WordPress Support
WordPress' primary support website is WordPress.org. This support website hosts both WordPress Codex, the online manual for WordPress and a living repository for WordPress information and documentation, and WordPress Forums, an active online community of WordPress users.
Wordpress WordCamp developer and user conferences
A WordCamp in Sofia, Bulgaria (2011)
WordCamps are casual, locally-organized conferences covering everything related to WordPress. The first such event was WordCamp 2006 in August 2006 in San Francisco, which lasted one day and had over 500 attendees. The first WordCamp outside San Francisco was held in Beijing in September 2007. Since then, there have been over 1,022 WordCamps in over 75 cities in 65 different countries around the world. WordCamp San Francisco 2014 was the last official annual conference of WordPress developers and users taking place in San Francisco, having now been replaced with WordCamp US. First ran in 2013 as WordCamp Europe, regional WordCamps in other geographical regions are held with the aim of connecting people who aren't already active in their local communities and inspire attendees to start user communities in their hometowns. In 2019, the Nordic region had its own WordCamp Nordic. The first WordCamp Asia was to be held in 2020, but cancelled due to the COVID-19 pandemic.
Wordpres Development and support
Key developers
Matt Mullenweg and Mike Little were co-founders of the project. The core lead developers include Helen Hou-Sandí, Dion Hulse, Mark Jaquith, Matt Mullenweg, Andrew Ozz, and Andrew Nacin.
WordPress is also developed by its community, including WP testers, a group of volunteers who test each release. They have early access to nightly builds, beta versions and release candidates. Errors are documented in a special mailing list or the project's Trac tool.
Though largely developed by the community surrounding it, WordPress is closely associated with Automattic, the company founded by Matt Mullenweg. On September 9, 2010, Automattic handed the WordPress trademark to the newly created WordPress Foundation, which is an umbrella organization supporting WordPress.org (including the software and archives for plugins and themes), bbPress and BuddyPress.
Wordpress Vulnerabilities
Many security issues have been uncovered in the software, particularly in 2007, 2008, and 2015. According to Secunia, WordPress in April 2009 had seven unpatched security advisories (out of 32 total), with a maximum rating of "Less Critical". Secunia maintains an up-to-date list of WordPress vulnerabilities.
In January 2007, many high-profile search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring AdSense, were targeted and attacked with a WordPress exploit. A separate vulnerability on one of the project site's web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.
In May 2007, a study revealed that 98% of WordPress blogs being run were exploitable because they were running outdated and unsupported versions of the software. In part to mitigate this problem, WordPress made updating the software a much easier, "one click" automated process in version 2.7 (released in December 2008). However, the filesystem security settings required to enable the update process can be an additional risk.
In a June 2007 interview, Stefan Esser, the founder of the PHP Security Response Team, spoke critically of WordPress' security track record, citing problems with the application's architecture that made it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems.
In June 2013, it was found that some of the 50 most downloaded WordPress plugins were vulnerable to common Web attacks such as SQL injection and XSS. A separate inspection of the top-10 e-commerce plugins showed that seven of them were vulnerable.
In an effort to promote better security, and to streamline the update experience overall, automatic background updates were introduced in WordPress 3.7.
Individual installations of WordPress can be protected with security plugins that prevent user enumeration, hide resources and thwart probes. Users can also protect their WordPress installations by taking steps such as keeping all WordPress installation, themes, and plugins updated, using only trusted themes and plugins, and editing the site's .htaccess configuration file if supported by the web server to prevent many types of SQL injection attacks and block unauthorized access to sensitive files. It is especially important to keep WordPress plugins updated because would-be hackers can easily list all the plugins a site uses, and then run scans searching for any vulnerabilities against those plugins. If vulnerabilities are found, they may be exploited to allow hackers to, for example, upload their own files (such as a web shell) that collect sensitive information.
Developers can also use tools to analyze potential vulnerabilities, including WPScan, WordPress Auditor and WordPress Sploit Framework developed by 0pc0deFR. These types of tools research known vulnerabilities, such as a CSRF, LFI, RFI, XSS, SQL injection and user enumeration. However, not all vulnerabilities can be detected by tools, so it is advisable to check the code of plugins, themes and other add-ins from other developers.
In March 2015, it was reported by many security experts and SEOs, including Search Engine Land, that a SEO plugin for WordPress called Yoast which is used by more than 14 million users worldwide has a vulnerability that could lead to an exploit where hackers can do a Blind SQL injection. To fix that issue they immediately introduced a newer version 1.7.4 of the same plugin to avoid any disturbance on web because of the security lapse that the plugin had.
In January 2017, security auditors at Sucuri identified a vulnerability in the WordPress REST API that would allow any unauthenticated user to modify any post or page within a site running WordPress 4.7 or greater. The auditors quietly notified WordPress developers, and within six days WordPress released a high-priority patch to version 4.7.2, which addressed the problem.
The canvas fingerprinting warning is typically given by Tor Browser for WordPress-based websites.
As of WordPress 5.2, the minimum PHP version requirement is PHP 5.6,[118] which was released on August 28, 2014, and which has been unsupported by the PHP Group and not received any security patches since December 31, 2018. Thus, WordPress recommends using PHP version 7.3 or greater.
In the absence of specific alterations to their default formatting code, WordPress-based websites use the canvas element to detect whether the browser is able to correctly render emoji. Because Tor Browser does not currently discriminate between this legitimate use of the Canvas API and an effort to perform canvas fingerprinting, it warns that the website is attempting to 'extract HTML5 canvas image data'. Ongoing efforts seek workarounds to reassure privacy advocates while retaining the ability to check for proper emoji rendering capability.
Wordpress Classic Editor Plugin
The Classic Editor Plugin was created as a result of User preferences and helped website developers maintain past plugins only compatible with WordPress 4.9.8, giving plugin developers time to get their plugins updated & compatible with the 5.0 release. Having the Classic Editor plugin installed restores the "classic" editing experience that WordPress has had up until the WordPress 5.0 release. The Classic Editor Plugin will be supported at least until 2022.
The Classic Editor plugin is active on over 5,000,000 installations of WordPress.
Wordpress 5.0 "BEBO"
The December 2018 release of WordPress 5.0, "Bebo", is named in homage to the pioneering Cuban jazz musician Bebo Valdés.
New WordPress Page Editor.png
It included a new default editor "Gutenberg" – a block-based editor; it allows users to modify their displayed content in a much more user friendly way than prior iterations. Blocks are abstract units of markup that, composed together, form the content or layout of a web page.[95] Past content that was created on WordPress pages is listed under what is referred to as a Classic Block. Prior to Gutenberg, there were several block-based editors available as WordPress plugins, e.g. Elementor, and following the release of Gutenberg Elementor was compared to existing plugins.
The History of Wordpress
b2/cafelog, more commonly known as b2 or cafelog, was the precursor to WordPress. b2/cafelog was estimated to have been installed on approximately 2,000 blogs as of May 2003. It was written in PHP for use with MySQL by Michel Valdrighi, who is now a contributing developer to WordPress. Although WordPress is the official successor, another project, b2evolution, is also in active development.
WordPress first appeared in 2003 as a joint effort between Matt Mullenweg and Mike Little to create a fork of b2. Christine Selleck Tremoulet, a friend of Mullenweg, suggested the name WordPress.
In 2004 the licensing terms for the competing Movable Type package were changed by Six Apart, resulting in many of its most influential users migrating to WordPress. By October 2009 the Open Source CMS MarketShare Report concluded that WordPress enjoyed the greatest brand strength of any open-source content management system.
As of May 2021, WordPress is used by 64.8% of all the websites whose content management system is known. This is 41.4% of the top 10 million websites.
Awards and recognition
Winner of InfoWorld's "Best of open source software awards: Collaboration", awarded in 2008. Winner of Open Source CMS Awards's "Overall Best Open Source CMS", awarded in 2009. Winner of digital synergy's "Hall of Fame CMS category in the 2010 Open Source", awarded in 2010. Winner of InfoWorld's "Bossie award for Best Open Source Software", awarded in 2011.
Winner of InfoWorld's "Best of open source software awards: Collaboration", awarded in 2008. Winner of Open Source CMS Awards's "Overall Best Open Source CMS", awarded in 2009. Winner of digital synergy's "Hall of Fame CMS category in the 2010 Open Source", awarded in 2010. Winner of InfoWorld's "Bossie award for Best Open Source Software", awarded in 2011.