we so admire in WordPress, and we’re making it available without compromising on security or best practices.



Bonus: benefits for developers

Our approach isn’t just about making installation and deployment possible for non-technical users. It also benefits experienced developers and system operators, both of whom can take advantage of automation. Error-free automated processes allow them to concentrate on what they do best. Better still, the interfaces we provide mean that the systems they launch using our tools are not just inaccessible black boxes, but provide them with very sophisticated ways to interact and work with them.



In the next video, you can see the Aldryn Desktop application setting up a complete development environment for django CMS.

Conclusion

The truth is that we used PHP and WordPress long before we discovered Python and Django. We don’t just have a soft spot for them, we owe them a lot, from the power they so readily put at our disposal to the lessons they gave us in how to make life easy for users. Even though we’ve moved on, there’s still a lot to be gained by following their example.



Learn more about the Aldryn Cloud





Please enable JavaScript to view the comments powered by Disqus.

Disqus