FRES
/ Kevin HA / 18 min

Why WordPress Is Already Dead

WordPressAstroAIVibe CodingClaude CodeWeb DevelopmentCMSPerformance

After 19 years of building WordPress sites, I’m moving on. Not because WordPress has gotten bad — but because the web development paradigm just shifted under our feet.

In February 2025, Andrej Karpathy, co-founder of OpenAI, coined the term “vibe coding” 1. Collins Dictionary named it word of the year. And I, having deployed hundreds of WordPress sites since 2006, found myself building my latest project entirely with Claude Code and Astro. Not a single plugin. No wp-admin. Lighthouse score: 100/100. This wasn’t an experiment — it was a revelation.

WordPress didn’t die from its weaknesses. It died because its model became obsolete in the face of what AI makes possible today.

2006: When Dotclear Ruled the French Blogosphere

My first CMS wasn’t WordPress. It was Dotclear, the French open-source platform created by Olivier Meunier in 2002 2. At the time, Dotclear dominated French-language blogs — Free and Gandi (two major French hosting and telecom companies) used it to power their hosting services 3. The interface was elegant, and the French community was tight-knit.

Then WordPress arrived. An explosive plugin ecosystem, frequent updates, a global community. By 2012, WordPress accounted for 75% of the top 20 French blogs, with Dotclear down to just 15% 4.

It was a conversation with Lionel Damm, then at Simaway in Roubaix (a digital training center in northern France founded by Jean-Luc Synave in 2004 — Roubaix being the city that would later become home to OVH and much of France’s tech infrastructure) 5, that led me to switch to WordPress in 2006. Lionel would later co-found “On prend un café” (OP1C) around 2009-2010, now the largest independent social media agency north of Paris, with 34 employees and €2.6M in annual revenue 6.

That first pivot taught me a fundamental lesson: tools die. What matters is recognizing when a new paradigm is emerging.

The Golden Age of a WordPress Evangelist

The years from 2009 to 2015 were a period of frantic exploration. I started with BuddyPress, driven by the naive ambition of “playing Zuckerberg.” Building your own social network seemed genuinely within reach — BuddyPress had just launched its stable release in May 2009 7 and the hype was real. My project? A site for gamers to connect — to organize matches, find teammates, build competitive ladders. A kind of GameBattles for the French market, the American site founded in 2003 (acquired by MLG in 2006) that dominated competitive matchmaking stateside. Because yes, there was a time when connecting online for gaming was far from straightforward: Xbox Live had only existed since November 2002, and before broadband and integrated online services became mainstream, organizing a multiplayer session was a patchwork affair.

In 2011, I launched Wookz.com, a platform dedicated to Facebook games — FarmVille (launched June 2009) and CityVille (December 2010) 8. These Zynga titles reached 83 million monthly active users at their peak 9. Wookz, which covered these games and offered in-game gifts and bonuses, amassed nearly 150,000 Facebook followers 10 and threw me headfirst into my first real infrastructure challenge.

The site was pulling between 10,000 and 20,000 visits per day. WordPress held up… until it didn’t. Even hosted on vps.net — an early cloud VPS pioneer with a multi-datacenter architecture and Xen hypervisor 11 — the stack eventually buckled. I had to abandon WordPress regardless of the infrastructure. That first technical breaking point was a warning signal I chose to ignore.

In August 2013, I launched Mammouth Promotion, a coupon code site. The theme and the entire mechanics came from AppThemes and their Clipper theme — a perfect example of WordPress’s promise at the time: a turnkey theme to launch a niche business without writing a single line of code. The site had its Facebook page, its users, before joining the graveyard of side-projects.

My stack kept evolving: WooThemes, then WooCommerce right from its September 2011 launch. I went through the WP Bakery era before migrating to Elementor. But one thing always rubbed me the wrong way: Gutenberg. I never warmed to WordPress’s new block editor — I consistently reinstalled Classic Editor on every project, refusing what felt like unnecessary complexity.

During this period, I also experimented with content aggregation and curation. At Groupe Oxygem (acquired by M6 Web in January 2015 12 — M6 being one of France’s major commercial TV and digital groups), I used tools like WP Robot 13 to scrape and consolidate articles, building Netvibes-style content hubs — a practice that wasn’t yet formally penalized by Google at the time. The Panda algorithm (February 2011) 14 would soon upend these “content farms,” impacting 12% of English-language queries.

I also tested the WordPress Automatic Plugin 15, an auto-posting tool that could aggregate content from 20+ sources (RSS, YouTube, Amazon). And for Amazon affiliate work, I used WooZone (WooCommerce Amazon Affiliates) 16, which offered — and this was the crucial technical detail — a simulated shopping cart and, for a time, a workaround for Amazon’s API. I later switched to AAWP (Amazon Affiliate WordPress Plugin) to build MFA (Made For AdSense/Affiliation) themes.

WordPress had become my universal tool.

Industrialization and Its Contradictions

From 2015 to 2022, WordPress matured professionally. Automattic’s acquisition of WooThemes in 2015 (~$30 million) marked the beginning of the serious e-commerce era.

Among my notable projects during this period: the website for investigative journalist Romain Molina, built with Elementor. A site for a member of the French National Assembly from the Nord department. A site for a glazier and mirror craftsman. Various institutional and internal projects. The full list of side-projects and client work would be an exhaustive laundry list.

I even experimented with PageRank Sculpting using WP Rank and link obfuscation (OBF Link extension 17) to optimize crawl budget — an interesting alternative to the Themify Conditional Menu plugin 18 for SEO siloing, deployed on sites like poulaillers.com. These techniques spoke to the ecosystem’s maturity — and above all to its core promise: for every need, there was a plugin waiting, more or less complete, more or less actively maintained.

The problem was that this industrialization was masking a growing technical debt. There was always something missing: incomplete market fit, plugin conflicts, one update breaking another. A real example: WooCommerce PDF Invoice (since removed from CodeCanyon), which on every update would conflict with the Colissimo Shipping Methods plugin. The culprit? A shared PDF generation library used by both plugins, with incompatible versions stepping on each other. Every WordPress update risked breaking a plugin. Every plugin added more JavaScript. Every caching layer made debugging more convoluted.

2017: The Incident That Changed Everything

It was a Wednesday, March 23, 2017. I got a call. From HiPay, my PSP (Payment Service Provider) at the time 19. Our e-commerce site, hosted on the same server as a WordPress blog, had been compromised. An unpatched backdoor. The kind of vulnerability that lies dormant for months until an automated scanner finds it.

The numbers were brutal: approximately 7,000 cards compromised. €1.4 million in transactions subject to chargebacks. Exposure window: February 15 to March 15, 2017. A malware file named Signedint.php, hidden in a skin directory, was intercepting payment card data before it reached HiPay.

The fallout was immediate: on March 16, with the first customer complaints coming in, we made an emergency switch to a hosted payment page (HiPay-hosted). On March 23, HiPay froze €254,767 of our balance and suspended our services. Mandatory security audit by Verizon (PFI — PCI Forensic Investigator), emergency PCI DSS certification via Trustwave.

The cost to the business ran into the hundreds of thousands of euros — not just the frozen cash flow, but the Verizon audit, the forced compliance work, and above all: several weeks of operating exclusively through PayPal in the middle of peak season. Endless negotiations with Trustwave, Verizon, HiPay, and the GIE Carte Bancaire (France’s interbank card network). A Kafkaesque situation in which we, as the victims of the breach, bore the full weight of the penalties.

No reputational fallout — this was before GDPR (May 2018) 20. The French Ordinance 2011-1012 of August 24, 2011 21 — which had transposed EU e-communications rules into French law — only applied to telecoms operators and ISPs, not to e-commerce merchants. We could have legally kept the whole thing quiet. But the operational and financial damage was already there, massive and paralyzing.

This experience forced me to look at WordPress differently. The problem wasn’t the CMS itself — WordPress core had only 7 vulnerabilities in 2024, none of them critical 22. The problem is the model: a WordPress blog on the same server as a Magento store. A patchwork of third-party plugins. An uncontrollable attack surface.

In 2024, Patchstack data revealed 7,966 vulnerabilities discovered in the WordPress ecosystem — 22 flaws per day 23. 96% came from plugins. 33% were not patched before public disclosure 24. 1,614 plugins were removed from the repository for security issues. 827 were declared abandoned 25.

My 2017 incident was no anomaly. It was a structural symptom.

The Wake-Up Call: When Maintenance Becomes the Product

Between 2019 and 2022, I launched Naetur, a dietary supplement store built entirely on WooCommerce. The stack had gone fully industrial: Yoast SEO, WP Rocket for caching, Elementor for design. Hosting: Kinsta, which I had been using systematically since 2019-2020 26. Every plugin added a feature — and another dependency.

Between 2022 and 2024, I was spending more time maintaining my WordPress sites than actually improving them. The weekly routine looked like this: plugin update checks (15–30 min), security scans (15–30 min), backup verification (10–15 min). Monthly: database optimization, performance tests. Quarterly: full audit, SEO review, major theme updates.

Each site would demand between €50 and €250 per month in maintenance 27. Across a portfolio of dozens of sites, the economics became absurd.

And performance? According to the CrUX (Chrome User Experience Report), only 38% of WordPress sites pass Google’s Core Web Vitals assessment 28. That puts WordPress sixth among major CMS platforms — behind Duda (71%), Squarespace (58%), Drupal (54%), Wix (52%), and even Joomla (43%) 29.

WooCommerce, my e-commerce platform of choice for years, ranks as the slowest e-commerce system in the field. This verdict is all the more painful given the hundreds of hours I spent optimizing those sites.

Then the Automattic vs. WP Engine conflict erupted in September 2024. Matt Mullenweg calling WP Engine (a specialized WordPress hosting provider) “a cancer on WordPress” 30. Financial demands of 8% of annual revenue. Blocking WP Engine customers’ access to WordPress.org resources. A forced takeover of the ACF plugin. 200 Automattic employees leaving the company 31.

I had never personally used WP Engine — I was on Kinsta. But this fratricidal war exposed the deep internal tensions of an ecosystem running on fumes.

For the first time since I had been following the ecosystem, WordPress was losing ground: its CMS market share had dropped from 65.2% in 2022 to 60.5% in 2025 32. The first real decline in over a decade.

And yet, until fairly recently — barely 12 months ago — I was still genuinely excited about Estudio Patagon themes 33: that Chilean studio whose work perfectly captures the millennial/Gen Z aesthetic, with their soft pastel palettes (powder pink, sky blue, mint, peach), playful rounded typography, airy layouts with generous white space, delicate micro-interactions, and organic flat design illustrations. These visual codes define an entire generation of the web.

That was my last look back at WordPress before making the switch.

The Revelation: When AI Makes Plugins Obsolete

February 2025. I’m testing Claude Code for a client project. Instead of installing a form plugin, configuring it, and managing its conflicts with my theme, I simply describe what I need: “A contact form with email validation, basic spam protection, that sends data to our CRM.”

Claude generates the code. I review every line — this is non-negotiable; I never blindly copy-paste. I test, I iterate. Sometimes I even have Claude Code’s output reviewed by OpenAI’s Codex for a second opinion. I deploy. It works. No third-party dependency. No update to monitor. No potential vulnerability lurking in an abandoned plugin.

Vibe coding, as Karpathy defined it, is exactly this: describing your intent in plain language rather than writing code line by line, and letting the AI handle the implementation 34. According to Y Combinator, 25% of the startups in their Winter 2025 batch have codebases that are 95% AI-generated 35.

Anthropic reports that 90% of Claude Code’s production code is written by the AI itself 36. Stack Overflow finds that 84% of developers use or plan to use AI tools — up from 76% in 2024 37.

The question is no longer “can AI write code?” It’s “why install a generic plugin when I can have a custom solution in 10 minutes?”

This power is dizzying. But it demands rigor and vigilance: I systematically review every block of code, test thoroughly, and verify security. AI accelerates — it does not replace technical judgment.

Astro: Performance as the Default

Alongside AI, I discovered Astro. This web framework, created by the founders of Snowpack, takes a radically different approach: zero JavaScript by default 38.

Astro’s “Islands” architecture renders most of the page as static HTML at build time, then hydrates only the interactive components — and only when truly necessary (on load, when the browser is idle, when the element becomes visible…) 39.

The benchmarks speak for themselves. In a documented WordPress-to-Astro migration 40:

MetricWordPressAstroImprovement
LCP0.81s0.44s46% faster
HTML size38.9 KB10.9 KB72% lighter
JavaScript13.4 KB5.3 KB60% less

Astro achieves a Core Web Vitals pass rate of over 50% 41 — compared to 38% for WordPress. Companies like Microsoft, Google, Trivago, and Netlify use it in production 42.

For a content site — blog, documentation, portfolio, landing pages — like kawlet.com, Astro generates static files deployable on any CDN. No PHP. No MySQL. No server to maintain. Security attack surface: minimal.

WordPress vs. Vibe Coding: Why the Plugin Model Is Doomed

WordPress’s fundamental problem isn’t technical — it’s architectural. The entire model is built on assembling generic plugins developed to serve the broadest possible audience.

Need a booking system? Install a booking plugin. It covers 80% of what you need, with 20% of features you’ll never use that bloat your site. You spend hours configuring, styling, and adapting it. Then the plugin gets abandoned, or an update breaks compatibility with your theme.

With Claude Code or Cursor, the workflow inverts the paradigm entirely:

  1. I describe exactly what I need
  2. The AI generates a bespoke solution
  3. I review and validate the code
  4. I test and iterate through conversation
  5. I deploy code I fully own

No dependencies. No plugin subscription at $99/year. No checkbox asking you to “confirm you are not affiliated with WP Engine.”

Vibe coding turns the developer into an architect. Instead of hunting for the perfect plugin (which never exists), I define the exact user experience I want and the AI implements it. GitHub Copilot reports that developers complete tasks 55% faster 43. Google measured a 21% acceleration in its internal studies 44.

What WordPress Taught Us Still Holds

I have no interest in gratuitous WordPress bashing. This CMS democratized web publishing. It enabled millions of people to build websites without touching code. It created an economic ecosystem that sustains agencies, developers, and content creators.

WooCommerce made e-commerce accessible. BuddyPress opened the door to social networking. Elementor turned web design into a visual discipline.

But those achievements belong to the past. The web of 2025 demands performance that WordPress struggles to deliver. Security demands a model without uncontrolled third-party dependencies. And AI now allows us to build bespoke solutions with near-zero friction.

WordPress will likely remain dominant in raw market share for years — the inertia of 585 million sites 45 doesn’t evaporate overnight. But for new projects, for developers who want full control, for those who refuse perpetual maintenance, the paradigm has changed.

From wp-admin to IDE + AI Agent

My daily workflow in 2025 looks nothing like what I was doing in 2015. No more wp-admin. No more hunting for the “perfect plugin.” No more anxious update cycles.

Today, I open VS Code with Claude Code or Cursor. I describe what I want to build. The AI generates it, I review line by line, I iterate. I deploy to Netlify or Vercel in seconds. Lighthouse shows 100. The site loads in under a second. Security attack surface: nearly zero.

Does everyone need to abandon WordPress tomorrow? No. For non-technical users who want to publish content without touching code, WordPress still has its place — even as alternatives like Webflow or Ghost chip away at that territory.

But for developers, technical agencies, and projects where performance and security matter? WordPress is already dead. We’re simply in the transition period where many people haven’t realized it yet.

The real question is no longer “WordPress or not WordPress.” It’s: “why accept the compromises of a generic CMS when AI lets me build exactly what I need?”

After 19 years, the answer is clear. And for the first time since 2006 and my break with Dotclear, I know with certainty which direction to take.

Sources

Sources

  1. Wikipedia, “Vibe coding

  2. Com3elles, “Dotclear, un CMS français à surveiller” — article documenting Dotclear’s history as the dominant French blogging platform before WordPress

  3. Com3elles, Dotclear used by Free and Gandi for their hosting services

  4. Com3elles, 2012 statistics on WordPress vs. Dotclear dominance among French blogs

  5. LinkedIn, “Lionel Damm - OP1C” ; Viadeo, Lionel Damm’s profile mentioning Simaway

  6. Presse & Cie, “OP1C : 15 ans de conversations” ; On prend un café, “L’agence On Prend Un Café - OP1C

  7. WBCom Designs, “BuddyPress Review 2025” ; Wikipedia, “BuddyPress

  8. Wikipedia, “FarmVille” ; Wikipedia, “CityVille

  9. Wikipedia, FarmVille reaching 83 million monthly active users at peak

  10. Facebook, “Wookz France

  11. Historical context on VPS.net circa 2009, based on European VPS market research

  12. Wikipedia, “M6 Digital Services” ; Journal du Net, “Le rachat d’Oxygem Media permet à M6 de dépasser les 15 millions de VU

  13. WP Robot, “The Best WordPress Autoblogging Plugin

  14. Search Engine Journal, “A Complete Guide to the Google Panda Update” ; Wikipedia, “Google Panda

  15. CodeCanyon, “WordPress Automatic Plugin

  16. AA-Team Docs, “WooCommerce Amazon Affiliates - About this Plugin” ; Patchstack, “Vulnerabilities in WooCommerce Amazon Affiliates

  17. WP Rank, “Extension OBF Link - Module WordPress obfuscation de liens

  18. Themify, “Conditional Menus” — menu management plugin for SEO siloing

  19. Wikipedia, “HiPay” ; HiPay, “Europe’s leading payment provider

  20. CNIL, “RGPD Article 33 et 34” ; Mon Expert RGPD, “Article 34 du RGPD

  21. Légifrance, “Ordonnance n° 2011-1012 du 24 août 2011 relative aux communications électroniques

  22. Patchstack, “State of WordPress Security 2025

  23. Patchstack, State of WordPress Security 2025 — 7,966 vulnerabilities discovered in 2024

  24. Patchstack, 33% of vulnerabilities not patched before public disclosure

  25. Elegant Themes, “WordPress Security Threat Update (4 Trends in 2025)” ; Patchstack, plugins removed and declared abandoned

  26. Kinsta, premium managed WordPress hosting, used by Kevin since 2019-2020

  27. CMS Minds, “How Much Does WordPress Maintenance Cost?” ; WPBeginner, “How Long Does WordPress Maintenance Take?

  28. Swipe Insight, “Which CMS Tops Core Web Vitals?

  29. SISTRIX, “Core Web Vitals - Wix vs. WordPress

  30. Digital CxO, “Matt Mullenweg Seems Bound and Determined to Wreck WordPress” ; TechCrunch, “The WordPress vs. WP Engine drama, explained

  31. TechCrunch, “Matt Mullenweg says Automattic is ‘very short-staffed’

  32. ThemeWinter, “Is WordPress Dying? The State of WordPress in 2025” ; Search Engine Journal, “CMS Market Share Trends

  33. ThemeForest, “EstudioPatagon’s profile” ; Estudio Patagon, “Ghost Themes & WordPress Themes

  34. MIT Technology Review, “What is vibe coding, exactly?” ; Wikipedia, “Vibe coding

  35. Y Combinator Winter 2025 batch statistics — startups with 95% AI-generated code

  36. TechCrunch, “Anthropic brings Claude Code to the web

  37. ShiftMag, “AI is now used by 84% of developers!

  38. Relia Software, “Astro vs Next.js: Which Framework is Better in 2025?” ; Astro Docs, “Islands architecture

  39. SoftwareMill, “Astro Island Architecture Demystified

  40. Mfyz, “Astro vs WordPress: A Performance Comparison After Migrating My Blog

  41. TechSynth, “Astro CWV Guide: Achieve 100/100 Performance

  42. Astro, “2023 Web Framework Performance Report” ; Alex Bobes, “Astro Framework 2025

  43. GitHub Copilot productivity context — developers completing tasks 55% faster

  44. Google internal AI productivity studies — 21% acceleration measured

  45. WordPress.com, “WordPress Market Share, Statistics, and More” ; ThemeHunk, “WordPress Market Share Statistics