WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many features including a plugin architecture and a templating system. Used by over 2% of the 10,000 biggest websites, WordPress is the most popular blog software in use today.
It was first released in May 2003 by Matt Mullenweg as a fork of b2/cafelog. As of September 2009, it was being used by 202 million websites worldwide.
WordPress Template Hierarchy
WordPress has a templating system, which includes widgets that can be rearranged without editing PHP or HTML code, as well as themes that can be installed and switched between. The PHP and HTML code in themes can also be edited for more advanced customizations. WordPress also features integrated link management; a search engine-friendly, clean permalink structure; the ability to assign nested, multiple categories to articles; and support for tagging of posts and articles. Automatic filters that provide for proper formatting and styling of text in articles (for example, converting regular quotes to smart quotes) are also included. WordPress also supports the Trackback and Pingback standards for displaying links to other sites that have themselves linked to a post or article. Finally, WordPress has a rich plugin architecture which allows users and developers to extend its functionality beyond the features that come as part of the base install.
Native applications exist for Android, iPhone/iPod Touch, and BlackBerry which provide access to some of the features in the WordPress Admin panel and work with WordPress.com and many WordPress.org blogs.
WordPress can be deployed using various methods on a hosting environment. Users have the option to download the current version of WordPress from WordPress.org
. From there, they can upload the source code and its dependencies to their hosting environment. Previously seen as a difficult method to install WordPress, extensive documentation as well as a user friendly installer have proved different.
WordPress can also be installed via the Microsoft Web Platform Installer which installs WordPress on Windows and IIS. The Web PI will automatically detect any missing dependencies such as PHP or MySQL then install and configure them before installing WordPress.
Advanced users have the option to have WordPress downloaded to their server and consistently updated using SVN. This will allow users to remain updated easily.
Free hosting services such as WordPress.com offer users an easy way to deploy a WordPress blog on-line without having to install WordPress on your own web server. Many shared web hosting services also offer automated WordPress installation through their control panel.
b2/cafelog, more commonly known as simply b2 or cafelog, was the precursor to WordPress. b2/cafelog was estimated to have been employed on approximately 2,000 blogs as of May 2003. It was written in PHP for use with MySQL by Michel Valdrighi, who is now a contributing developer to WordPress. Although WordPress is the official successor, another project, b2evolution, is also in active development.
In 2004 the licensing terms for the competing Movable Type package were changed by Six Apart, and many of its users migrated to WordPress – causing a marked and continuing growth in WordPress’s popularity. By October, 2009, the 2009 Open Source CMS Market Share Report reached the conclusion that WordPress enjoys the greatest brand strength of any open source content management systems. That conclusion was based on an extensive analysis of rate of adoption patterns and brand strength and was backed by a survey of users.
In 2007 WordPress won a Packt Open Source CMS Award.
In 2009 WordPress won the best Open Source CMS Award.
Removal of sponsored themes
On 10 July 2007, following a discussion on the WordPress ideas forum and a post by Mark Ghosh in his blog Weblog Tools Collection, Matt Mullenweg announced that the official WordPress theme directory at http://themes.wordpress.net
would no longer host themes containing sponsored links. Although this move was criticized by designers and users of sponsored themes, it was applauded by WordPress users who consider such themes to be spam. The official WordPress theme directory ceased to accept any new themes, including those without sponsored links, shortly after the announcement was made. Sponsored themes are still available elsewhere, as well as free themes with additional sponsored links added by third parties.
On July 18, 2008, a new theme directory opened at http://wordpress.org/extend/themes/
. It was styled along the same lines as the plug-ins directory, Any theme that is uploaded to it will be vetted, first by an automated program and then by a human.
On December 12, 2008, over 200 themes were removed from the WordPress theme directory as they did not comply with GPL License requirements. Today, author mentions are permitted in each theme but the official policy does not allow for sponsorships or links to sites distributing non-GPL compatible themes. Non-GPL compliant themes are now hosted on other theme directories.
Many security issues were uncovered in the software, particularly in 2007 and 2008. According to Secunia, WordPress in April 2009 had 7 unpatched security advisories (out of 32 total), with a maximum rating of “Less Critical”.
BlogSecurity maintains a list of WordPress vulnerabilities, up to version 2.3. Secunia keeps a more recently updated list.
In January 2007, many high-profile Search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring AdSense, were targeted and attacked with a WordPress exploit. A separate vulnerability on one of the project site’s web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.
In May 2007, a study revealed that 98% of WordPress blogs being run were exploitable because they were running outdated and unsupported versions of the software.
In a June 2007 interview, Stefen Esser, the founder of the PHP Security Response Team, spoke critically of WordPress’s security track record, citing problems with the application’s architecture that made it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems.
On February 13th 2010 Thomas Mackenzie released an advisory regarding a vulnerability of failing to restrict URL access. The advisory can be found at Thomas’s Blog
WordPress supports one blog per installation, although multiple concurrent copies may be run from different directories if configured to use separate database tables.
WordPress Multi-User (WordPress MU, or just WPMU) is a fork of WordPress created to allow multiple blogs to exist within one installation that is able to be administered by a centralized maintainer. WordPress MU makes it possible for those with a website to host their own blogging community, as well as control and moderate all the blogs from a single dashboard. WordPress MU adds eight new data tables for each blog.
Matt Mullenweg announced that WordPress MU would be merged with WordPress as part of a future release (version 3.0).
Lyceum is another enterprise-edition of WordPress. Unlike WordPress MU, Lyceum stores all of its information in a set number of database tables. Notable communities that use Lyceum are TeachFor. Us (Teach for America teachers’ blogs), BodyBlogs and the Hopkins Blogs.