|Initial release||May 27, 2003|
|Stable release||4.4.2 (February 2, 2016[±])|
|Preview release||4.4.2 (February 2, 2016[±])|
|Type||Blog software, Content Management System, Content Management Framework|
WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. WordPress is installed on a web server, which either is part of an Internet hosting service or is a network host itself; the first case may be on a service like WordPress.com, for example, and the second case is a computer running the software package WordPress.org. An example of the second case is a local computer configured to act as its own web server hosting Wordpress for single-user testing or learning purposes. Features include a plugin architecture and a template system. WordPress was used by more than 23.3% of the top 10 million websites as of January 2015[update]. WordPress is the most popular blogging system in use on the Web, at more than 60 million websites.
It was released on May 27, 2003, by its founders, Matt Mullenweg and Mike Little, as a fork of b2/cafelog. The license under which WordPress software is released is the GPLv2 (or later) from the Free Software Foundation.
- 1 Overview
- 2 Multi-user and multi-blogging
- 3 Migration/wp-config.php
- 4 History
- 5 Future
- 6 Vulnerabilities
- 7 Development and support
- 8 See also
- 9 References
- 10 External links
WordPress users may install and switch between themes. Themes allow users to change the look and functionality of a WordPress website and they can be installed without altering the content or health of the site. Every WordPress website requires at least one theme to be present and every theme should be designed using WordPress standards with structured PHP, valid HTML and Cascading Style Sheets (CSS). Themes may be directly installed using the WordPress "Appearance" administration tool in the dashboard or theme folders may be uploaded via FTP. The PHP, HTML (HyperText Markup Language) and CSS code found in themes can be added to or edited for providing advanced features. WordPress themes are in general classified into two categories, free themes and premium themes. All the free themes are listed in the WordPress theme directory and premium themes should be purchased from marketplaces and individual WordPress developers. WordPress users may also create and develop their own custom themes if they have the knowledge and skill to do so. If WordPress users do not have themes development knowledge then they may download and use free WordPress themes from wordpress.org.
WordPress's plugin architecture allows users to extend the features and functionality of a website or blog. WordPress has over 40,501 plugins available, each of which offers custom functions and features enabling users to tailor their sites to their specific needs. These customizations range from search engine optimization, to client portals used to display private information to logged in users, to content management systems, to content displaying features, such as the addition of widgets and navigation bars. But not all available plugins are always abreast with the upgrades and as a result they may not function properly or may not function at all. Plugins transform WordPress into a powerful CMS and can be used for any kind of websites, not only blogs. WordPress encourages developers to submit a plugin, either free or paid, to the depository subject to a manual review.
Native applications exist for WebOS, Android, iOS (iPhone, iPod Touch, iPad), Windows Phone, and BlackBerry. These applications, designed by Automattic, allow a limited set of options, which include adding new blog posts and pages, commenting, moderating comments, replying to comments in addition to the ability to view the stats.
WordPress also features integrated link management; a search engine–friendly, clean permalink structure; the ability to assign multiple categories to articles; and support for tagging of posts and articles. Automatic filters are also included, providing standardized formatting and styling of text in articles (for example, converting regular quotes to smart quotes). WordPress also supports the Trackback and Pingback standards for displaying links to other sites that have themselves linked to a post or an article. WordPress blog posts can be edited in HTML, using the visual editor, or using one of a number of plugins that allow for a variety of customized editing features.
Multi-user and multi-blogging
Prior to version 3, WordPress supported one blog per installation, although multiple concurrent copies may be run from different directories if configured to use separate database tables. WordPress Multisites (previously referred to as WordPress Multi-User, WordPress MU, or WPMU) was a fork of WordPress created to allow multiple blogs to exist within one installation but is able to be administered by a centralized maintainer. WordPress MU makes it possible for those with websites to host their own blogging communities, as well as control and moderate all the blogs from a single dashboard. WordPress MS adds eight new data tables for each blog.
As of the release of WordPress 3, WordPress MU has merged with WordPress.
WordPress makes migration from one server to another relatively simple due to its use of a configuration file (wp-config.php, usually located in your root). This file controls the base settings for a WordPress website including (but not limited to) your database connection settings. Due to the use of a configuration file, migrating from one server to another can be accomplished by the following basic steps:
- Download a copy of the WordPress files/folders (e.g. via FTP).
- Download a copy of the associated database (view the 'DB_NAME' row in the wp-config.php for the associated database to back up).
- Upload the files/folders to the new server.
- Create a new database on the new server and import the sql backup.
- Update the wp-config.php database fields to reflect.
b2/cafelog, more commonly known as b2 or cafelog, was the precursor to WordPress. b2/cafelog was estimated to have been installed on approximately 2,000 blogs as of May 2003. It was written in PHP for use with MySQL by Michel Valdrighi, who is now a contributing developer to WordPress. Although WordPress is the official successor, another project, b2evolution, is also in active development.
WordPress first appeared in 2003 as a joint effort between Matt Mullenweg and Mike Little to create a fork of b2. Christine Selleck Tremoulet, a friend of Mullenweg, suggested the name WordPress.
In 2004 the licensing terms for the competing Movable Type package were changed by Six Apart, resulting in many of its most influential users migrating to WordPress. By October 2009 the Open Source CMS MarketShare Report concluded that WordPress enjoyed the greatest brand strength of any open-source content management system.
As of January 2015, more than 23.3% of the top 10 million websites now use WordPress.
|Legend:||Old version||Older version, still supported||Current version||Latest preview version||Future release|
|Version||Code name||Release date||Notes|
|Old version, no longer supported: 0.7||none||27 May 2003||Used the same file structure as its predecessor, b2/cafelog, and continued the numbering from its last release, 0.6. Only 0.71-gold is available for download in the official WordPress Release Archive page.|
|Old version, no longer supported: 1.0||Davis||3 January 2004||Added search engine friendly permalinks, multiple categories, dead simple installation and upgrade, comment moderation, XFN support, Atom support.|
|Old version, no longer supported: 1.2||Mingus||22 May 2004||Added support of Plugins; which same identification headers are used unchanged in WordPress releases as of 2011[update].|
|Old version, no longer supported: 1.5||Strayhorn||17 February 2005||Added a range of vital features, such as ability to manage static pages and a template/Theme system. It was also equipped with a new default template (code named Kubrick). designed by Michael Heilemann.|
|Old version, no longer supported: 2.0||Duke||31 December 2005||Added rich editing, better administration tools, image uploading, faster posting, improved import system, fully overhauled the back end, and various improvements to Plugin developers.|
|Old version, no longer supported: 2.1||Ella||22 January 2007||Corrected security issues, redesigned interface, enhanced editing tools (including integrated spell check and auto save), and improved content management options.|
|Old version, no longer supported: 2.2||Getz||16 May 2007||Added widget support for templates, updated Atom feed support, and speed optimizations.|
|Old version, no longer supported: 2.3||Dexter||24 September 2007||Added native tagging support, new taxonomy system for categories, and easy notification of updates, fully supports Atom 1.0, with the publishing protocol, and some much needed security fixes.|
|Old version, no longer supported: 2.5||Brecker||29 March 2008||Major revamp to the dashboard, dashboard widgets, multi-file upload, extended search, improved editor, improved plugin system and more.|
|Old version, no longer supported: 2.6||Tyner||15 July 2008||Added new features that made WordPress a more powerful CMS: it can now track changes to every post and page and allow easy posting from anywhere on the web.|
|Old version, no longer supported: 2.7||Coltrane||11 December 2008||Administration interface redesigned fully, added automatic upgrades and installing plugins, from within the administration interface.|
|Old version, no longer supported: 2.8||Baker||10 June 2009||Added improvements in speed, automatic installing of themes from within administration interface, introduces the CodePress editor for syntax highlighting and a redesigned widget interface.|
|Old version, no longer supported: 2.9||Carmen||19 December 2009||Added global undo, built-in image editor, batch plugin updating, and many less visible tweaks.|
|Old version, no longer supported: 3.0||Thelonious||17 June 2010||Added a new theme APIs, merge WordPress and WordPress MU, creating the new multi-site functionality, new default theme "Twenty Ten" and a refreshed, lighter admin UI.|
|Old version, no longer supported: 3.1||Reinhardt||23 February 2011||Added the Admin Bar, which is displayed on all blog pages when an admin is logged in, and Post Format, best explained as a Tumblr like micro-blogging feature. It provides easy access to many critical functions, such as comments and updates. Includes internal linking abilities, a newly streamlined writing interface, and many other changes.|
|Old version, no longer supported: 3.2||Gershwin||4 July 2011||Focused on making WordPress faster and lighter. Released only four months after version 3.1, reflecting the growing speed of development in the WordPress community.|
|Old version, no longer supported: 3.3||Sonny||12 December 2011||Focused on making WordPress friendlier for beginners and tablet computer users.|
|Old version, no longer supported: 3.4||Green||13 June 2012||Focused on improvements to Theme customization, Twitter integration and several minor changes.|
|Old version, no longer supported: 3.5||Elvin||11 December 2012||Support for the Retina Display, color picker, new default theme "Twenty Twelve", improved image workflow.|
|Old version, no longer supported: 3.6||Oscar||1 August 2013||New default theme "Twenty Thirteen", admin enhancements, post formats UI update, menus UI improvements, new revision system, autosave and post locking.|
|Older version, yet still supported: 3.7||Basie||24 October 2013||Automatically apply maintenance and security updates in the background, stronger password recommendations, support for automatically installing the right language files and keeping them up to date.|
|Older version, yet still supported: 3.8||Parker||12 December 2013||Improved admin interface, responsive design for mobile devices, new typography using Open Sans, admin color schemes, redesigned theme management interface, simplified main dashboard, Twenty Fourteen magazine style default theme, second release using "Plugin-first development process".|
|Older version, yet still supported: 3.9||Smith||16 April 2014||Improvements to editor for media, live widget and header previews, new theme browser.|
|Older version, yet still supported: 4.0||Benny||4 September 2014||Improved media management, embeds, writing interface, and plugin discovery.|
|Older version, yet still supported: 4.1||Dinah||18 December 2014||Twenty Fifteen as the new default theme, distraction-free writing, easy language switch, Vine embeds and plugin recommendations.|
|Older version, yet still supported: 4.2||Powell||23 April 2015||New "Press This" features, improved characters support, emoji support, improved customizer, new embeds and updated plugin system.|
|Older version, yet still supported: 4.3||Billie||18 August 2015||Focus on mobile experience, better passwords and improved customizer.|
|Current stable version: 4.4||Clifford||8 December 2015||Introduction of Twenty Sixteen theme, and improved responsive images and embeds.|
|Future release: 4.5||TBA||12 April 2016|
Many security issues have been uncovered in the software, particularly in 2007 and 2008. According to Secunia, WordPress in April 2009 had 7 unpatched security advisories (out of 32 total), with a maximum rating of "Less Critical". Secunia maintains an up-to-date list of WordPress vulnerabilities.
In January 2007, many high profile search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring AdSense, were targeted and attacked with a WordPress exploit. A separate vulnerability on one of the project site's web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.
In May 2007, a study revealed that 98% of WordPress blogs being run were exploitable because they were running outdated and unsupported versions of the software. In part to mitigate this problem, WordPress made updating the software a much easier, "one click" automated process in version 2.7 (released in December 2008). However, the filesystem security settings required to enable the update process can be an additional risk.
In a June 2007 interview, Stefan Esser, the founder of the PHP Security Response Team, spoke critically of WordPress's security track record, citing problems with the application's architecture that made it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems.
In June 2013, it was found that some of the 50 most downloaded WordPress plugins were vulnerable to common Web attacks such as SQL injection and XSS. A separate inspection of the top-10 e-commerce plugins showed that 7 of them were vulnerable.
In an effort to promote better security, and to streamline the update experience overall, automatic background updates were introduced in WordPress 3.7.
Individual installations of WordPress can be protected with security plugins that prevent user enumeration, hide resources and thwart probes. Users can also protect their WordPress installations by taking steps such as keeping all WordPress installation, themes, and plugins updated, using only trusted themes and plugins, editing the site's .htaccess file to prevent many types of SQL injection attacks and block unauthorized access to sensitive files. It is especially important to keep WordPress plugins updated because would-be hackers can easily list all the plugins a site uses, and then run scans searching for any vulnerabilities against those plugins. If vulnerabilities are found, they may be exploited to allow hackers to upload their own files (such as a PHP Shell script) that collect sensitive information.
Developers can also use tools to analyze potential vulnerabilities, including wpscan, Wordpress Auditor and Wordpress Sploit Framework developed by 0pc0deFR. These types of tools research known vulnerabilities, such as a CSRF, LFI, RFI, XSS, SQL injection and user enumeration. However, not all vulnerabilities can be detected by tools, so it is advisable to check the code of plugins, themes and other add-ins from other developers.
WordPress's minimum PHP version requirement is PHP 5.2, which was released on 6 January 2006, 10 years ago, and which has been unsupported by the PHP Group and not received any security patches since 6 January 2011, 5 years ago.
Development and support
WordPress is also developed by its community, including WP testers, a group of volunteers who test each release. They have early access to nightly builds, beta versions and release candidates. Errors are documented in a special mailing list, or the project's Trac tool.
Though largely developed by the community surrounding it, WordPress is closely associated with Automattic, the company founded by Matt Mullenweg. On September 9, 2010, Automattic handed the WordPress trademark to the newly created WordPress Foundation, which is an umbrella organization supporting WordPress.org (including the software and archives for plugins and themes), bbPress and BuddyPress.
WordCamp developer and user conferences
WordCamps are casual, locally organized conferences covering everything related to WordPress. The first such event was WordCamp 2006 in August 2006 in San Francisco, which lasted one day and had over 500 attendees. The first WordCamp outside San Francisco was held in Beijing in September 2007. Since then, there have been over 507 WordCamps in over 207 cities in 48 different countries around the world. WordCamp San Francisco 2014 was the last official annual conference of WordPress developers and users taking place in San Francisco, having now been replaced with WordCamp US.
WordPress's primary support website is WordPress.org. This support website hosts both WordPress Codex, the online manual for WordPress and a living repository for WordPress information and documentation, and WordPress Forums, an active online community of WordPress users.
- Mullenweg, Matt. "WordPress Now Available". WordPress. Retrieved 2010-07-22.
- Jorbin, Aaron (2016-02-02). "WordPress 4.4.2 Security and Maintenance Release". WordPress. Retrieved 2016-02-02.
- "WordPress: About: GPL". WordPress.org. Retrieved 15 June 2010.
- "WordPress Web Hosting". WordPress. Retrieved 21 May 2013.
- "Support disaggregating WordPress.com and WordPress.org". WordPress.com. Retrieved January 2016.
- "How to Install WordPress". wpbeginner. Retrieved 18 December 2015.
- "How to Install WordPress on your Windows Computer Using WAMP". wpbeginner. Retrieved 18 December 2015.
- "Usage Statistics and Market Share of Content Management Systems for Websites". W3Techs. January 2015. Retrieved January 2015.
- "CMS Usage Statistics". BuiltWith. Retrieved 2013-08-01.
- Coalo, J.J (5 September 2012). "With 60 Million Websites, WordPress Rules The Web. So Where's The Money?". Forbes. Retrieved 2016-02-03.
- "Commit number 8". Retrieved 2016-02-03.
- "WordPress › About » License". Wordpress.org. Retrieved 2014-06-30.
- "Theme Installation". Codex.wordpress.org. 2013-04-09. Retrieved 2013-04-26.
- "WordPress > WordPress Plugins". WordPress.org. Retrieved 2015-10-05.
- "WordPress custom meta boxes and custom fields plugin". 2014-03-01. Retrieved 2014-03-01.
- "Pros and Cons of Wordpress". 2014-09-14. Retrieved 2014-10-21.
- "WordPress Plugin Repository - A Guide". 2015-09-22. Retrieved 2015-10-25.
- "WordPress for WebOS". WordPress. Retrieved 2012-03-06.
- "WordPress publishes native Android application". Android and Me. 2010-02-02. Retrieved 2010-06-15.
- "Idea: WordPress App For iPhone and iPod Touch". WordPress iPhone & iPod Touch. 2008-07-12.
- "18 Million WordPress Blogs Land on the iPad". ReadWriteWeb. March 24, 2011.
- "WordPress for BlackBerry". WordPress. Retrieved 2009-12-27.
- "MultiSite In WordPress 3.0". Deluxe Blog Tips. 2010-05-03.
- "WordPress 3.0 "Thelonious"". WordPress.org. 2010-06-17. Retrieved 2011-12-18.
- "Editing wp-config.php". WordPress.org. Retrieved 2016-01-12.
- "Moving WordPress to a new server". SquirrelHosting.co.uk. 2014-03-17. Retrieved 2016-01-12.
- Andrew Warner, Matt Mullenweg (2009-09-10). The Biography Of WordPress – With Matt Mullenweg (MPEG-4 Part 14) (Podcast). Mixergy. Event occurs at 10:57. Retrieved 2009-09-28.
b2 had actually, through a series of circumstances, essentially become abandoned.
- Valdrighi, Michel. "b2 test weblog - post dated 23.05.03". Retrieved 9 May 2013.
- "History - WordPress Codex". WordPress.org. Retrieved 29 March 2012.
- Silverman, Dwight (24 January 2008). "The importance of being Matt". Houston Chronicle. Retrieved 14 August 2014.
- Tremoulet, Christine Selleck (24 January 2008). "The Importance of Being Matt…". Christine Selleck Tremoulet. Retrieved 29 March 2012.
- Manjoo, Farhad (9 August 2004). "Blogging grows up". Salon. Retrieved 29 March 2012.
- Pilgrim, Mark (14 May 2004). "Freedom 0". Mark Pilgrim. Archived from the original on 10 April 2006. Retrieved 29 March 2012.
- "2009 Open Source CMS Market Share Report, page 57, by water&stone and CMSWire Oct, 2009". CMSWire. 2009-12-17. Retrieved 2010-06-15.
- "Beginner’s Guide to Starting a WordPress Blog". Retrieved 15 November 2015.
- "Roadmap". Blog. WordPress.org. Retrieved 2010-06-15.
- "WordPress Blog: WordPress 0.7". WordPress.org. Retrieved 2003-05-27.
- "Cafelog". Retrieved 2011-05-15.
- "WordPress Blog: WordPress 1.0". WordPress.org. Retrieved 2004-01-03.
- "WordPress Blog: WordPress 1.2". WordPress.org. Retrieved 2004-05-22.
- "WordPress Blog: WordPress 1.5". WordPress.org. Retrieved 2005-02-17.
- "Kubrick at Binary Bonsai". Binarybonsai.com. Retrieved 2010-06-15.
- "WordPress Blog: WordPress 2.0". WordPress.org. Retrieved 2005-12-31.
- "WordPress Blog: WordPress 2.1". WordPress.org. Retrieved 2007-01-22.
- "WordPress Blog: WordPress 2.2". WordPress.org. Retrieved 2007-05-16.
- "WordPress Blog: WordPress 2.3". WordPress.org. Retrieved 2007-09-24.
- "WordPress Blog: WordPress 2.5". WordPress.org. Retrieved 2008-03-29.
- "WordPress Blog: WordPress 2.6". WordPress.org. Retrieved 2008-06-15.
- "WordPress Blog: WordPress 2.7". WordPress.org. Retrieved 2008-12-11.
- "WordPress Blog: WordPress 2.8". WordPress.org. Retrieved 2009-06-10.
- "WordPress Blog: WordPress 2.9". WordPress.org. Retrieved 2009-12-19.
- "WordPress Blog: WordPress 3.0". WordPress.org. Retrieved 2010-06-17.
- "WordPress Blog: WordPress 3.1". WordPress.org. Retrieved 2011-02-25.
- "WordPress Blog: WordPress 3.2". WordPress.org. Retrieved 2011-06-04.
- "WordPress Blog: WordPress 3.3". WordPress.org. Retrieved 2011-12-12.
- "WordPress Blog: WordPress 3.4". WordPress.org. Retrieved 2012-06-13.
- "WordPress Blog: WordPress 3.5". WordPress.org. Retrieved 2012-12-11.
- "WordPress Blog: WordPress 3.6". WordPress.org. Retrieved 2013-08-01.
- "WordPress Blog: WordPress 3.7". WordPress.org. Retrieved 2013-10-24.
- "WordPress Blog: WordPress 3.8". WordPress.org. Retrieved 2013-12-12.
- "WordPress Blog: WordPress 3.9". WordPress.org. Retrieved 2014-04-16.
- "WordPress Blog: WordPress 4.0". WordPress.org. Retrieved 2014-09-04.
- "WordPress Blog: WordPress 4.1". WordPress.org. Retrieved 2014-12-18.
- "WordPress Blog: WordPress 4.2". WordPress.org. Retrieved 2015-04-23.
- "WordPress Blog: WordPress 4.3". WordPress.org. Retrieved 2015-08-18.
- "WordPress Blog: WordPress 4.4". WordPress.org. Retrieved 2015-12-08.
- "Version 4.5 Project Schedule". Retrieved 2016-01-21.
- "Radically Simplified WordPress". Ma.tt. Retrieved 2015-03-11.
- "Matt Mullenweg: State of the Word 2013". Wordpress.tv. Retrieved 2015-03-11.
- "Wincent Colaiuta". Wincent.com. 2007-06-21. Retrieved 2015-03-11.
- "David Kierznowski". Blogsecurity.net. 2007-06-28. Retrieved 2015-03-11.
- "Secunia Advisories for WordPress 2.x". Secunia.com. 2009-04-07. Retrieved 2015-03-11.
- "Secunia WordPress 2.x Vulnerability Report". Secunia.com. Retrieved 2010-06-15.
- "Secunia WordPress 3.x Vulnerability Report". Secunia.com. Retrieved 2010-12-27.
- "WordPress Exploit Nails Big Name Seo Bloggers". Threadwatch.org. Retrieved 2011-12-18.
- "WordPress 2.1.1 dangerous, Upgrade to 2.1.2". WordPress.org. 2 March 2007. Retrieved 2007-03-04.
- "Survey Finds Most WordPress Blogs Vulnerable". Blog Security. 2007-05-23. Retrieved 2010-06-15.
- "Updating WordPress". WordPress Codex. Retrieved 2012-09-25.
- "Yet another WordPress release". 2009-08-13. Retrieved 2012-09-24.
- "Interview with Stefan Esser". BlogSecurity. 2007-06-28. Retrieved 2010-06-15.
- Robert Westervelt (2013-06-18). "Popular WordPress E-Commerce Plugins Riddled With Security Flaws - Page: 1". CRN. Retrieved 2015-03-11.
- "Configuring Automatic Background Updates « WordPress Codex". Codex.wordpress.org. Retrieved 2014-06-30.
- Ward, Simon (9 July 2012). "Original Free WordPress Security Infographic by Pingable". Pingable. Retrieved 28 October 2012.
- "How To Scan Wordpress Like A Hacker".
- "How To Manually Update Wordpress Plugins".
- "Top 5 WordPress Vulnerabilities and How to Fix Them". eSecurityPlanet.com. 2012-04-20. Retrieved 2012-04-20.
- "WordPress › About » Requirements". wordpress.org. Retrieved 2015-12-30.
- "Unsupported Branches". php.net. Retrieved 2015-11-14.
- "About WordPress". wordpress.org. Retrieved 2015-03-18.
- "Core Team". codex.wordpress.org. Retrieved 2015-08-27.
- "Installing WordPress". August 2014.
- "WordCamp Central > About". Central.wordcamp.org. Retrieved 2015-10-28.
- "WordCamp 2006". 2006.wordcamp.org. Retrieved 2011-12-18.
- "WordCamp 2011". 2011.sf.wordcamp.org. Retrieved 2011-12-18.
- "WordCamp Central > Schedule". Central.wordcamp.org. Retrieved 2011-12-18.
- "WordCamp SF Announced (not WordCon) | WordCamp Central". Central.wordcamp.org. 2011-01-24. Retrieved 2015-03-11.
- "Most Frequently Used Free WordPress Plugins 2014". ThemesRefinery. 2014-06-20. Retrieved 2015-03-11.
- "WordPress Codex". WordPress.org. Retrieved 2014-03-13.
- "WordPress Forums". WordPress.org. Retrieved 2014-03-13.
- "WordPress Performance". yourescapefrom9to5.com. Retrieved 2015-05-13.
Find more about
at Wikipedia's sister projects
|Media from Commons|
|Textbooks from Wikibooks|
|Learning resources from Wikiversity|
|Data from Wikidata|