Skip to content

Reasons why we switched to WordPress and quit flarum

Moved Discussion
  • @Sala

    Flarum also has security issues

    This might be a little unfair on them seeing as they responded to this specific issue and remediated it. Currently, to my knowledge, there are no other vulnerabilities identified, and based on this, I don’t think it’s fair to assume there are.

    As you know, I’m not a fan of flarum by any means given it’s complete lack of out of the box GDPR compatibility, but I wouldn’t state this omission if it were to be included in the core.

  • @phenomlab the problem is that the issue has been around for quite some time. All versions below the patched one had this security loophole. So it’s important to state it. If it took 5 years to know it, let newbies be aware that it’s a playground for serious developers or just a batch to toy with your wallet and dreams.

  • @Sala you’re making points here which are hard to argue - and I certainly won’t refute then as they are well known (and well suffered certainly by me directly).

    There’s also the time it took to reach “stable” - 5 years. Given the arrival of Blomstra, it was clear from the start in terms of the intention to monetize, and it seems to be a focal point.

    The final comment from me would be around keeping the core minimal. Both GDPR and SEO capacities should both be an out of the box experience when they are not. It seems that flarum has taken the stance that the core will be a framework to hand other things on - those “things” being in the form of extensions.

    Keeping the core “lean” is another way of distancing yourself so there isn’t the need to commit to what should be base (and free) functionality or develop and then allow poorly written extensions to hook into the core and effectively slow it down.

    Community extensions should not have to bridge the gap between what is a usable product and one that is effectively useless in today’s evolving market.

  • phenomlabundefined phenomlab marked this topic as a regular topic on
  • phenomlabundefined phenomlab moved this topic from WordPress on
  • @Sala I decided to fork this topic away from the original thread, as I think this deserves a discussion in it’s own right. I’ll be adding more comments here to further bolster the points I made above.

  • @phenomlab said in Reasons why we switched to WordPress and quit flarum:

    It seems that flarum has taken the stance that the core will be a framework to hand other things on - those “things” being in the form of extensions.
    Keeping the core “lean” is another way of distancing yourself so there isn’t the need to commit to what should be base (and free) functionality or develop and then allow poorly written extensions to hook into the core and effectively slow it down.

    That’s interesting you say this, because this is exactly the stance that NodeBB has taken as well. Perhaps not overtly so, but if you ask me directly, that’s my usual go-to line.

    That said, I suppose the difference lies in what we perceive as necessary in terms of “batteries included”. It essentially boils down to what proportion of people would want feature X? If it’s something higher than say, 80%, then that’s a pretty good reason to include it out-of-the-box.

    SEO and GDPR were two things specifically that we decided must be included… I mean, who doesn’t want better ranking on search engines?

  • @julian said in Reasons why we switched to WordPress and quit flarum:

    That said, I suppose the difference lies in what we perceive as necessary in terms of “batteries included”. It essentially boils down to what proportion of people would want feature X? If it’s something higher than say, 80%, then that’s a pretty good reason to include it out-of-the-box.

    And there lies the exact answer. GDPR and SEO are in my view fundamental basics which should be included with the core product. Interestingly, when I left flarum, they still had no functional GDPR extension and took a somewhat maverick view as to how it should be handled, which as a privacy advocate and security expert by trade, this didn’t sit well with me at all.

    They are also marketing Blomstra, their paid service out of Europe where for example, Germany have some of the toughest data protection laws around - yet have no formal GDPR facility. Complete madness.

    NodeBB has GDPR and SEO out of the box, amongst a whole array of other utilities which makes it light years ahead of flarum. Even with all this extra functionality, NodeBB easily outperforms flarum mostly due to being nodejs based against PHP - and it’s never slow.

    I totally understand the concept of a lean core, but when that comes at the cost of negating what should be a baseline for any forum to be able to operate, it’s the wrong model and will cause damage in the long run. Sure, you can’t accommodate everything, and I’m no fan of bloat, but going from flarum to NodeBB was literally night and day in terms of the overall experience alone.

    Flarum has an extensive community, but with so much reliance on third party extensions and a product that took 5 years to leave beta, it’s future is questionable in my view.

  • @phenomlab there is also a bad link structure for example /d/-32 and /d/33/

    If they decide to restructure those links back to normal, so many links would be lost on searches. So it’s either they continue to sit on it and let it look bad, or they force the implementation. We all know that even when you decide to use an old Flarum (and keep the old links), you will somehow be forced to change to the new Flarum because, as time goes on, most extensions will not work and Flarum is not easily editable like WordPress.

  • @Sala If they did change it, they’d have to create a mechanism that generates 301 redirects otherwise, as you say, there would be dead links all over the place. I never fully understood this schematic (apart from the obvious being “d” = discussion), but it’s clear they took this route to shorten the overall URL.

    Either way, it’s ugly from the cosmetic approach at the least.

  • @phenomlab It’s not my place to judge whether /d (or /t in Discourse) is better or worse than other implementations, I just personally consider that part of a site’s overall API, and — without even considering SEO value — a single letter endpoint makes little sense from a readability perspective.

    That said, if their router allows regex, it’s fairly simple to have it serve up HTTP 301/308 on the old route 🤷


    It also suffers from the same problem we have… that we’ve hardcoded /topic and /category (among other routes), and it’s English, yet we live in a multi-lingual world 😄

  • @julian said in Reasons why we switched to WordPress and quit flarum:

    It also suffers from the same problem we have… that we’ve hardcoded /topic and /category (among other routes), and it’s English, yet we live in a multi-lingual world

    Yes, and this is always going to be a downside. However, I think the URL itself is generally accepted to be in English, but the content isn’t.

  • @Sala I remember a year ago when I was on the Flarum forum, crying like a baby without realizing how terrible their ecosystem was, despite having a beautiful theme. Now, we’ve transitioned to SiForum and created a custom theme that looks exactly like Flarum. We’ve replaced the composer with WPDiscuz, added a block for related discussions on the discussion page, and created related category pages for each category. The search function works wonderfully, and with the help of redirection and SEO plugins, I now have complete control over my site. Plus, Google now recognizes all of my pages. I feel alive and fulfilled.

  • @Hari thanks. For anyone looking for the SiForum theme, you can find that here

    https://github.com/sinanisler/SiForum

  • You should except something like this slowing down your flarum

    flarum

  • @Sala that’s pretty hard to read, but with that many extensions, no wonder it’s slow.


Related Topics