 No WordPress is an island in tire of itself. It is a piece of the net a part of the web If a blog be washed away by the spam It is the less as well as if any new site were as well as it any manner of thy friends or of thine own were Any WordPress is hacking diminishes me Because I'm involved in the internet and therefore never send to know for whom the API pings It pings for the Good morning, everyone. My name is Gary Pendergast. I'm a WordPress core developer Today, I'd like to take some time to think about where we might take WordPress next At the end of last year WordPress 4.4 was released with a theme of sharing and connectedness Earlier this year WordPress 4.5 was released with a theme of smoothing the user experience across all of WordPress WordPress 4.6 continues that theme Polishing many of the existing features that we use every day With that in mind we live in a more and more connected world and there are significant benefits to being part of that global network We live in a world where we expect software to do its job and get out of the way regardless of the complexity behind the scenes as WordPress well grows well beyond the quarter of the internet. We have a unique opportunity to leverage that influence There have already been several successful experiments and products Showing that by connecting sites together they become more secure Jetpack protect for example is showing that we can protect against brute force attacks by sharing information across sites Instead of only providing this protect protection to jetpack users. We could protect all WordPress sites from brute force attacks Every day readers spend much of their time using social apps They share messages. They share photos and videos They share links that they come across a large chunk of which are WordPress sites By connecting all WordPress sites together. We can provide readers with new ways to discover interesting content Instead of treating WordPress sites like silos. We can start treating them like the ecosystem. They are as much as we'd all love for visitors to only visit our own site The fact is that people people visit sites all across the internet Why don't we acknowledge that fact and then work on improving the ecosystem for everyone? But the hardest part of creating a network like this is bootstrapping How do you convince people that they should add friends that they should add value to the network? With WordPress, we don't have to because everyone is already doing it Every time they tweet a link to a site. That's a signal of trust Every time they click a like button. That's another signal of trust over time these signals can be collated to give us a network of trusted sites most importantly This can be done in an entirely decentralized manner. No Central servers controlling the whole thing. I'm not talking about building another Facebook I'm talking about building a network that can be used without Obtaining permission without having to give away personal details without having to entrust a Faceless corporate entity with your online presence This is about taking WordPress's mission to democratize publishing to the next level At the base of it all sits the WordPress trust network There are several very good implementations of trust networks, which could be adapted for our purposes So I won't get into the implementation details But let me take you through a couple of scenarios showing how this trust network can be effectively used At its simplest form we have two WordPress's the first one follows the second and So showing a degree of trust This is the beginnings of our trust network where messages pass between these two a given particular weight based on how much they trust each other So we've got a more complex example Again these sites have a degree of trust with each other for the time being let's just say it's based on who they follow and Here's my site it follows a handful of other sites so it assigns all of those sites a certain trust value Now here's a site that I don't follow but it is followed by someone I do follow That gives an implicit level of trust Someone I trust trust that site so I trust the third site at least a little bit This is where we can start to build discovery if someone I follow follows that site I might like to follow it too in this case. Yes, I would like to follow it And so the network of sites that I trust grows But we've run into a problem. I live in a country with a repressive government and the sideage followed is blocked It's it's banned by a by a firewall I know the site exists because it was recommended to me by a site I follow But any message it message it tries to send to me can't get through So if you're interested in taking the democratization of publishing to the next level, here's where things get super cool The site wants to send me a message Which I'd love to read if I were able to see it, but it can't get through the firewall So in a pub-sub-hubbish manner the site knows I'm subscribed to it But it's discovered that it can't contact me directly And so it reaches out to the sites that it knows about asking if they're able to see my site Yes, one of them replies and so the site encrypts the message To avoid losing it to a packet inspection firewall passes it to the intermediary site, which it then passes to me There's an extraordinary amount of power in a trust network, especially when we allow message routing across the network Sites can easily share important information and act on it based on how much they trust the source While still operating in a decentralized fashion, there's still value in some centralization For example wordpress updates come from wordpress.org Your site already trusts these updates so we can build that trust into our network model, too There are places in the world where wordpress.org is banned people aren't able to download updates What if our network asked every site to check that the sites they know about are updated and are able to talk to wordpress.org? If a site replies that it can't reach wordpress.org If we can route a message over the network containing an encrypted copy of the update zip file We can keep sites updated and protected even if they're blocked from talking directly to wordpress.org Another example of a source of truth could be in content discovery Being able to find sites like the ones you already follow is pretty easy, but it can get kind of boring You want you want to be able to discover new and different content to read On wordpress.com the editorial team spends a lot of time surfacing the best content to share on a wider scale And something like that could be adopted for the wider wordpress world When a person is looking for new sites to follow we can give them sites related to theirs And we can give them curated content from all over the wordpress network What these trusted sources amount to is a form of limited centralization They're certainly not required to get the benefits of the of the network, but they can make your life easier Automatic jetpack plug-in is a good example It's certainly not and never will be required to use wordpress But it provides a bunch of services backed by wordpress.com that can make your life easier And to be fair Centralization is not always a bad thing take authentication for example The rest API team recently announced the authentication broker that's there's not really such a thing as a distributed Authentication system. There certainly isn't one that's free that's friendly to any users. So the authentication broker Smoothes out the smooths out the rough edges of connecting an app to your site How about a wordpress firewall that keeps itself up to date via the trust network? One of wordpress's weaknesses is that while core security is good There are a lot of problems with plugins often with basic stuff like SQL injection attacks WordPress could perform Senate's basic sanity checks on URL requests as they come in and if something looks like an attack block it It can then pass that message on to other wordpress sites who can update their block rules keeping the internet safe Not only that WordPress security companies could extend that functionality if I have a if a bunch of sites that I trust have a third-party firewall installed They could and they all send a message saying that I should update my block list Then my site can evaluate that message based on how much I trust those other sites Let's even think about some ideas that are a bit further out there All of these APIs would be open So why does it need to be wordpress that implements them your phone can be a node on the wordpress network? No matter where you are in the world regardless of government censorship filters your phone will be able to pull down all of your subscriptions I'm curious to see if people could devise a way to map out the wordpress network I suspect it would be as difficult as mapping the bit torrent network is but that had certainly been interesting to see what happens What about if buddy press was extended to allow cross-network communication a distributed social network? Distributed social networks have efforts have failed in the past because they never got a critical level of adoption Wordpress already has that critical level and buddy press arguably arguably has it to Platforms are where it's at Let's think about some of the most popular platforms in the world Facebook They've built an amazing platform the news feed you you read happens to be just happens to be the most popular app running on it Amazon Amazon.com isn't the end game. It just helped bootstrap the company. The real thing is Amazon web services It's a massive hosting platform a bookstore. Just happens to be the most popular app running on it Twitter Doesn't get it painfully so at times Twitter were poised to be the next big thing but they blew it They started cutting off apps from their API fearing that they were losing control But something was going to become bigger than their own apps Google is starting to get it for a very long time They've been a product product company search is a product ads are a product gmail is a product maps are a product They are all silos that barely talk to each other It's only now that Android has become a lot better at tying it all together that they're starting to see the benefits of a platform They're learning that they can build as many apps as they want But they need to interact with each other on the same platform Microsoft gets it Mostly because they've been around long enough to try every other business model first But Microsoft might not be in the popular consumer space right now But they're the platform that the vast majority of major businesses are built on Xbox is enough to keep them in the public Mindspace they'll figure out the rest of their consumer products later But they have plenty of time because they have a solid popular platform underneath them And so we find ourselves at a point where we wonder what the WordPress platform will be While WordPress is a product One thing it's always done well is to create an extensible environment For other folks to build interesting things on top of in the beginning. It was just hacks dot PHP Then the plug-in architecture landed the the filters and actions that we all know and love There was this was an environmental change that caused rapid evolution in the WordPress world Suddenly WordPress could be anything you wanted it to be Since then a lot of effort has gone into refining that plug-in architecture allowing bigger and better things to be built on top of WordPress Ultimately that led to the rest API which is shaping up to be the next environmental change in WordPress WordPress is a very opinionated framework to work with You tend to have to do things the WordPress way. I'm not saying this is necessarily a good thing or a bad thing It's just how developing with WordPress is The rest API you get with the rest API you get to ignore a bunch of those opinions Particularly around dealing with PHP When you start talking about building purely JavaScript applications, you get to do some really cool things on the client side When you have a nice clean API to talk to you can focus on making the user experience amazing the rest API is Hopefully getting very close to being ready to land in core and so it's good for us to take some time to think about How that will aid the next evolution of WordPress all software needs to evolve. It's never finished so What comes next? For me, I think it's a distributed platform I think it's a lot it allows you to build tools and products that aren't just installed on a WordPress site their functionality functionality spans across all sites Allowing and are able to make use of that distributed power One of the discussions that emerged from the community summit at WordCamp US last year was a clear desire for a roadmap for a vision of the future of WordPress Automatics release of Calypso was evidence of that the excitement we saw in the community about such a massive shift in direction Demonstrating the power of the rest API is something we haven't seen in some time And so I present the WordPress connect project for community discussion feedback and analysis There's no code as yet. What I've shared today is a vision of where it could go I'll be at the contributor day on Sunday where I'd be more than happy to organize a roundtable discussion where we could chat about this some more Finally, there's all of you Ultimately the decision of whether this is the right the right direction for a WordPress and exactly what format should take Will be shaped and guided by how it's viewed by the wider WordPress world. I Look forward to the many discussions. I'm sure we'll have over this Thank you