Praise any deity you’re into, because WordPress just got custom plugins and themes! Again. We are talking, of course, about the WordPress.com hosted service that allows anyone and everyone to make their own WordPress site for free. They just opened up their service to third-party plugins and themes, so go wild!
The service has historically, and quite understandably had a “Hell NO” policy on third-party plugins and themes. The wrong one can leave your site vulnerable in a big way, because it has malicious code, or is simply egregiously out of date. Either way, you’re leaving the security of your site in the hands of other developers, whatever their intentions and skill level may be.
Here’s some of what they said:
For many years, WordPress.com has been a simple way for people to create their own beautiful WordPress website in minutes.
But that simplicity came with a tradeoff—WordPress.com did not offer built-in support for the thousands of third-party plugins and themes that helped make WordPress the world’s largest and most open web publishing platform.
Now, we’ve made a significant change to the WordPress.com Business plan: you can access and add third-party plugins and themes built by the WordPress community. It’s the simplicity, speed, and expert support that you’ve always loved about WordPress.com, plugged in.
On WordPress.com, everything is connected. Or it was. The most likely solution that they’ve come up with is some form of sandboxing. For the uninitiated, sandboxing is when you take a program, and sort of lock it away in its own environment (the “sandbox”) where it can run without doing any harm to the rest of your system. If they did this with every site on their network, it would allow users to upload whatever they like. The only site they could potentially compromise is their own.
WordPress’ own blog post on this update has not specified if sandboxing is the technique they went with, or any other details about how they made this change. That’s probably because they don’t want to give the guys in the black hats a head start.
So WordPress.com just got more flexible. I suspect this change will also result in increasing numbers of people paying for the commercial support options, such as the ones Business users get. After all, increased functionality means increased complexity. And yes, it seems that WordPress.com’s “Happiness Engineers” are going to be tasked with helping paying users to integrate new themes and plugins. That could be rough.
On the whole, I’m impressed by the company’s decision, happy for the users, and I feel a bit bad for the support staff. Now I just have to make up a side project that will give me an excuse to test all of this out.