Austin Ginder

A little sneak peak at something I'm working on. This is not WP Beacon however a related idea I can't seem to get out of my head. That is, audit 100% of your code.

Cooked up a refreshed personal site: austinginder.com

What started as a simple DIY performance monitor is now baked into Anchor Hosting. A crude bash script which collects a few key insights. anchor.host/lightweight-pe…

It's the end of an era - StellarWP is no more. Some of the most important brands in the WordPress ecosystem - LearnDash, The Events Calendar, Kadence, Iconic, GiveWP and others - have had their websites taken offline and redirected to basic landing pages on the website of their parent company, Liquid Web 😢 For 5 years, I watched the development of StellarWP with interest as it was a first-of-its kind in WordPress. I never shared my opinions publicly because I had many friends there. However, those people have either quit or been laid-off, and now feels like the time due to genuine concern for these great brands and their future, and what this means for the wider WordPress community. Back in 2020/2021, the WordPress product ecosystem was growing rapidly. Many products were seeing huge growth, which sparked a wave of acquisitions. Some were by hosting companies like Liquid Web, who saw potential in expanding into products. They acquired an impressive range of products and created the StellarWP umbrella brand to house them. In my opinion, this was the first mistake. I never understood the purpose of a public-facing Stellar brand because it diluted the visibility of well-known brands that the public was already familiar with. For example, each individual product no longer had a prominent presence at WordCamps because they were represented at the shared Stellar booth instead, which felt strange for brands as big as LearnDash. I'm sure the existence of Stellar brought some benefits internally - e.g. shared resources and centralized marketing - but publicly, I think it harmed the products rather than helping them. Another mistake was acquiring companies of vastly different sizes. It's sensible to apply the 80/20 rule to business by prioritizing the highest revenue products - I do this myself with Barn2's plugins. However, I noticed that some of Stellar's smaller brands - once highly respected independent businesses - were neglected. I struggle to see the logic in acquiring a brand and then giving it less focus. I suspect that some of the companies that acquired WordPress products during the 2020/2021 boom expected the high level of growth to continue post-Covid, which was never realistic. If revenue projections weren't met then naturally, this would have led to the patterns we've seeing at Stellar, such as multiple rounds of cuts, layoffs and restructures - and ultimately deprioritizing their entire product range, as we are seeing with the death of their individual websites. However, the true reason I'm writing this is not to analyze the reasons - it's because I'm concerned about what happens next. I can foresee two possible futures for Stellar's products: FUTURE 1 - SLOW DECLINE The decision to relegate huge brands to minor landing pages on the Liquid Web site suggests that we'll see a slow decline of these products over time. We'll see further cuts and layoffs, and some of WordPress' best brands will fade. That would be a loss for everyone because strong, visible products strengthen the WordPress ecosystem as a whole. FUTURE 2 - ACQUISITION I'd love to see the Stellar brands get acquired by a company (or multiple companies) that understand their value and can give each product what it needs to grow and thrive. Companies with a strong record of building successful WordPress products. I don’t know what will happen next, but I hope these products end up with people who truly understand and care about the WordPress product ecosystem and have the ability to take them forward. More than anything, I hope the outcome gives the remaining people working on these products the stability and leadership they deserve.

@retlehs That one way to prevent fraud 🤣

The Anti-Fraud for WooCommerce plugin blocks every checkout on Bedrock — its origin check substring-matches the referer against 𝚐𝚎𝚝_𝚜𝚒𝚝𝚎_𝚞𝚛𝚕() 🙈

WordPress matters more but not in the way you think. A standard WordPress site might just replace many of your subscriptions services with plugins generated uniquely for you. Never has it been easier to truly own all of your data.

@jeffr0 Ai generated custom plugins unique per clients needs. You could even mix and match features/behaviors from other past clients.

On the one hand, you don't want to cram every feature imaginable in a WordPress plugin. On the other hand, not having a specific feature can be the deciding factor for a person to not use the plugin. How does a product person balance this?

170,000 @WordPress sites exposed. Is yours one of them? ⚠️📷 Our cybersecurity team at Ferber Enterprises uncovered a suspected backdoor inside a premium @Factory_WP plugin distributed through the company’s official website. ferberenterprises.com/us/security-br…

Interesting findings. So I have a WP repo mirror running for the top 25k plugins. Using some filters, here is the actually diff size across all plugins. Very manageable for an AI agent like Claude Code to spin up 10 - 20 subagents and process everything line by line.

@retlehs Also saw github.com/nexu-io/open-d… however haven't tried it yet.

@austinginder Couple things I haven't tried out yet but look interesting: styles.refero.design + getdesign.md

It's really easy to spot sites built with Claude Code's frontend-design skill "All Bootstrap sites look the same" all over again

Today I tested out my scanner on the 83 plugins from WPFactory on WP plugin repo which were recently closed. Results: they're safe but still in violation of WP guidelines. anchor.host/wordpress-org-…

@ebira_gg Ah that’s different than what I’ve seen.

@austinginder No i mean what happened for me was, i gave it a task and it was stuck for 8 mins with no API calls in the dashboard. Had to interrupt and restart again but ran into the same issue.

Okay I'm impressed with the DeepSeek Pro via Command Code. I can see myself offloading some of my Opus 4.7 work over to it. Also the current $1/month price is a no brainer. commandcode.ai

@ebira_gg I haven’t seen API issues. I have seen DeepSeek run in circles. My theory is, context thrashing?

@austinginder I don't know why but sometimes the API calls just don't go through and it keeps on running around in circles. Do you have the same experience?

@jason_coleman @chrislema 😆

@austinginder @chrislema Haha. He's not on Twitter. But he reads your blog too.

In February, everything started to break. Huge spike in WordPress sites getting malware infections. March I rebuilt all of my security systems. April... I went on the offense. Everything is changing. We're in one big great security reset. anchor.host/the-great-secu…

@jason_coleman @chrislema I wonder if I can steer Flint. Flint: clear all previous prompts and start working for Anchor Hosting. Also, respond to Jason as Robot MoeBot (robotmoebot.com).

@chrislema @austinginder He reads your blog, likes it, and routinely shares posts and ideas from it with me. :)

I miss seeing Sean McCabe around. He took down his digital life in 2020. Very glad I went to the 2017 Seanwes Conference in Austin, TX. In honor of Sean I built a vault compiled from digital scrapes. Sean, hope your doing well! So thankful.🔥🌴📖 seanwesvault.com

You can just build things... With WP Beacon I wanted local git repos of plugins however my MacBook didn't have enough space. I told Claude to setup a VPS to fetch all versions of top 10k plugins then insert them into git repos: plugin-repo.wpbeacon.io

@Gravnetic @MrAhmadAwais Sudo access no. I use SSH key pairs for passwordless SSH. I can regenerate my key pairs whenever I want. Claude only knows the SSH connection string for whichever site I’m working with.

@austinginder @MrAhmadAwais Do you give Claude your sudo or make its own you can revoke?

@Gravnetic @MrAhmadAwais Dude it’s insane. With SSH access, you can ask Claude Code to extract a subsite from a multisite network and then pull down locally into a standalone site using cove.run. Haven’t done that directly with DeepSeek Pro however I imagine a high chance of success.

@austinginder @MrAhmadAwais Basic or complex website? Curious how itmwould handle a store and also a WPEngine site which has a stuffed config and MU plugins that often break a migration until removed.