The Future of WordPress and Securing the Software Supply Chain

Matt:  All right, Karim, thanks so much for joining me today. It's great to see  you. I know  you're a very busy guy, last time we talked, you were about to leave. You were  about to head out on the road again. I think that's typically our routine is I'll call you, you'll call me. I check in and you're about to leave somewhere typically very far away. And I think you were just coming back from that trip now and we're grabbing some space today, but so what have you been up to? Where were you at recently? You were in Europe, right?

Karim: Actually, I unfortunately didn't make the trip to Germany for Cloud Fest because of a last minute medical issue. But I was able to have a lot of the meetings virtually and keep up with what was going on there and follow up from what I was supposed to do there. Unfortunately, this time I didn't get a chance to go, get a

Matt: chance to go there. The only thing that can hold you back from actually showing up at one of these events is I can't physically be there. Exactly. You're pretty much an institution. Anyone that's familiar with you, and we're gonna talk a little bit about your background as well. But you're a fixture at a lot of these events from Word Camp to other, very WordPress focused international events. When you think about that, is that part of the real joy in doing this is that you're able to go out and connect with the community in a big way?

Karim: Yes. I am so incredibly lucky to be part of one of the largest open source projects in the world that affects quite literally global content. 

And I've just been amazed and humbled at being able to go around the world and talk to the different folks who are using WordPress in different ways. And it helps us bring better information and better concepts back to our own clients. And really, for me, the joy is helping evolve the WordPress project because it is so wide instead of vertical.

Even though our own company is very vertically based. WordPress means so many different things to so many  people.

Matt: Sure it does. Yeah. Let you know. So you and I met on a what I'll describe as a tropical cruise around the very warm waters of Montreal. And I think we, we ended up spending, we found each other out on the bow of the ship.

And I think we ended up spending maybe almost an hour and a half just chit-chatting about many things that were happening in open source. Not just WordPress, but I think open source at large, as you just mentioned. Absolutely. This is one of the biggest projects in history, but I think it's indicative of what we see more broadly with WordPress.

That community is really the energy behind it. We talked about Laravel, we talked about scale consortium. I wonder if maybe we could take a minute and you could just share with us. As I've said many times in talking to folks, there isn't always a straight line to get to this stuff, to get to CMS, to get to, to content. How did you end up in this place that you're in with not just with crowd favorite, but maybe just a, quick recap of how cream ends up being a, one of the leading voices in this industry?

Karim: I was lucky enough to be.

Pulled into the internet in the early nineties, right when it was starting to be commercialized. And really, I started working with some of the first content management systems that the enterprise started using at the very beginning of these larger enterprise content management systems. And through the end of the nineties and early two thousands.

I kept working with a whole bunch of names that don't exist anymore or have transformed. But I've pretty much worked with every large content management system that was out there. Yeah. And then as some people find a calling one day I. Looked at open source content management systems. This is 2006, 2007 when WordPress was very well known as a blog.

Drupal was out there and being used already by the enterprise. I started looking at content management systems that were open source and I was just amazed at how well they were thought out at the time and how. Versatile they were. So I fell with a, in love with a concept when I really, when I understood the IBM Red Hat story of how Fedora and Red Hat could have two different versions of the same software and one was supported by Enterprise and then that eventually does help the Fedora project as well, and so forth and so on, and IBM's partnership.

And I said, I'd love to see that happen with Open source and content management. Yeah. And at that time, a friend of mine who was a senior person at Disney, came along and said, we're considering open source content management systems to replace everything they had spent the last 10, 12 years before that working on a proprietary system that was made by one of the big management consulting companies and, I just dove in head first on open source, and now for the last 15 years we've been the team has been working on architecting and building open source based content solutions for the enterprise. Yeah, so we work with Disney, we work with, at we work with major financial institutions.

Matt: So somewhere along the line, it was about falling in love, right?

It was this moment where you looked at open source, you looked at the promise of it, you were smitten. This is, this is the promise of being able to democratize aspects of what we're doing from a technology perspective. But there's a real enterprise application here.

And when we think about managing all of that from the community components and having innovation be a key part of what that brings to the table, to understanding the, a lot of the challenges that I think have been inherent over the years. The perception that security was always an issue or always up for question when pitched against proprietary platforms, which again, you have that, that deep experience in as well.

Talk to me a little bit about. The scale of WordPress and its impact on the industry. I think as of at least earlier this year, in some studies I've seen, it's still holding pretty steadily around 43% or so of at least all websites. And then I think it's much larger with websites that have known CMSs maybe closer to 61%.

Which I think some of that translates into. Hundreds of millions of websites. So those are just the raw numbers, but for you, what, what is the real impact here of WordPress?

Karim: So I look at it in two different ways. First of all, those numbers you mentioned are extremely impressive, and that's what makes it one of the largest open source projects in the world.

But we have to realize that, the high 90 percentile of that. It is one-off websites, consumer websites, and private websites. It's the small website with most of that number. And on top of that,  the way the ecosystem has grown over the last 20 years, the idea of these themes and plugins that is its own complete ecosystem and environment has created a complete.

Community around the world of products, services, and solutions that can help everybody from the personal website to the small business all the way up through the enterprise. Yeah. So in our world, in what we do we're focused on that top tiny percentile of the absolute enterprise or fortune company.

But. What we try to do is we try to use it in a way that we're giving back what our experiences are to the larger product and the larger ecosystem. So that the entire ecosystem can move forward in a. In the utopian world, the idea here is that [00:08:00] WordPress should be a foundational content management system that you could use for your personal blog or you could use for D 20 three.com over at Disney with all of its crazy traffic, right?

That's right. And everywhere in between. So if you get that layer you have an opportunity to create a piece of software that is usable globally. To help everybody put their content on the internet.

Matt: Yeah. And it's that you think it's that flexibility. So what I'm hearing there is that it's, there are all these there's a wide birth of use cases.

Someone who used to build in WordPress pretty religiously for consultants. I had a niche business around just after the great recession, I'll call it a side hustle, where I was doing a lot of WordPress building and developing in a very specific niche. And I think that, small consultancy, there's a really good fit from an organizational perspective, that segment was served really well around the flexibility of WordPress. And obviously there are a lot of  proprietary platforms that have emerged over the last decade that have fit that niche, which I think is to some extent the erosion we see with.

Further or future adoption with WordPress at that level. And I think you make a great distinction here, is that downstream, you know that there are lots of choices upstream. I think there's lots of enterprise opportunities, which is where Crowd Favorite and where you focus a lot of your attention.

And what I'm hearing there is that it is having a downstream effect too, right? So what we're doing. At the enterprise level to validate, create the security and trust to reinforce these really big use cases is having a ripple effect elsewhere. It's validating it elsewhere.

Am I hearing that the right way?

Karim: Yes. I'll give you a quick enterprise. I. Example, and then I'm gonna, and how that translates to the con, the more the small business level. And then I'm actually gonna argue with myself for a second. Excellent.

Matt: I love it. I'll sit back and let you argue

Karim: If, five, six years ago you said to somebody who had a website for their main street business in a small town, USA, we wanna give you a website where each one of your customers can have a personalized experience. You'd get laughed outta the room because they'd be saying, I don't have six figures to spend on a website.

I can't do personalization today. There are. Content personalization plugins for WordPress, right?

That starts at a hundred dollars for a year's worth of subscription. There are free plugins out there that do this, so you can have a hardware store and quite literally do personalization on your homepage and your content pages or your, WooCommerce checkout.

For pennies, right? Compared to what you could do five years ago. And that's a direct result of all the competition that's happening at the enterprise level, at the large business level where WordPress and the WordPress ecosystem is trying to solve the problem and bring that down. It's a race to the bottom in a good way of competition of trying to make these things less complex.

Yeah. That's how enterprise projects help the ecosystem. Yeah, that's just one example. Yeah. But on the other hand, the true competition for any content management these days. In the last 10 years,  the concept of all you need is social media and a shopping cart. You don't need a website anymore.

There's this idea that the website is getting antiquated and let's just deal with social media. And just grabbing a shopping cart, whatever that may look like.

Matt: And there are lots of options for that too. WW WooCommerce owns a big piece of it, but Shopify's really given 'em a run for their money.

And there are other smaller platforms that have come into the fray as well.

Karim: Let's be honest, Shopify owns that market, right? Not much. Yeah. Yeah. So the bottom line here though is that for those of us  who have gray hair. And have been around pretty good though.

Thank you. I may be so bold for those of us who have been around the block a few times. The bottom line is we've heard the doom and gloom many times. These are market trends. They'll turn around, they'll change. Social media was the absolute. Salvation, everything. Lately it's been a privatization and pri, PII, nightmare.

Personal identifiable information nightmare. It depends on what you're trying to do, and there's always gonna be a place for content management systems. It's going to evolve. Yeah. The challenge, whether you're talking about a closed source platform, content management system, or an open source platform like Drupal or WordPress, the challenge is.

Can these systems keep up with the change of the marketplace, or are they trying to solve problems from five and 10 years  ago? And unfortunately, a lot of companies are just trying to play catch up.

Matt: Yeah. And I think it's important to, it's important to validate for businesses for whom the only real digital channel that they have is their website, right?

They're not interested in omnichannel. They don't need personalization at scale. They just need a really simple business website, and I think this is where WordPress, I. Continues to have such relevancy in the market is an easy way to be able to do that and support it. It's not complicated. It's very intuitive.

Like you said, there's a big ecosystem of plugins that allow them to really shape it the way they want to. So in that sense it feels like there's a whole part of the market that we overcomplicate the solution for, most businesses probably just need a really decent website and an okay web API.

To do what they need to do. We're talking about a smaller percentage of the market that needs those more advanced features. And like you said I, I agree. I think that it is, there is some cyclical nature to a lot of this. And we, we think, like you said, social media is this s solve or this silver bullet that's gonna solve a lot of things, but it's creating a huge number of compliance issues.

Now, as you mentioned, yeah, obviously with WordPress, if we look back the last couple of years, there were some challenges with Gutenberg. I think the classic editor continues to be like a hot, better seller that sells like hotcakes or is downloaded like hotcakes in a lot of the marketplaces.

So there were some issues with, I think, innovation and obviously as we talked about the broadening. Menu of different options from Squarespace to Wix to even Canva being options for being able to build. And as you mentioned, I think that's another important point, another great distinction is that there's a certain level of the market that's applicable to.

And with you guys focusing on enterprise, it's really taking WordPress into that. I think the next dimension is where it has great marketability but obviously that's been overshadowed. Over the last let's say six months or so. And then of course, I think the seeds of that are going back even further.

But part of why we're talking today is the, some of the legal challenges that have been casting a  shadow over everything. And what I'm interested in, obviously there's been a lot of news reported around this from multiple outlets, sometimes day by day, just following Matt and Automattic's posts on a regular basis.

And for those of you that aren't familiar with Matt or Automattic, I encourage you to go out and just do some quick research. We won't spend a lot of time on that today. But, I'm not interested in that. I'm interested more in what we can do as a community, as an industry. What do enterprises need to up level?

I understand either the risks or the liabilities associated with what's happening from a legal perspective. And I, I wanted to you and I have been talking about this on and off, but I wanted to talk to you today about. From your perspective, where are we today? What are really the key issues we should be focused on?

And ultimately, what's the roadmap look like? How do we navigate around this in a way that's meaningful and has a positive impact for either the people who are hosting with WordPress currently through managed solutions that are dependent on  WordPress? We've talked about the looming potential.

Of forks having a ripple effect on things. A lot of stuff. And I think it's created just this whirlwind of chaos. So I wanna hit the pause button, bring the temperature down a little bit. Absolutely. And in the way that you with a very calm and tempered vocalization around, it can communicate what the, with the big things we need to be focused on right now, where we're at today.

And what we need to be focused on in terms of the roadmap.

Karim: So I'm gonna talk about two different challenges. The challenge from the customer point of view and the challenge from the project point of view, and then how can we solve them. But let's be clear about those challenges. The beginning of your question was how can the enterprise, or how can large customers, large organizations look at this?

And the answer there is, over the evolution of adoption of open source in the enterprise. People used to worry about security. We've solved that “managed” WordPress. WordPress handled correctly within those organizations that still have their own knocks, they handle security correctly. There's security companies out there like Patch Stack that do incredible jobs of partnering with hosts and with large organizations to secure that.

We've solved that. Right now the biggest problem is the supply chain security. The reality is that you have to be able to trust where your software has come from. And before this started, before all this negativity from last September started, we already had that problem. We had that problem because the ecosystem is dependent on an entire community of plugins that, it's not clear where the plugins come from, how those plugins get updated, where you're getting those updates, that's always actually already been a problem. There just wasn't a light shining on it. This situation has created a spotlight, a laser beam focused spotlight on the fact that for open source to succeed in the enterprise, for open source to succeed for anything other than a hobby project, we must as a community in an ecosystem.

Get past just talking about governance of an open source project and actually talk about the source of where this software is coming from. Not from a security perspective, just of the lines of code, but also I. Is it a trusted source? That supply chain ecosystem is absolutely mandatory. And the idea that one entity can just decide to flip a switch and the code changes yeah, is no longer acceptable.

So for large organizations, like one of the largest media companies in the world. We've solved that problem because everything is containerized. For those of the folks who aren't technical on here, basically, instead of downloading updates, everything happens in a very controlled fashion. You can't automatically update anything.

So for the enterprise, that's temporarily solved. It's not a real issue today, but you have to be able to say. I need to trust where my CMS WordPress is coming from. I need to trust where my plugins are coming from. And for that, we need open and transparent ways of figuring that out. So on the customer side, make sure that you are, no matter what project you're working on, whether it's WordPress, Drupal, whatever it is, make sure that you have ways of securing your supply chain.

On the project side of it, it's up to us in the ecosystem to create new ways of  managing those updates that we can become trusted. One of my favorite conversations I had with a gentleman we both know named Tom, who's worked with AEM for years.

Matt: Oh, yes. The AEM guy.

Karim: One of my favorite conversations with him was like, AEM is trusted.

So nobody's going to say, where is that code coming from? But what Tom reminded me of just literally last month, is that the source behind AEM was also open source. But you trust it because it comes from AEM, right? So how do we in the open source community create methods, both technical and organizational, that we can say in a transparent nature.

This is where the software comes from. Those are the two challenges on both sides. Yeah.

Matt: Let's go back to the infrastructure piece just for a second. Not to get overly technical, and I try to avoid that as much as possible, but absolutely. We talk about an architectural approach using containers.

That is, they're isolated by design, right? So functionally they fit that. That sort of supply chain fabric in the sense that as you mentioned things aren't happening outside of that container. The containerized functionality. At the same time. Those were, we're for the most part using open source systems for that as well.

We're, if we're using Docker hub, we're using Docker, we're using Kubernetes. All of these are open source. Absolutely. This is anything to Tom's point, to evoke his spirit on this call. I think he's exactly right, is that almost everything that we've built.

Which may speak to some of the challenges with WP Engine and other platforms out there that were part of the dialogue of the lawsuit or the contentions, let's say. Yeah. Is that, we're all relying on open source to get the ball down the field a certain number of yards.

The rest of it we're building something on top of it. But I just wanna go back to that infrastructure point. 'cause I think it's important relative to your point. About open source being even part of AEM, even though we have that knowledge of where it's coming from, where the source is coming from, it's still built on,

Karim: Right? So my organization, crowd favorite. We provide the same infrastructure for WordPress to companies like Disney, like AT&T, like other companies that AEM provides for the same types of companies. We are helping them set up architecture that solves the problem we just discussed, right? Yeah. But unfortunately, that hardware store on Main Street can't afford an entire software team to keep that containerized piece exactly the way it is. So it's up to us in the community to create these systems and these transparent organizations that will help us make sure that we can be trusted by the hardware store on Main Street.

Matt: Yeah and again, I think that's a great point that, some of the we've talked about a number of downstream challenges that exist, but I think the financial one, the limitations of being able to operate at that level and at the same time balanced out by the realities of, yeah, a lot of those a lot of those users won't require anymore than just a single page on their website, right? 

They're not connected to a lot of different third party systems, right? Their use case is a little bit different as we go upstream to more complex e-commerce, digital commerce connected types of solutions that have to be PCI compliant. They have to meet GDPR, CCPA because they're doing business all over the world.

It's a different order of magnitude, a much wider surface area of things that can go wrong. You guys at Crowd Favorite are helping to, as you mentioned, reinforce the same kinds of tenants that exist for an AEM. And is that part of, when you think about the whole soup here, you think about the stew of what really matters to enterprises? It's more than just the, we validate open source. We're in, you need smart people and partners who  understand how to manage it the right way. And is that at risk with the way that things are beyond your control? And again, just brass tacks about it, how do we navigate around the realities of there being obviously a personality involved, a set of unpredictable things that are happening seem to be happening on a pretty regular basis.

How do you navigate around that and give confidence to enterprises?

Karim: Okay, so I'm gonna approach this without getting involved in any of the drama from the side of Automattic or WP Engine or anything. The bottom line is this: if you look at the technology industry, quite literally, in the last 25 years, we've had these progression of companies.

No matter what your aspect is, of they eventually have to make money no matter how much money's been poured into them, and you were talking about scale a moment ago, WordPress has benefited so much from companies like Automattic and WP Engine that have had so much money poured into them. Yeah. But even Automattic at some point needs to raise their hand and go; we need to not only be cashflow positive, but we need to actually be worth something.

Of course, yeah. Like any other business, the founding company and the founder of WordPress have come to the natural point in their path where they need to also figure out what their path to long-term viability is. Yeah. There's nothing surprising here for the enterprise. Yeah. How do we get past this point?

How do we make it less dramatic? How do we move all sorts of platforms and all sorts of projects that have passed this point in the past. This is a blip. How we come out of it is still up for debate, but  the bottom line is WordPress is, to use that term from so many years ago in the financial crisis, WordPress is too large to just disappear.

Matt: You didn't say fail, you said disappear. I completely agree. Yeah. Yeah.

Karim: The distribution platforms. The hosting community have put so much into WordPress that trying to replace it with, there's a new, there's a new project from Drupal, the Drupal CMS project, right? That is basically aimed at that WordPress market, not specifically mine, but downstream the years It's going to take for that too.

Shape itself and find its own direction,

Matt: Right?

Karim: The existing WordPress world needs to have viability, so outside of Automattic, outside of WP Engine, it's up to the ecosystem to find what that direction looks like. There are tens of thousands of small businesses and some of them larger, that have to make their money, pay their employees, pay their mortgages and rent based on products for WordPress.

WordPress isn't going anywhere. The question is, how is it going to change and evolve? Yeah,

Matt: Totally. On that note. How do you know where we're at today? And as you think about, we've talked a little bit about this, we may have even talked about it on the… on that Moonlight cruise. Why should, obviously, this ecosystem is composed of agencies, of businesses that are building directly.

It's the tapestry of this is so broad. Why should young developers think about WordPress as a tool and a resource, and I want to validate my own opinion on this for a second before I hand the mic back to you. At Full Sail, which is a small skill school that I'm on the board at, we still teach WordPress.

Because a lot of developers need a front end for something. They need some way to be able to manage a, either a portal for documentation. We're teaching them the elemental foundational methodologies for building websites and WordPress has been part of the fabric of the curriculum for a long time and continues to be the go-to.

And I think that open source heritage. Is part of the reason why we rely on that. When you think about the young developers, the next crop, the next wave coming in, even for Crowd Favorite, like who are we hiring? Who are we bringing in to support these projects? How do we adapt? As you're saying the WordPress is gonna be this is gonna change, it's gonna shift and adapt.

How do we adapt it in a compelling way for that next wave of developers? Why should they invest in this as a tool and a resource?

Karim: Again, it might sound like I'm being boring here, but the bottom line is history teaches us everything. Why did WordPress get to where it is today?  Because it's accessible.

And when I say accessible, I mean you could know a minimum about PHP, but it's written in a way that you can start tweaking existing things within WordPress, within plugins. Yeah. Within minutes, a student of development of engineering, without knowing advanced PHP can start tweaking things the minute they know the basics.

Yeah, the theme infrastructure, you don't need to know the deepest. You don't need to be Chris Coyer in CSS. You don't need to know the deepest way of doing front end development. If you know the basics, you can start tweaking things. It's accessible to start playing with. It's accessible to start using.

Therefore, if you combine that with the fact that it's open source, so that it's very cost effective. To start using for a small business. It's the entry level. It is where you start. That's on one side of the equation. You and I live in an environment where we get lost with the word of the year or the word of the quarter because of, I don't know

Matt: What you're talking about.

That never happens to me. I don't, in this paradigm, I never do that.

Karim: For years it was called DXP, then it was about orchestration. Now it's about being composable, all these things. And the bottom line is. The concept of composable. That's why you wanna be truly composable.

Pick an open source core and then go to the MarTech 14,000 or wherever our friend has put the number this week.

Matt: Yep. I think it's bigger. I think it's bigger. Yeah.

Karim: Start with an open source core and then use any product in the MarTech stack.

Matt: Yeah.

Karim: As a best of  breed, but keep the core open source. So you own the data, you own the experience you own, being able to churn to another product. It's the true meaning of the word composable. That is why it's so accessible and that's why the enterprise wants to use it because, using another analogy of that hardware store everybody can go and buy a cheap tool.

And that cheap tool, because it's cheap or free, will break often. Therefore, at some point when you have the money, you will upgrade and you'll get the expensive tool. And in the enterprise, the enterprises can all afford the expensive Adobe's, the expensive Sitecore, and the rest of them, yet more and more of them are choosing open source, even though it's free.

Why? Composability. True composability. So if you take those two concepts and you put 'em together, why wouldn't you start playing with open source?  Whether you're a small business or the Enterprise, and that's the opportunity for growth. That's the opportunity for moving forward.

Matt: Yeah. I love it. Thanks for contextualizing that from your vantage point.

And I think we're lined up on that. I would remind people too that Dries Buytaert talked about the modular web, many years ago, when Dr. Drupal was really just a fledgling project, and again, it is a smaller piece of this overall open source pie, but it has made significant headway.

And I, I think exactly to your point this concept of modularity, which was really rolling out the red carpet for what we understand to be composability now. A lot of the same tenants in the promise of having that flexibility is still there. When we think about the security challenges at the beginning, let's just go full circle.

We talked about the known problems that exist in the ecosystem that this was way before the current drama that's been playing out. And. We've always recognized that there are accessibility challenges. There are exploitable code issues. I think oftentimes as someone who is a practitioner in WordPress, the issue was you'd get something from an Envato marketplace and it would have some kind of support for the first year. But then the person who actually built this module, this widget, has disappeared. They've closed up shop. They were in a basement somewhere in the Midwest. Correct. I think that those have been known problems when you think about the bigger security issues that are ahead of us.

Relative to managing this for success, what materializes for you, particularly, at the enterprise level and then I wanna save some time to talk a little bit about AI as well ‘'cause I think that rolls into this. But I'm just curious, what should enterprises be thinking about as they evaluate and consider open source with WordPress in a world where it's adapting and it's changing. And the last point I wanna make too, just to reinforce everything you said, about the “why” should people continue to embrace WordPress as this foundational entry point? I think I see that with students the part of it is,  not just the accessibility of it, but the marketability of their skillset. That if, I know WordPress is much easier for me to slip into a role, somewhere to support a business's WordPress interests. So it's a very marketable skill for them to have on their resume but again, they're all part of this question of security. I just did a, we just had this event at Full Sail called the Hall of Fame that we do every year. And we talked a lot about cybersecurity, so I think the kids are tuned into it, right? They're already paying a lot of attention to it and we're building a curriculum around that.

So again, back to the core question, what should Enterprises be focused on and concerned about relative to security and governance as we look ahead?

Karim: Wow. That's a big subject. Let me see if I can just tap the top of it.

Matt:  Good luck. 

Karim: Bottom line is whether you're talking about WordPress or Drupal or any other project, the same thing that makes these projects so accessible and so easy to use is also its biggest weakness.

You can find one of those products for WordPress, like you said, as a small company that will disappear tomorrow and not give you any support. And then there's companies that have been around for decades and have a proven track record of delivering exactly the vertical target that you're looking for, that your target segment, market segment, right?

Whether you're a small business, medium business, or large business. At Crowd Favorite, we specialize only in one of those, right? And if you find the right partner with open source, even if you have an internal team, if you find the right partner, you have solved the problem. Why? I'm taking off the sales hat.

I'm not trying to sell my consultancy. I'm giving an honest answer here. Even organizations that have full-time technical teams, the job description of that full-time technical team is to maintain what they have and look for opportunities within a limited set of time and resources. Okay. Companies like Crowd Favorite and there are others besides my own.

Our full-time job is to stay on the cutting edge, to be completely informed, to be looking ahead, to help the architecture of staying composable, staying ahead of the next curve, understanding how the next challenge of the next technology is going to affect our customers. Yeah, we have engagements with customers where we don't do a lot of code writing, we do more architecture.

We do more consultancy than we write code. So the customer should be looking for, even if they do it internally, have somebody who's staying in touch with what's going on with whatever platform you decide to stay with. And I'd say it's important to do that, also, for the largest closed source systems, the largest applications that are on SaaS these days.

Matt: Yeah. Agreed. 

Karim: Because they have MNA surprises, they have road roadmap surprises. So it's important to not just say, whatever solution I'm going to take is just gonna be the next solution for the next five or 10 years. Without staying ahead of the curb on what's changing in technology and marketing. The reason why we call it MarTech is because it's so fast moving, right? 

Matt: Indeed. I'm just, I, when I talk to people about security issues, I think it's, broadly how do I just lock down this form from all the bot traffic emerging from X, Y, Z country? It's just we are in such a precarious time when it comes to just the basic mechanics of how some of these digital experiences work.

And, we need smart people. Who are able to, use human intuition to compliment the automation that we have, because it's not all together there yet. And it doesn't spot everything. It doesn't rule everything out. And on that note, I just wanna wrap up on some quick questions around AI because it's AI, it's unavoidable, we have to talk about it.

I  just recently had a discussion with Greg Dunlap, who published his book on content authoring and I asked him about AI and he said, I'm not really paying attention to it. It's not very interesting to me. And I think that's a refreshing point of view, because instead he focused on the content authoring experience and to me that was it cut through a lot of the distraction that comes from AI. That said I think some of the, we just had the latest Forester wave come out that looked at the 13 big vendors that are focused on content management and agentic AI is a huge part of this.

And I recently spoke to Matt Billman at Netlify, and we talked about this idea of agent experience and the evolution of websites, right? And at the beginning of our conversation, we talked about what does the “Website” look like in the future? We briefly brushed on that and I think AI is gonna have a profound effect on that.

When you think about how we're gonna need to prepare these experiences for bots doing more of the engagement, not all of it. Obviously humans are still gonna be involved, but there will be instances where bots are behaving like people on our behalf to be able to either schedule a, book a vacation, schedule something, take those last few steps even into commerce, right?

Even purchasing things for us on our behalf. When you think about open source and AI, and we know that it's there, we know that a lot of great innovation has come out of the communities. What do you think about the next couple of years in terms of the impact that this will have on? And I know this is a big question, but maybe you just gimme just quick thoughts on where you see it evolving, particularly to WordPress.

Karim: So I have two major thoughts that I'm telling anybody who asks me about AI these days. The first one is based on the fact that I was lucky enough, I say this with a smile, I was lucky enough to not have to write code anymore. About 15 years ago I stopped writing code. I haven't written a line of code since then, but I did and today I can approach one of these AI systems and have a plain English conversation about what I'm trying to accomplish, and it will write me an entire WordPress plugin. 

Matt: Yeah. 

Karim: That WordPress plugin will work. Is it optimized? Is it performant? Is it enterprise ready? Is it secure? Different conversation for a different day.

The bottom line is you don't need to know code. So my first reaction, of where we are in AI right now is anybody, the students who are talking about it, anybody who's getting into development and engineering these days. You no longer have to worry about syntax, you no longer have to worry about the perfect formatting of the code.

You have to be an engineer. You have to be an architect more than you need to be a construction professional. Stop focusing on the lines of code. Stop focusing on how cool that script is and start focusing on what the business need is, because at Crowd favorite, we're hiring people who can think about code, not people who can just write lines of code.

Matt: That's, it's upleveled the requirements for the modern developer. You're now also a prompt engineer through the lens of architecting a solution.

Karim: You used the word prompt engineer and that brings me to my second point about AI, and that's one where I'm not as popular with this answer.

People do not like hearing this answer.  But I lived through the first internet bubble when every week, we had a new technology. If I wanted to make you laugh,  I could list 20 technologies that you and I remember that nobody's ever heard of, that when they were introduced, we're going to change the internet in the Nineties.

Matt: Yeah

Karim: They all went away. We are so early in this AI moment. It is changing literally on a daily schedule sometimes, if not a weekly schedule. There are advances and changes and, frankly, dead ends every day with the announcement that Chat GPT wants to be more of a consumer product with the way perplexities going in one direction and this and that and the other.

All these things, right? It is so new and so changing. Anybody who's playing the game of what it's gonna look like in one or two years, forget about it. It's gonna look like something different than what you thought in three months. So stop worrying about exactly where it's going to be in the next few months and start thinking about how it changes your workflow, not your lines of code.

At Crowd Favorite. We're using AI every day, but we're not using it to write lines of code. We're using it to make ourselves more efficient. Yeah, we're using it to understand where it is, and we have dropped more AI products in the last six months then. Countable on two hands and feet.

But we keep trying new ones, right? Every month there's something new to try and that's okay. Yeah. It's very few. The ones that three months later are still useful or can't be done better by something else. We're in that moment of change, grasp it, play, don't ignore it. Play around with all these new platforms, but don't start making plans just yet.

Matt: That is sage advice. I just kinda wrap things up, I, yeah. Obviously we touched on a lot of things today. And I have a lot of optimism and enthusiasm about where open source is going.  I've been having great conversations with folks at OpenText and other platforms that have embraced things like the Open Web Alliance in Europe, counter some very draconian governmental policy that was gonna have a chilling effect on how open source was gonna be used.

And I think that's still playing out, but I love seeing communities come together and then of course, a few months after that happened, we had an entire country say, actually no we're going to shift in the other direction. We're gonna embrace open source. So I think to just codify your point there. It's hard to make plans because we don't know how the winds are gonna shift. We don't know how policymaking that tends, the wheels of government tend to grind much more slowly, but they, things are reactionary, right? So I think we see Europe as this catalyst for how AI is going to be governed or how it's going to be managed in the future.

So a lot of open questions Karim, but I guess to wrap things up, you think we're past the hardest parts relative to the last six months or so with WordPress? Are we turning a corner and seeing the light in terms of where we go next? Or you think we're still gonna be rattled a little bit by some unpredictability before we get to more of a stable place?

Karim: Unfortunately, I think there's gonna be more unpredictability because you have two large entities that are still at odds as far as press and as far as announcements or where they want to go. But the reality is that you have. Tens of thousands of professionals who are in the ecosystem that are actively working on solutions.

Matt: So it wraps things up, go full circle with where we started on this journey. Do you think we're past the biggest hurdles relative to the most recent drama? Are we turning a corner? Or do you feel like there's more shakeups in our future? How do we get to stable ground?

Karim: Yeah I think there's probably gonna be more drama in the social media sense and definitely in the courtroom sense. But let's also remember how often has the courtroom drama between technical companies ended up really affecting end customers of large platforms? It doesn't the code base of what is today, WordPress is so prolific and it's done so much to democratize the web, and there's so many tens of thousands of people and companies working on what's next in WordPress.

No matter what happens to the existing way, it's working today. That it's gonna go on,  if we think about it for those of us who are a little bit older on the web

Matt: Are you talking about you or are you talking about me?

Karim: Me. The only thing that absolutely disappeared was flash and it disappeared for a bunch of reasons that we graduated past that. The same way I look at how people think that social media will solve everything. We graduated past that. At the end of the day though, needing a way to manage content on the internet isn't going away. And with over 60% of the content management market, so to speak, across that horizontal set of markets, target markets.

It's not going anywhere. The question is, what is it gonna look like? And I think it's gonna lead to more options than ever for distribution platforms, for enterprises, for the hardware store on Main Street. And I look forward to the next Wix and Squarespace that are actually based on open source. Yeah. I think Automattic does a great job there.

I think where they're going with their pressable and their wordpress.com is amazing. I think they need to double down on that. I think they need to put Wix and Squarespace on edge so that there's real competition in that space.

Matt: Yeah.

Karim: But in the enterprise, we need options. And those options need to evolve and need to have this flourishing ecosystem that can't be manipulated by any one company or set of companies.

Matt: Agreed. What a great place to end it on too. I think that a hardware store is the right juxtaposition because I think it, a lot of this too and I feel the same way about ai. It's, we've,that democratization isn't just about. How it relates to the developers, the builders, the architects, but the actual users and the businesses that rely on this.

And as you mentioned, the big consideration in all of this is the impact to those businesses. Not just in the ecosystem that are utilizing WordPress, and I speak of agencies that are, that we rely on, we saw a lot of the messaging coming across social media around their response to everything that's been happening. But the businesses that rely on their websites to be up and running, to be updated with some predictability and regularity, this is the quest is to try to solve these problems. And I think you keyed in on so many great points.

This has been an awesome conversation. I'm glad we're able to talk. Talk about as much as we did and give I think listeners who do have enterprise interest, but I think all the way downstream as well, where you see things going with WordPress. And then ultimately talk a little bit about AI as well. I think that was just the icing on the cake. 

Karim, as always, it's great to talk to you. Thank you so much for your time for being so gracious and sharing your wisdom with us. And I look forward to the next time we get to talk again. 

Karim: Matt, thank you. It was an absolute pleasure.