WP Tavern has an article–now with dozens of comments–arguing that the wow factor in major WordPress release is getting few and far between.
Because of WordPress’ maturity and the short development cycle, major features are getting few and far between. By looking at the Beta tab on the WordPress plugin directory, visitors can view projects that may end up in future versions of WordPress. The only project on the page that excites me is the Front-end Editor but based on how long it’s been in development, I’m not holding my breath.
Please excuse me while I throw up in my mouth. The self-hosted version of WordPress is one of the most widely deployed pieces of software on the web, and yet in 2016 users still have to track down a plugin if they want to do something as basic as rate limit logins to prevent brute force password attacks.
At this point, the lack of such a basic feature has to be put down to extremely poor leadership and vision. WordPress is deployed by a lot of novices, and not only should there be a rate-limit feature, but it should be enabled by default.
But hey, what’s minimal security features in a world where the admin UI needs to be redesigned repeatedly or basic features in the editor need to be removed for no good reason?