1. Overview of WordPress

Uncategorized

Overview

WordPress is one of the most common dynamic open source content management systems (CMS) all over the world.

The market share of WordPress in CMS related websites are around 64%.  And over 40% of top 10 million websites are using WordPress.

It is based on PHP and MySQL.

It is licensed under the Gnu Public License (GPL) version.

WordPress is led by Matt Mullenweg, and the core leadership team.

We will discuss more details in the next posts.

WordPress Requirement

  • >= PHP 7.4
  • >= MySQL 5.6 or >=MariaDB 10.1
  • HTTPS Support
  • Apache or Nginx with mod_rewrite module

* It also works with older PHP or MySQL versions, but it may cause some security vulnerabilities.

* Current WordPress Version: 5.8 – (Added Query Loop Block Feature)

wordpress.com vs wordpress.org

When we say “wordpress”, normally we are talking about “wordpress.org”.

WordPress.org is the so-called self hosted software.  It means it is free and open source.   “Free” means you are completely free to develop and control over all the data and code.  You can integrate your own custom theme and plugins to your websites.

However, more freedom also has more cons.  You need to take care of your own site security.  You need to find your own hosting provider.  You need to update and maintain your theme and plugin.

WordPress.com is one of the implementations of wordpress software.  It is easy to install, especially for beginners.  WordPress.com takes care of all the security issues and updates.

However, as it is easy to install and some of the responsibilities are taken care by wordpress.com, it also has lots of limitations.  You cannot control your data.  You cannot develop your own code.  You cannot upload custom theme and plugins unless you choose the business package.  The business package is much more  expensive.

Default WordPress Theme

Twenty Twenty-One

WordPress History

2021. Version: 5.9, 5.8, 5.7

2020. Version: 5.6, 5.5, 5.4

2019.  Version: 5.3, 5.2, 5.1

2014-2018.  Version: 5.0-4.0

2010-2014.  Version: 4.0-3.0

2005-2009.  Version: 2.0-3.0

2004-2005.  Version: .0-2.0

2003.  Version: 0.7

V2001. Initial Version

* Major Version (2 digit – for example 3.5, 4.6) + Minor Version (3 digit – for example 3.5.1, 5.4.1)

* Backward Compatibility: the old plugin/theme code can still be used in the new version of WordPres

* Since 3.7, WordPress has automatic background updated for security releases.  (You may remove this feature through a code change in configuration file, but this feature is strongly recommended.  )

WordPress Features

  • Simplicity: it is very easy to use for beginner and amateurs, also has the under-the-hook advanced features for professional developers
  • Flexibility:  it can create nearly all kinds of websites.
  • Easy to Publish + Publish Tools: one button click to publish, preview posts, publish or private or draft, schedule post, restore revisions, automatically saves your work
  • Different Level of User Managements
  • Media Library
  • In Compliance with W3C Standards, acceptable by today’s browser
  • Theme + Plugins
  • Built-in Comments
  • Search Engine Optimized
  • Multiple Languages
  • Multisite: A single WordPress Installation to maintain multiple sites
  • Easy installation and Upgrades
  • Data Import/Export: You own your own data
  • Publish Anywhere: Desktop, mobile application, even post by email (there is plugin)
  • Clearly Organized Structure:  Archive by year, by month by author, by category; Everything, every words can be searched from the website, readable URL/permalinks
  • Freedom
  • Community
  • Support Pingback and Traceback

WordPress Developer Features

  • Theme + Plugin Custom Development
  • Application Framework (Translations, databases, http requests, user management, URL routing, etc.)
  • Custom Content Types, Taxonomies, and Metadata

WordPress Security

  1. Injection Risks: There may be some unauthorized code injected into the database.  WordPress is prone to have SQL injection risks because the input and output data is not sanitized and validated properly.  (The data includes media files, URLs, HTTP headers, etd )
  2. Brute Force Attack and Broken Authentication: A common hacker attack is from the wp-login.php and enter the admin and password.
  3. XSS (Cross Site Scripting) Risks: Use scripting language (Eg. Javascript) on the client side, to steal cookie, session tokens, or other data.
  4. IDOR (Insecure Direct Object Reference) Risks: For example, http://www.yourdomain.com/postname?id=3333, hackers may try other id numbers to steal other account information.  To resolve this issue, we need to strict access control.
  5. Data Exposure / Data Breach: Choose the secure WordPress professional hosting.  Use strong password.
  6. CSRF (Cross Site Request Forgery) / SSRF (Server Side Request Forgery) and Nonces Threat: This is usually caused by using unsecured plugins without using nonces.  Hacker trick users to do something they do not intend to do.  Hackers will get full control of your website through this way.  Also hackers can make Goggle blacklist your website and hosting server may even suspend your website!
  7. XXE (XML eXternal Entity) processing attacks: Attackers can interfere the website during the XML data process. They use this way to interact with files in the backend system.
(Visited 12 times, 1 visits today)