wordpress widget plugins
Many security issues[12] [13] have been uncovered in the software, particularly in 2007 and 2008. According to Secunia, WordPress currently (as of April 2009[update]) has 7 unpatched security advisories (out of 32 total), with a maximum rating of "Less Critical"[14].
BlogSecurity currently maintains a list of WordPress vulnerabilities,[15] though this list currently tracks vulnerabilities only up to version 2.3. Secunia keeps a more recently updated list[16].
In January 2007, many high-profile Search engine optimization (SEO) blogs, as well as many low-profile commercial blogs featuring AdSense, were targeted and attacked with a WordPress exploit.[17] A separate vulnerability on one of the project site's web servers allowed an attacker to introduce exploitable code in the form of a back door to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.[18]
In May 2007, a study revealed that 98% of WordPress blogs being run were exploitable because they were running outdated and unsupported versions of the software.[19]
In a June 2007 interview, Stefen Esser, the founder of the PHP Security Response Team, spoke critically of WordPress's security track record, citing problems with the application's architecture that make it unnecessarily difficult to write code that is secure from SQL injection vulnerabilities, as well as some other problems.[20]
Multi-blogging
WordPress supports one weblog per installation, although multiple concurrent copies may be run from different directories if configured to use separate database tables.
WordPress Multi-User (WordPress MU, a.k.a. WPMU) is a fork of WordPress created to allow simultaneous blogs to exist within one installation. WordPress MU makes it possible for anyone with a website to host their own blogging community, control, and moderate all the blogs from a single dashboard. WordPress MU adds eight new data tables for each blog.
Matt Mullenweg announced that WordPress MU would be merged with WordPress as part of a future release.[21]
Lyceum is another enterprise-edition of WordPress. Unlike WordPress MU, Lyceum stores all of its information in a set number of database tables. Notable communities that use Lyceum are TeachFor.Us[22] (Teach For America teachers' blogs), BodyBlogs and the Hopkins Blogs.
In 2008 Andy Peatling joined Automattic to continue his work on BuddyPress - a plug-in extension of WPMU that is adding missing community features to WordPress[23].
[edit] Developers
WordPress development is led by Ryan Boren and Matt Mullenweg. Mullenweg and Mike Little were co-founders of the project.
The contributing developers include:
- Dougal Campbell
- Mark Jaquith
- Donncha Ó Caoimh
- Andy Skelton
- Michel Valdrighi
- Peter Westwood
Though much developed by the community surrounding it, WordPress is closely associated with Automattic, where some of WordPress's main contributing developers are employees.
About the Author: