WordPress (WordPress.org) is a free and open-source content management system (CMS) based on PHP & MySQL. Features include a plugin architecture and a template system. It is most associated with blogging but supports other types of web content including more traditional mailing lists and forums, media galleries, and online stores. Used by more than 60 million websites, including 33.6% of the top 10 million websites as of April 2019, WordPress is the most popular website management system in use. WordPress has also been used for other application domains such as pervasive display systems (PDS).
The software is released under the GPLv2 (or later) license. To function, WordPress has to be installed on a web server, either part of an Internet hosting service or a computer running the software package WordPress.org in order to serve as a network host in its own right. A local computer may be used for single-user testing and learning purposes.
“WordPress is a factory that makes webpages” is a core analogy designed to clarify what WordPress is & does. It stores your content that allows you to create & publish webpages only requiring a domain and a hosting site to work. WordPress has a web template system using a template processor. Its architecture is a front controller, routing all requests for non-static URIs to a single PHP file which parses the URI and identifies the target page. This allows support for more human-readable permalinks.
WordPress users may install and switch among different themes. Themes allow users to change the look and functionality of a WordPress website without altering the core code or site content. Every WordPress website requires at least one theme to be present and every theme should be designed using WordPress standards with structured PHP, valid HTML (HyperText Markup Language), and Cascading Style Sheets (CSS). Themes may be directly installed using the WordPress “Appearance” administration tool in the dashboard, or theme folders may be copied directly into the themes directory, for example via FTP. The PHP, HTML and CSS found in themes can be directly modified to alter theme behavior, or a theme can be a “child” theme which inherits settings from another theme and selectively overrides features. WordPress themes are generally classified into two categories: free and premium. Many free themes are listed in the WordPress theme directory, and premium themes are available for purchase from marketplaces and individual WordPress developers. WordPress users may also create and develop their own custom themes. The free theme Underscores created by the WordPress developers has become a popular basis for new themes.
WordPress’ plugin architecture allows users to extend the features and functionality of a website or blog. As of February 2019, WordPress.org has 54,402 plugins available, each of which offers custom functions and features enabling users to tailor their sites to their specific needs. However, this does not include the premium plugins that are available (approximately 1,500+), which may not be listed in the WordPress.org repository. These customizations range from search engine optimization, to client portals used to display private information to logged in users, to content management systems, to content displaying features, such as the addition of widgets and navigation bars. Not all available plugins are always abreast with the upgrades and as a result they may not function properly or may not function at all. Most plugins are available through WordPress themselves, either via downloading them and installing the files manually via FTP or through the WordPress dashboard. However, many third parties offer plugins through their own websites, many of which are paid packages. Web developers who wish to develop plugins need to learn WordPress’ hook system which consists of over 300 hooks divided into two categories: action hooks and filter hooks.
Native applications exist for WebOS, Android, iOS (iPhone, iPod Touch, iPad), Windows Phone, and BlackBerry. These applications, designed by Automattic, have options such as adding new blog posts and pages, commenting, moderating comments, replying to comments in addition to the ability to view the stats.
WordPress also features integrated link management; a search engine–friendly, clean permalink structure; the ability to assign multiple categories to posts; and support for tagging of posts. Automatic filters are also included, providing standardized formatting and styling of text in posts (for example, converting regular quotes to smart quotes). WordPress also supports the Trackback and Pingback standards for displaying links to other sites that have themselves linked to a post or an article. WordPress posts can be edited in HTML, using the visual editor, or using one of a number of plugins that allow for a variety of customized editing features.
Multi-user and multi-blogging
Prior to version 3, WordPress supported one blog per installation, although multiple concurrent copies may be run from different directories if configured to use separate database tables. WordPress Multisites (previously referred to as WordPress Multi-User, WordPress MU, or WPMU) was a fork of WordPress created to allow multiple blogs to exist within one installation but is able to be administered by a centralized maintainer. WordPress MU makes it possible for those with websites to host their own blogging communities, as well as control and moderate all the blogs from a single dashboard. WordPress MS adds eight new data tables for each blog. As of the release of WordPress 3, WordPress MU has merged with WordPress.
Individual installations of WordPress can be protected with security plugins that prevent user enumeration, hide resources and thwart probes. Users can also protect their WordPress installations by taking steps such as keeping all WordPress installation, themes, and plugins updated, using only trusted themes and plugins, editing the site’s .htaccess file to prevent many types of SQL injection attacks and block unauthorized access to sensitive files. It is especially important to keep WordPress plugins updated because would-be hackers can easily list all the plugins a site uses, and then run scans searching for any vulnerabilities against those plugins. If vulnerabilities are found, they may be exploited to allow hackers to upload their own files (such as a PHP Shell script) that collect sensitive information. Developers can also use tools to analyze potential vulnerabilities, including WPScan, WordPress Auditor and WordPress Sploit Framework developed by 0pc0deFR. These types of tools research known vulnerabilities, such as a CSRF, LFI, RFI, XSS, SQL injection and user enumeration. However, not all vulnerabilities can be detected by tools, so it is advisable to check the code of plugins, themes and other add-ins from other developers.
WordPress’ primary support website is WordPress.org. This support website hosts both WordPress Codex, the online manual for WordPress and a living repository for WordPress information and documentation, and WordPress Forums, an active online community of WordPress users.
Try WordPress risk-free on REPNAM!