The Singapore LGBT encyclopaedia Wiki

WordPress (WP, WordPress.org) is a free and open-source content management system (CMS) written in PHP[1] and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes. WordPress was originally created as a blog-publishing system but has evolved to support other types of web content including more traditional mailing lists and forums, media galleries, membership sites, learning management systems (LMS) and online stores. WordPress is used by more than 60 million websites,[2] including 33.6% of the top 10 million websites Template:As of,[3][4] WordPress is one of the most popular content management system solutions in use.[5] WordPress has also been used for other application domains such as pervasive display systems (PDS).[6]

WordPress was released on May 27, 2003, by its founders, American developer Matt Mullenweg[7] and English developer Mike Little,[8][9] as a fork of b2/cafelog. The software is released under the GPLv2 (or later) license.[10]

To function, WordPress has to be installed on a web server, either part of an Internet hosting service like WordPress.com or a computer running the software package WordPress.org in order to serve as a network host in its own right.[11] A local computer may be used for single-user testing and learning purposes.

Overview[]

"WordPress is a factory that makes webpages"[12] is a core analogy designed to clarify the functions of WordPress: it stores content and enables a user to create and publish webpages, requiring nothing beyond a domain and a hosting service.

WordPress has a web template system using a template processor. Its architecture is a front controller, routing all requests for non-static URIs to a single PHP file which parses the URI and identifies the target page. This allows support for more human-readable permalinks.[13]

Themes[]

WordPress users may install and switch among different themes. Themes allow users to change the look and functionality of a WordPress website without altering the core code or site content. Every WordPress website requires at least one theme to be present and every theme should be designed using WordPress standards with structured PHP, valid HTML (HyperText Markup Language), and Cascading Style Sheets (CSS). Themes may be directly installed using the WordPress "Appearance" administration tool in the dashboard, or theme folders may be copied directly into the themes directory, for example via FTP.[14] The PHP, HTML and CSS found in themes can be directly modified to alter theme behavior, or a theme can be a "child" theme that inherits settings from another theme and selectively overrides features.[15] WordPress themes are generally classified into two categories: free and premium. Many free themes are listed in the WordPress theme directory (also known as the repository), and premium themes are available for purchase from marketplaces and individual WordPress developers. WordPress users may also create and develop their own custom themes. The free theme Underscores created by the WordPress developers has become a popular basis for new themes.[16]

Plugins[]

WordPress' plugin architecture allows users to extend the features and functionality of a website or blog. As of January 2020, WordPress.org has 55,487 plugins available,[17] each of which offers custom functions and features enabling users to tailor their sites to their specific needs. However, this does not include the premium plugins that are available (approximately 1,500+), which may not be listed in the WordPress.org repository. These customizations range from search engine optimization (SEO), to client portals used to display private information to logged in users, to content management systems, to content displaying features, such as the addition of widgets and navigation bars. Not all available plugins are always abreast with the upgrades and as a result they may not function properly or may not function at all. Most plugins are available through WordPress themselves, either via downloading them and installing the files manually via FTP or through the WordPress dashboard. However, many third parties offer plugins through their own websites, many of which are paid packages.

Web developers who wish to develop plugins need to learn WordPress' hook system which consists of over 300 hooks divided into two categories: action hooks and filter hooks.

Mobile applications[]

Phone apps for WordPress exist for WebOS,[18] Android,[19] iOS (iPhone, iPod Touch, iPad),[20][21] Windows Phone, and BlackBerry.[22] These applications, designed by Automattic, have options such as adding new blog posts and pages, commenting, moderating comments, replying to comments in addition to the ability to view the stats.[20][21]

Accessibility[]

The WordPress Accessibility Team has worked to improve the accessibility for core WordPress as well as support a clear identification of accessible themes.[23] The WordPress Accessibility Team provides continuing educational support about web accessibility and inclusive design. The WordPress Accessibility Coding Standards state that "All new or updated code released in WordPress must conform with the Web Content Accessibility Guidelines 2.0 at level AA."[24]

Other features[]

WordPress also features integrated link management; a search engine–friendly, clean permalink structure; the ability to assign multiple categories to posts; and support for tagging of posts. Automatic filters are also included, providing standardized formatting and styling of text in posts (for example, converting regular quotes to smart quotes). WordPress also supports the Trackback and Pingback standards for displaying links to other sites that have themselves linked to a post or an article. WordPress posts can be edited in HTML, using the visual editor, or using one of a number of plugins that allow for a variety of customized editing features.

Multi-user and multi-blogging[]

Prior to version 3, WordPress supported one blog per installation, although multiple concurrent copies may be run from different directories if configured to use separate database tables. WordPress Multisites (previously referred to as WordPress Multi-User, WordPress MU, or WPMU) was a fork of WordPress created to allow multiple blogs to exist within one installation but is able to be administered by a centralized maintainer. WordPress MU makes it possible for those with websites to host their own blogging communities, as well as control and moderate all the blogs from a single dashboard. WordPress MS adds eight new data tables for each blog.

As of the release of WordPress 3, WordPress MU has merged with WordPress.[25]

History[]

b2/cafelog, more commonly known as b2 or cafelog, was the precursor to WordPress.[26] b2/cafelog was estimated to have been installed on approximately 2,000 blogs as of May 2003.[27] It was written in PHP for use with MySQL by Michel Valdrighi, who is now a contributing developer to WordPress. Although WordPress is the official successor, another project, b2evolution, is also in active development.

WordPress first appeared in 2003 as a joint effort between Matt Mullenweg and Mike Little to create a fork of b2.[28] Christine Selleck Tremoulet, a friend of Mullenweg, suggested the name WordPress.[29][30]

In 2004 the licensing terms for the competing Movable Type package were changed by Six Apart, resulting in many of its most influential users migrating to WordPress.[31][32] By October 2009 the Open Source CMS MarketShare Report concluded that WordPress enjoyed the greatest brand strength of any open-source content management system.

As of June 2019, WordPress is used by 60.8% of all the websites whose content management system is known. This is 27.5% of the top 10 million websites.[3][33]

Awards and recognition[]

  • Winner of InfoWorld's "Best of open source software awards: Collaboration", awarded in 2008.[34]
  • Winner of Open Source CMS Awards's "Overall Best Open Source CMS", awarded in 2009.[35]
  • Winner of digitalsynergy's "Hall of Fame CMS category in the 2010 Open Source", awarded in 2010.[36]
  • Winner of InfoWorld's "Bossie award for Best Open Source Software", awarded in 2011.[37]
  • WordPress has a five star privacy rating from the Electronic Frontier Foundation.[38]

Release history[]

Main releases of WordPress are codenamed after well-known jazz musicians, starting from version 1.0.[39][40] Template:Version

Version Code name Release date Notes
Template:Version none May 27, 2003[41] Used the same file structure as its predecessor, b2/cafelog, and continued the numbering from its last release, 0.6.[42] Only 0.71-gold is available for download in the official WordPress Release Archive page.
Template:Version Davis January 3, 2004[43] Added search engine friendly permalinks, multiple categories, dead simple installation and upgrade, comment moderation, XFN support, Atom support.
Template:Version Mingus May 22, 2004[44] Added support of Plugins; which same identification headers are used unchanged in WordPress releases Template:As of.
Template:Version Strayhorn February 17, 2005[45] Added a range of vital features, such as ability to manage static pages and a template/Theme system. It was also equipped with a new default template (code named Kubrick).[46] designed by Michael Heilemann.
Template:Version Duke December 31, 2005[47] Added rich editing, better administration tools, image uploading, faster posting, improved import system, fully overhauled the back end, and various improvements to Plugin developers.
Template:Version Ella January 22, 2007[48] Corrected security issues, redesigned interface, enhanced editing tools (including integrated spell check and auto save), and improved content management options.
Template:Version Getz May 16, 2007[49] Added widget support for templates, updated Atom feed support, and speed optimizations.
Template:Version Dexter September 24, 2007[50] Added native tagging support, new taxonomy system for categories, and easy notification of updates, fully supports Atom 1.0, with the publishing protocol, and some much needed security fixes.
Template:Version Brecker March 29, 2008[51] Major revamp to the dashboard, dashboard widgets, multi-file upload, extended search, improved editor, improved plugin system and more.
Template:Version Tyner July 15, 2008[52] Added new features that made WordPress a more powerful CMS: it can now track changes to every post and page and allow easy posting from anywhere on the web.
Template:Version Coltrane December 11, 2008[53] Administration interface redesigned fully, added automatic upgrades and installing plugins, from within the administration interface.
Template:Version Baker June 10, 2009[54] Added improvements in speed, automatic installing of themes from within administration interface, introduces the CodePress editor for syntax highlighting and a redesigned widget interface.
Template:Version Carmen December 19, 2009[55] Added global undo, built-in image editor, batch plugin updating, and many less visible tweaks.
Template:Version Thelonious June 17, 2010[56] Added a new theme APIs, merge WordPress and WordPress MU, creating the new multi-site functionality, new default theme "Twenty Ten" and a refreshed, lighter admin UI.
Template:Version Reinhardt February 23, 2011[57] Added the Admin Bar, which is displayed on all blog pages when an admin is logged in, and Post Format, best explained as a Tumblr like micro-blogging feature. It provides easy access to many critical functions, such as comments and updates. Includes internal linking abilities, a newly streamlined writing interface, and many other changes.
Template:Version Gershwin July 4, 2011[58] Focused on making WordPress faster and lighter. Released only four months after version 3.1, reflecting the growing speed of development in the WordPress community.
Template:Version Sonny December 12, 2011[59] Focused on making WordPress friendlier for beginners and tablet computer users.
Template:Version Green June 13, 2012[60] Focused on improvements to theme customization, Twitter integration and several minor changes.
Template:Version Elvin December 11, 2012[61] Support for the Retina Display, color picker, new default theme "Twenty Twelve", improved image workflow.
Template:Version Oscar August 1, 2013[62] New default theme "Twenty Thirteen", admin enhancements, post formats UI update, menus UI improvements, new revision system, autosave and post locking.
Template:Version Basie October 24, 2013[63] Automatically apply maintenance and security updates in the background, stronger password recommendations, support for automatically installing the right language files and keeping them up to date.
Template:Version Parker December 12, 2013[64] Improved admin interface, responsive design for mobile devices, new typography using Open Sans, admin color schemes, redesigned theme management interface, simplified main dashboard, "Twenty Fourteen" magazine style default theme, second release using "Plugin-first development process".
Template:Version Smith April 16, 2014[65] Improvements to editor for media, live widget and header previews, new theme browser.
Template:Version Benny September 4, 2014[66] Improved media management, embeds, writing interface, easy language change, theme customizer, plugin discovery and compatibility with PHP 5.5 and MySQL 5.6.[67]
Template:Version Dinah December 18, 2014[68] Twenty Fifteen as the new default theme, distraction-free writing, easy language switch, Vine embeds and plugin recommendations.
Template:Version Powell April 23, 2015[69] New "Press This" features, improved characters support, emoji support, improved customizer, new embeds and updated plugin system.
Template:Version Billie August 18, 2015[70] Focus on mobile experience, better passwords and improved customizer.
Template:Version Clifford December 8, 2015[71] Introduction of "Twenty Sixteen" theme, and improved responsive images and embeds.
Template:Version Coleman April 12, 2016[72] Added inline linking, formatting shortcuts, live responsive previews, and other updates under the hood.
Template:Version Pepper August 16, 2016[73] Added streamlined updates, native fonts, editor improvements with inline link checker and content recovery, and other updates under the hood.
Template:Version Vaughan December 6, 2016[74] Comes with new default theme "Twenty Seventeen", Video Header Support, PDF preview, custom CSS in live preview, editor Improvements, and other updates under the hood.
Template:Version Evans June 8, 2017[75] The next-generation editor. Additional specific goals include the TinyMCE inline element / link boundaries, new media widgets, WYSIWYG in text widget. End Support for Internet Explorer Versions 8, 9, and 10.
Template:Version Tipton November 16, 2017[76] Improved theme customizer experience, including scheduling, frontend preview links, autosave revisions, theme browsing, improved menu functions, and syntax highlighting. Added new gallery widget and updated text and video widgets. Theme editor gives warnings and rollbacks when saving files that produce fatal errors.[77]
Template:Version Bebo December 6, 2018[78] New block based editor Gutenberg[79] with new default theme "Twenty Nineteen".
Template:Version Betty February 21, 2019[80] PHP version upgrade notices, and block editor improvements.
Template:Version Jaco May 7, 2019[81] Include Site Health Check, PHP error protection, the all new block directory, and update package signing.
Template:Version Kirk November 12, 2019[82] Polish current user interactions and make user interfaces more user friendly. New default theme "Twenty Twenty", designed by Anders Norén.
Template:Version Adderley March 31, 2020[83] Social Icons and Buttons blocks added, blocks customization and user interface improved, added features for personal data exports, custom fields for menu items, blocks improvements for developers.[84]
Template:Version Eckstine August 11, 2020[85] Added lazy-loading images, XML sitemaps by default, auto-updates to plugins and themes, and improvements to the block editor.[86]

WordPress 5.0 "Bebo"[]

The December 2018 release of WordPress 5.0, "Bebo", is named in homage to the pioneering Cuban jazz musician Bebo Valdés.[87]

File:New WordPress Page Editor.png

It included a new default editor "Gutenberg" – a block-based editor; it allows users to modify their displayed content in a much more user friendly way than prior iterations. Blocks are abstract units of markup that, composed together, form the content or layout of a web page.[88] Past content that was created on WordPress pages is listed under what is referred to as a Classic Block.[89] Prior to Gutenberg, there were several block-based editors available as WordPress plugins, e.g. Elementor, and following the release of Gutenberg it was compared to existing plugins.[90][91]

Classic Editor plugin[]

The Classic Editor Plugin was created as result of User preferences and as a way to help website developers to maintain past plugins only compatible with WordPress 4.9.8 giving plugin developers time to get their plugins updated & compatible with the 5.0 release. Having the Classic Editor plugin installed restores the "classic" editing experience that WordPress has had up until the WordPress 5.0 release.[92] The Classic Editor Plugin will be supported at least until 2022.[93]

The Classic Editor plugin is active on over 5,000,000 installations of WordPress.[94]

Vulnerabilities[]

Many security issues[95] have been uncovered in the software, particularly in 2007, 2008, and 2015. According to Secunia, WordPress in April 2009 had seven unpatched security advisories (out of 32 total), with a maximum rating of "Less Critical". Secunia maintains an up-to-date list of WordPress vulnerabilities.[96]

In January 2007, many high-profile search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring AdSense, were targeted and attacked with a WordPress exploit.[97] A separate vulnerability on one of the project site's web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.[98]

In May 2007, a study revealed that 98% of WordPress blogs being run were exploitable because they were running outdated and unsupported versions of the software.[99] In part to mitigate this problem, WordPress made updating the software a much easier, "one click" automated process in version 2.7 (released in December 2008).[100] However, the filesystem security settings required to enable the update process can be an additional risk.[101]

In a June 2007 interview, Stefan Esser, the founder of the PHP Security Response Team, spoke critically of WordPress' security track record, citing problems with the application's architecture that made it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems.[102]

In June 2013, it was found that some of the 50 most downloaded WordPress plugins were vulnerable to common Web attacks such as SQL injection and XSS. A separate inspection of the top-10 e-commerce plugins showed that seven of them were vulnerable.[103]

In an effort to promote better security, and to streamline the update experience overall, automatic background updates were introduced in WordPress 3.7.[104]

Individual installations of WordPress can be protected with security plugins that prevent user enumeration, hide resources and thwart probes. Users can also protect their WordPress installations by taking steps such as keeping all WordPress installation, themes, and plugins updated, using only trusted themes and plugins,[105] editing the site's .htaccess configuration file if supported by the web server to prevent many types of SQL injection attacks and block unauthorized access to sensitive files. It is especially important to keep WordPress plugins updated because would-be hackers can easily list all the plugins a site uses, and then run scans searching for any vulnerabilities against those plugins. If vulnerabilities are found, they may be exploited to allow hackers to, for example, upload their own files (such as a web shell) that collect sensitive information.

Developers can also use tools to analyze potential vulnerabilities, including WPScan, WordPress Auditor and WordPress Sploit Framework developed by 0pc0deFR. These types of tools research known vulnerabilities, such as a CSRF, LFI, RFI, XSS, SQL injection and user enumeration. However, not all vulnerabilities can be detected by tools, so it is advisable to check the code of plugins, themes and other add-ins from other developers.

In March 2015, it was reported by many security experts and SEOs, including Search Engine Land, that a SEO plugin for WordPress called Yoast which is used by more than 14 million users worldwide has a vulnerability which can lead to an exploit where hackers can do a Blind SQL injection.[106][107] To fix that issue they immediately introduced a newer version 1.7.4 of the same plugin to avoid any disturbance on web because of the security lapse that the plugin had.[108]

In January 2017, security auditors at Sucuri identified a vulnerability in the WordPress REST API that would allow any unauthenticated user to modify any post or page within a site running WordPress 4.7 or greater. The auditors quietly notified WordPress developers, and within six days WordPress released a high priority patch to version 4.7.2 which addressed the problem.[109][110]

File:Typical Tor Browser notification of a canvas read attempt.png

The canvas fingerprinting warning that is typically given by Tor Browser for WordPress-based websites.

As of WordPress 5.2, the minimum PHP version requirement is PHP 5.6,[111] which was released on August 28, 2014,[112] and which has been unsupported by the PHP Group and not received any security patches since December 31, 2018.[112] Thus, WordPress recommends using PHP version 7.3 or greater.[111]

In the absence of specific alterations to their default formatting code, WordPress-based websites use the canvas element to detect whether the browser is able to correctly render emoji. Because Tor Browser does not currently discriminate between this legitimate use of the Canvas API and an effort to perform canvas fingerprinting, it warns that the website is attempting to 'extract HTML5 canvas image data'. Ongoing efforts seek workarounds to reassure privacy advocates while retaining the ability to check for proper emoji rendering capability.[113]

Development and support[]

Key developers[]

Matt Mullenweg and Mike Little were co-founders of the project. The core lead developers include Helen Hou-Sandí, Dion Hulse, Mark Jaquith, Matt Mullenweg, Andrew Ozz, and Andrew Nacin.[114][115]

WordPress is also developed by its community, including WP testers, a group of volunteers who test each release. They have early access to nightly builds, beta versions and release candidates. Errors are documented in a special mailing list or the project's Trac tool.

Though largely developed by the community surrounding it, WordPress is closely associated with Automattic, the company founded by Matt Mullenweg.[116] On September 9, 2010, Automattic handed the WordPress trademark to the newly created WordPress Foundation, which is an umbrella organization supporting WordPress.org (including the software and archives for plugins and themes), bbPress and BuddyPress.

WordCamp developer and user conferences[]

File:WordCamp 2011 Bulgaria.jpg

A WordCamp in Sofia, Bulgaria (2011)

WordCamps are casual, locally organized conferences covering everything related to WordPress.[117] The first such event was WordCamp 2006 in August 2006 in San Francisco, which lasted one day and had over 500 attendees.[118][119] The first WordCamp outside San Francisco was held in Beijing in September 2007.[120] Since then, there have been over 1,022 WordCamps in over 75 cities in 65 different countries around the world.[117] WordCamp San Francisco 2014 was the last official annual conference of WordPress developers and users taking place in San Francisco, having now been replaced with WordCamp US.[121] First ran in 2013 as WordCamp Europe, regional WordCamps in other geographical regions are held with the aim of connecting people who aren't already active in their local communities and inspire attendees to start user communities in their hometowns.[122] In 2019, the Nordic region had its own WordCamp Nordic.[123][124] The first WordCamp Asia was to be held in 2020,[125] but cancelled due to the COVID-19 pandemic.[126]

Support[]

WordPress' primary support website is WordPress.org. This support website hosts both WordPress Codex, the online manual for WordPress and a living repository for WordPress information and documentation,[127] and WordPress Forums, an active online community of WordPress users.[128]

See also[]

  • Weblog software
  • List of content management systems
  • WordPress.com

Template:Portal bar

References[]

  1. Template:Cite web
  2. Template:Cite web
  3. 3.0 3.1 Template:Cite web
  4. Template:Cite web
  5. Template:Cite web
  6. Amir E. Sarabadani Tafreshi and Moira C. Norrie. 2017. ScreenPress: a powerful and flexible platform for networked pervasive display systems. In Proceedings of the 6th ACM International Symposium on Pervasive Displays (PerDis '17). ACM, New York, NY, USA, Article 13, 8 pages. DOI: https://doi.org/10.1145/3078810.3078813
  7. Template:Cite web
  8. Template:Cite web
  9. Template:Cite web
  10. Template:Cite web
  11. Template:Cite web
  12. Template:Cite web
  13. Template:Cite news
  14. Template:Cite web
  15. Template:Cite web
  16. Template:Cite web
  17. Template:Cite web
  18. Template:Cite web
  19. Template:Cite web
  20. 20.0 20.1 Template:Cite web
  21. 21.0 21.1 Template:Cite news
  22. Template:Cite web
  23. Template:Cite web
  24. Template:Cite web
  25. Template:Cite web
  26. Template:Cite video
  27. Template:Cite web
  28. Template:Cite web
  29. Template:Cite web
  30. Template:Cite web
  31. Template:Cite web
  32. Template:Cite web
  33. Template:Cite news
  34. Template:Cite web
  35. Template:Cite web
  36. Template:Cite web
  37. Template:Cite web
  38. Template:Cite web
  39. Template:Cite web
  40. Template:Cite web
  41. Template:Cite web
  42. Template:Cite web
  43. Template:Cite web
  44. Template:Cite web
  45. Template:Cite web
  46. Template:Cite web
  47. Template:Cite web
  48. Template:Cite web
  49. Template:Cite web
  50. Template:Cite web
  51. Template:Cite web
  52. Template:Cite web
  53. Template:Cite web
  54. Template:Cite web
  55. Template:Cite web
  56. Template:Cite web
  57. Template:Cite web
  58. Template:Cite web
  59. Template:Cite web
  60. Template:Cite web
  61. Template:Cite web
  62. Template:Cite web
  63. Template:Cite web
  64. Template:Cite web
  65. Template:Cite web
  66. Template:Cite web
  67. Template:Cite web
  68. Template:Cite web
  69. Template:Cite web
  70. Template:Cite web
  71. Template:Cite web
  72. Template:Cite web
  73. Template:Cite web
  74. Template:Cite web
  75. Template:Cite web
  76. Template:Cite web
  77. Template:Cite web
  78. Template:Cite web
  79. Template:Cite web
  80. Template:Cite web
  81. Template:Cite web
  82. Template:Cite web
  83. Template:Cite web
  84. Template:Cite web
  85. Template:Cite web
  86. Template:Cite web
  87. Template:Cite web
  88. Template:Cite web
  89. Template:Cite web
  90. Gutenberg vs Elementor: Comparing The New WordPress Block Editor To Elementor, CREATE & CODE, December 5, 2018
  91. Gutenberg vs. Elementor: ThemeIsle Actually Attempted to Build Their New Site With Both — Here’s What Happened, Elementor.com, February 6, 2020
  92. Template:Cite web
  93. Template:Cite web
  94. https://wordpress.org/plugins/classic-editor/
  95. Template:Cite web
  96. Template:Cite web
  97. Template:Cite web
  98. Template:Cite web
  99. Template:Cite web
  100. Template:Cite web
  101. Template:Cite web
  102. Template:Cite web
  103. Template:Cite web
  104. Template:Cite web
  105. Template:Cite web
  106. Template:CVE Template:Webarchive, Retrieved on July 7, 2017
  107. Common Vulnerabilities and Exposures Template:CVETemplate:Webarchive, Retrieved on July 7, 2017
  108. Barry Schwartz "Yoast WordPress SEO Plugin Vulnerable To Hackers" Template:Webarchive, Retrieved on February 13, 2016.
  109. Template:Cite news
  110. Template:Cite news
  111. 111.0 111.1 Template:Cite web
  112. 112.0 112.1 Template:Cite web
  113. Template:Cite web
  114. Template:Cite web
  115. Template:Cite web
  116. Template:Cite web
  117. 117.0 117.1 Template:Cite web
  118. Template:Cite web
  119. Template:Cite web
  120. Template:Cite web
  121. Template:Cite web
  122. Template:Cite web
  123. Template:Cite web
  124. Template:Cite web
  125. Template:Cite web
  126. Template:Cite web
  127. Template:Cite web
  128. Template:Cite web

External links[]

Template:Sisterlinks