Exactly. It might be fine. It might even be great!

But no matter how much code, including tests that AI can generate there was only one human thinking about those prompts, for a few months.

Any defects in that single human's thought process for overall architecture, security architecture, test architecture and coverage were not reviewed by any other human who might think differently and catch things that were missed. Ideally they were all at least reviewed by AI, but how differently operate from itself? It isn't particularly good at detecting its own errors without a human telling it to, which means the human needs to detect it in the first place.

Perhaps my most important point here is simply everyone here on HN is aware of all of these things, and as excited as some of us are about AI coded endeavors, the top response here will likely be the top response for many years - how do I know it isn't garbage? AI might be able to generate code fast, but informed users will definitely develop trust in it on a more human time scale.

I think the core idea of addressing a core architecture security defect in Wordpress has a legs. I'd make the case that the security architecture demonstrated here is table stakes for new software projects in 2026 when it clearly wasn't really conceivable in 2003. Though I'd also argue that many of the top Wordpress plugins should be shipped as "batteries included" in any successor, spiritual or otherwise - it would remain important to be extensible beyond those, securely.

A spiritual successor to Wordpress designed to run modern cloud infrastructure is a neat thing no doubt.

But after handling a bunch of horrible Wordpress and PHP stuff in my life lately, I'm tacking a bit of begging onto my hopefully useful response. Someone, anyone, AI coded or not, please work on a COMPLETE successor to Wordpress. And PHP really - though I do think taking care of Wordpress would entirely deal with the PHP problem.

What do I mean? All the modern table stakes stuff: * API first * fast bits in Rust (or Zig whatever IDK) * WASM * modern security architecture * batteries included - it is extremely dumb to have to add a plugin for calendars/dates/events and have about 100+ options for those. * designed to be deployed into modern clouds.. but also self-hostable on a single server, or colocated by small (cheap!) providers - ie: addressing ALL of the user base of Wordpress * one-click migration from Wordpress. Wordpress does this "with itself" to allow admins to move from one provider to another. Without this feature, might as well not bother

There is a business opportunity here I believe, though I'm not proposing a business model per se. A lot of people, myself included pay for Wordpress hosting while also hating it and being ready to leap at an alternative - even if it cost more.