LinkedIn Twitter
Serial Entrepreneur, 5 startups, Product Guy, and Inveterate Blogger!

10 responses to “WordPress and the Dark Side of Multitenancy”

  1. Michael Johnston

    My take on this one is slightly different, Bob. While one simple change shouldn’t take out an entire chunk of the web with a simple code commit, the fact is that it did and WordPress’ vulnerability is no different than just about any other system out there. What is needed is a fundamental rethink on how systems are designed and built. This problem has been around for decades and it is only getting worse as systems grow larger and more complex.

  2. Bob Warfield

    Michael, of course, that is the point of my post, that you are going to do very high risk things. The point was also to suggest some architectural and operational means of mitigating the risks.

    You’ve called for a fundamental rethink in your post, but you don’t really prescribe any remedies. Hand wringing is fine and well, but we need treatment as much or more than diagnosis.



  3. Michael Johnston

    Calling for a rethink was the point of my post, not necessarily prescribing remedies. People must realize the uncomfortable fact that, at their deepest levels, most every computing system built since ENIAC’s power switch was first flipped is vulnerable to the same house-of-cards design flaws. Treatment, such as you’ve suggested in your post, is fine, and I would advocate many of the same things you’re written. But the fundamental problem with treatment is that the underlying problem remains lurking, only to happen again, on some other system, perhaps with more severe consequences.

    I think it’s time we start considering how systems can be designed better, so they don’t suffer from these flaws. As long as humans continue designing systems in this same way, human error will occasionally bring them down. I’m not advocating any particular approach, not yet at least. But after watching things blow up like this for more than three decades, and considering the increasing centralization of computing services and their importance to society as a whole, the impact and the risks are becoming greater still.

  4. Greg K

    I would argue that WordPress is NOT a true multi-tenant… as I understand their architecture, it’s all shared resources right down to the blogging software. In a true multi-tenant environment, each instance would be silo’d off from another so a simple change in code on one would not effect the other 10 million.

    Also, as I understand it, it’s not a cloud, it’s an ISP host which is a huge difference.

  5. Bob Warfield

    Greg, many, if not most, multitenant architectures even comingle the instances in the same tables. That’s not very silo’d at all.



  6. Gaurav Bagdi

    Hi Bob

    It’s a great post you wrote there highlighting certain areas where WP needs to work on, Indeed.
    nevertheless, as far as my technical understandings are concern, i wouldn’t mind calling it another human error made by certain group of programmers which could term as unavoidable in certain cases.
    Now, the point comes even if the programmer made the mistakes. I heard, MATT himself clarifying
    the reason behind the outage or disruption of service was due to a single code error which made the servers act strangely on the options table in the wordpress platform itself.
    Well, i wonder if we know something as SOFTWARE TESTING ?! or maybe QUALITY TESTING?
    before making the changes into the live blogs. not to mention the numbers (10 millions of them)
    Something fishy in there, indeed.
    But, not to focus on the past it is better to figure out a future strategy to avoid such a mishaps where big tech blogs and research honchos can go blank in a blink as a consequence.
    Implementing CLOUD to host WP isn’t a bad idea. Top of it, i think MATT and his team must be in the process of thinking or scripting out a WPCLOUD already.
    I think, in terms of growing number of demands by users/customers. Stability and 24/7 back up is a necessary requirement for the current generation and would play an extensive role in terms of Applications of Cloud Computing in real time for coming few years or so.
    Nevertheless, being a WP user myself. I admire MATT for his innovative thoughts behind WP and it’s subsidiaries.

    Long live the CLOUD.


  7. All For One, One For All? On Standardizing Virtual Appliance Operating Systems | Rational Survivability

    […] an example, check out how a simple software error affected tens of millions of users of WordPress (WordPress and the dark side of multitenancy.) While we’re talking about a different layer in the stack, the issue is the […]

  8. CRM Outsiders » Blog Archive » Where multitenancy fails, the Sugar Open Cloud steps in

    […] Bob Warfield, serial entrepreneur and experienced SaaS executive posted though, there are better ways now to design a SaaS infrastructure that won’t be as vulnerable […]

  9. Outages Don’t Scare Me « Jason Nassi

    […] through a variety of sources coming through my Twitter stream, and made the switch anyway.  Bob Warfield’s post on Enterprise Irregulars crossed my plate repeatedly as […]

  10. Online Games Guide

    Thx for your informations 5 Stars!