As for the discussion on composer. Before stable we talked extensively about this in the team. Not using composer to manage dependencies of extensions would be a huge pain. You can see this in the Wordpress world as well where developers of famous extensions like Yoast fallback on using composer as well, their struggle is real. Flarum will stick to composer, because from a security, stability and extensibility standpoint it's the only valid choice. Still, we are already making progress on simplifying some of the processes involving composer; we'll share more news when it makes sense to do so.
Sapioit I see, so the goal is for Flarum to not become as popular, because that would make it a better product, and some people don't want the product to become better, if it means more people use it and know of it.
We want to see Flarum become popular and we are working hard, tirelessly even, to make it better. But composer is a cornerstone for us for quality, security and stability that we cannot remove without risk.
Braden most of us who are using shared hosting would be forced to use cloudflare or other sort of server protections. I myself i have started to receive more than 250 blocked threats everyday, in just one month now, google had to report it to me, like "hey, its your job to ensure you protect the advertisers / advertisements because they are paying" .. Security is one thing everyone should take it seriously!
Google Adsense or similar advertising channels won't treat you negatively due to bot activity. The protection you speak of from CloudFlare protects you from potential attacks indeed. Without that protection those pages will return a 404 and thus won't hit any pages that would generate ads. As to crawling bots, I can assure you that Google will make sure to understand when bots are visiting, otherwise their own search indexer would cause tremendous pain on all those websites they keep bashing.
