[wp-trac] [WordPress Trac] #65095: Introduce Application Mode (DISABLE_BLOG) to disable post/blog features for secure non-CMS usage

WordPress Trac noreply at wordpress.org
Mon Apr 20 05:19:32 UTC 2026 

#65095: Introduce Application Mode (DISABLE_BLOG) to disable post/blog features for
secure non-CMS usage
-------------------------------------------------+-------------------------
 Reporter:  dramitstalbot                        |       Owner:  (none)
     Type:  feature request                      |      Status:  closed
 Priority:  normal                               |   Milestone:
Component:  General                              |     Version:
 Severity:  normal                               |  Resolution:  wontfix
 Keywords:  feature-request needs-design-        |     Focuses:  rest-api,
  feedback                                       |  performance
-------------------------------------------------+-------------------------

Comment (by dramitstalbot):

 Thank you @peterwilsoncc for the clarification and for taking the time to
 review this.

 I understand the decision and the perspective that WordPress core should
 remain focused on its primary role as a CMS.

 That said, I would like to briefly reiterate the motivation behind this
 proposal—not as a disagreement, but as additional context from real-world
 usage.

 In environments like healthcare systems (such as the HMIS I’m building),
 WordPress is being used strictly as an application framework. In such
 cases, disabling unused CMS-related components is not just about
 preference, but about reducing attack surface, simplifying architecture,
 and meeting stricter security expectations.

 I also understand that this may currently represent a small percentage of
 WordPress usage. At the same time, it’s possible that this usage remains
 limited in part because there isn’t yet a standardized or supported way to
 operate WordPress in a more application-focused mode.

 This area may represent an opportunity for future exploration, especially
 as WordPress continues to be adopted for internal tools, enterprise
 systems, and regulated environments.

 For now, I will continue implementing this as a custom application layer
 on top of WordPress, as suggested. If in the future there is any interest
 in exploring a more formalized or extensible approach within core (even in
 a limited or opt-in capacity), I would be happy to contribute, test, or
 provide feedback based on production use.

 Thank you again for the discussion and for maintaining clarity around core
 direction.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/65095#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list