Back in 2010 I was working for the Victorian Government here in Australia, managing the website and digital comms of the Gambling Licences Review. It was a high-profile project: gambling licences were going to be sold off to individual venues after being held by two companies, raising hundreds of millions in the process. The opposition was very vocal against the project, as you can imagine, and scrutiny was intense. I worked in the MarComms team, along with strategists, editors, writers, PR folk and a person responsible for crisis management.
I didn’t even know there was such a thing as ‘crisis management’ function at the time, but soon learnt that it was a critical one. Not just to handle a crisis, but to prevent them.
But how is this relevant to a small WordPress business? They hardly have a budget or bandwidth for Marketing, so how can they worry specifically about Crisis Management?
Crisis Management is not just for Enterprise
Let’s start with the definition of Crisis Management, which is quite broad. The Cambridge Dictionary defines it this way:
The actions that are taken to deal with an emergency or difficult situation in an organized way
An emergency can be anything that puts your business at risk. In the WordPress ecosystem, these are typically related to uptime or security, but it can be a whole range of things, including “the relentless onslaught of destructive posts and comments by certain WordPress influencers,” which is where Cwicly laid the blame at first.
Here are a couple of examples in tech. In the first case, the crisis wasn’t handled well, and in the second case it was.
The Equifax data breach ❌
A security breach at Equifax, one of the major credit reporting agencies in the US, exposed personal data of over 140 million people. They were criticized for their delayed response, poor communications, mismanagement and what caused the issue: failing to patch a software vulnerability. Their stock price fell 24% overnight and the CEO resigned.
Since then, new laws have been enacted forcing organizations to notify affected individuals when a security breach occurs.
WannaCry ransomware attack ✔️
In the same year, there was a global attack targeting Microsoft’s operating systems. Their response was fast and effective, and is considered as an example of good crisis management. They developed patches for legacy operating systems, communicated transparently and were proactive in engaging with customers as well as law enforcement. They conducted a post-mortem and used learnings to inform future strategies.
While WannaCry was very disruptive, affecting over 200,000 computers, Microsoft’s handling of the crisis ‘protected’ their brand from criticism and negative feedback. Trust is a very valuable currency in tech.
Please note: There are plenty of examples of security breaches in the WordPress ecosystem. I didn’t use them as examples to avoid focusing this piece too much on security. Search X for #WPDrama is you want to uncover non-security related issues.
Cwicly could have managed the crisis more effectively
Let’s start with their first public communication which took everyone by surprise, including their customers. Cwicly posted a message that included these paragraphs:
After much deliberation and soul-searching, I have made the difficult decision to discontinue the development of the Cwicly plugin. This decision has been deeply influenced by recent events that have profoundly affected both me personally and the team.
Unfortunately, the relentless onslaught of destructive posts and comments by certain WordPress influencers has created an atmosphere that has made it increasingly challenging for us to continue with our vision for Cwicly. Since the launch of Cwicly, not only have we had to build our product but have suffered the constant undermining of our choice to embrace the WordPress vision which is Gutenberg. In addition, personal attacks on both myself and team members have been made and openly tolerated throughout.
The negativity and hostility directed towards Cwicly, especially in comparison to other page builders, have taken a significant toll on our morale and motivation. Every effort we make to enhance or introduce new features is met with unwarranted criticism and untruths, making it increasingly difficult for us to operate in such a hostile environment.
Here’s the problem: the original issue – the relentless onslaught of destructive posts and comments by certain WordPress influencers – has extended externally to stakeholders:
- Website owners caught by surprise and wanting to know how they are affected
- Developers forced to look at alternatives
- YouTubers, bloggers and podcasters that have invested in creating content about Cwicly
- Potential investors or buyers
Also, if by pointing fingers they triggered further discussion, potentially adding fuel to the fire (that burnt them down in the first place).
The good news is there’s a lot of empathy in the WordPress community. Being open and honest is appreciated. That said, I think the whole situation could have been handled more effectively if they had:
- Revisited their community engagement strategy. There a many WordPress product folk that keep away from social media and limit communications. They may be missing out on Marketing opportunities but are saving time and avoid exposure to negativity.
- Developed a process to handle negativity. In its simplest format, this could be a form inviting anyone to provide feedback ‘for the team to consider’. So, acknowledging criticism publicly, inviting folk to submit feedback, and filtering out the nastiness to only deal with constructive criticism.
- Communicated concerns earlier on. Anticipating criticism, and asking and expecting a more positive discourse, perhaps as part of an announcement of what I have suggested above.
- Not blamed others publicly. Ponting fingers rarely works. It’s perceived as a knee-jerk reaction and even un-professional. It also acknowledges that there may be some issue with the product or service (or else why would people be commenting negatively?)
What a Crisis Management plan looks like for a WordPress business
If you are a Project Manager you’ll be familiar with this as there are similarities and overlaps with Risk Management. For everyone else, Asana have published a great post that covers all steps: What is a crisis management plan? (6 steps to create one).
Here’s a list of issues that a WordPress business should know how to address when they arise:
- Security breaches
- Issues with a product or service
- Negative PR
- A member of staff becoming involved in controversy
What else? Please share in the comments below.
A Crisis Management plan doesn’t need to be a formal doc. But it’s a good exercise to identify what can become and issue and what steps can be take to limit any kind of fallout. There are also opportunities. This should be the first thought of a WordPress business owner: how can a crappy situation be turned to one’s advantage.
Damage limitation
In a subsequent post on Discourse, Louis-Alexander Désiré clarified what will happen going forward, answering questions that had arise in customer’s minds following the first announcement, and reassuring them that they will not be left in the dark: “Details regarding these plans will be made available prior to year-end.” A much more useful and constructive communication he should have lead with.
Lawrence
In this piece, I talked about ‘communicating concerns earlier on.’
Here’s a good example: Breakdance pointed out in a blog post and customer comms that a recently reported vulnerability shouldn’t have been classified as such:
Preemptive Clarification: No RCE Vulnerability in Upcoming April 2 Report
Sharing screenshots of the communication they had with the ‘security researcher’ makes this piece super-clear to the reader.