CMS WordPress free content management system: templates
CMS WordPress is a free, open source content management system based on PHP and MySQL. Features include plugin architecture and template system. This platform is most associated with blogs, but it also supports other types of web content, including more traditional mailing lists and forums, media galleries and online stores. WordPress is used on more than 60 million sites, including 30.6% of the top 10 million web resources as of April 2018. WordPress is the most popular site management system in the world. This engine has also been used for other application areas, such as broadcast mapping systems (PDS).
What is WordPress?
WordPress was first released on May 27, 2003 by Matt Mullenweg and Mike Little as the basis for b2 / cafelog. The software was released under the GPLv2 license (or later version). To function, WordPress must be installed on a web server, be it part of an internet hosting service or a computer as a network host.A local computer can also be used for single-user testing and training.
How it works?
What is WordPress from a technical point of view? WordPress has its own template system using a processor. Its architecture is a front controller that routes all non-static URI requests to a single PHP file, which analyzes the URI and identifies the landing page. This allows you to maintain more readable constants.
CMS WordPress users can set and switch between different themes. They allow you to change the appearance and functionality of the site without changing the main code or content. Each site requires at least one theme, and each one must be designed using WordPress standards with structured PHP, valid HTML (HyperText Markup Language) and cascading style sheets (CSS).
CMS WordPress themes or templates can be directly installed using the Appearance administration tool located in the control panel. In addition, folders with them can be copied to a directory (for example, via FTP). The PHP, HTML and CSS codes contained in the themes can be directly modified to change them. In addition, any topic can be a child, that is, the inheriting setting from another.
CMS WordPress themes are usually divided into two categories: free and bonus. The first ones are listed in the corresponding engine catalog, and premium options are available for purchase from individual developers. WordPress users can also create and design their own themes.
WordPress plugin architecture allows users to extend the capabilities and functions of a website or blog. As of March 2017, WordPress had more than 55,286 plug-ins, each of which offers different functions and features that allow users to tailor websites to specific needs. These settings range from search engine optimization to client portals used to display personal information. Thanks to their use, it became possible to create online stores on CMS WordPress, for example.
Not all available plugins are changeable to engine updates, as a result they may not work properly or not run at all. Most extensions are added to WordPress, either by downloading them, or by installing the files manually via FTP or the toolbar.
Third-party developers offer CMS WordPress plug-ins, most of which are paid packages.Web developers who want to create such extensions need to learn WordPress and all its principles.
There are own applications for working in WordPress for webOS, Android, iOS (iPhone, iPod Touch, iPad), Windows Phone and BlackBerry. All of them are developed by Automattic and have features such as adding new posts and blog pages, commenting, moderating comments, responding to comments in addition to being able to view statistics.
CMS WordPress also supports integrated link management, a search engine, a clean permalink structure, and the ability to assign multiple categories of messages. Also, the default engine includes automatic filters that provide standardized formatting and styling of text in messages (for example, converting regular quotes into smart quotes).
WordPress also supports Trackback and Pingback standards for displaying links to other sites that are themselves linked to a post or article. WordPress messages can be edited in HTML using a visual editor or one of several available plugins that allow you to use various customizable editing functions.
Prior to version 3, WordPress maintained one blog for each installation, although several parallel copies could be run from different directories if they were configured to use separate database tables. WordPress Multisites (formerly called Multi-User, MU or WPMU) was a distribution created to allow multiple sites to exist within a single installation, which can be controlled by centralized maintenance. This version allows you to post your own blogs, as well as monitor and moderate them from a single panel. WordPress MS adds eight new data tables for each blog.
Many security problems have been discovered in software at different times, especially in 2007, 2008 and 2015. According to analytical data, in April 2009, WordPress had seven unresolved vulnerabilities (out of 32 well-known). This was especially true for sites on free hosting with CMS WordPress.
In addition, in January 2007, many high-profile blogs promoted using search engine optimization (SEO), as well as running with the participation of AdSense, were targeted attacked. A separate vulnerability on one of the servers allowed an attacker to inject open source for some WordPress 2.1.1 downloads.In a subsequent version of the engine, this problem was fixed, and the developer recommended that all users update immediately.
In May 2007, a study found that 98% of WordPress blogs that were launched a few years earlier were of little use because they used outdated and unsupported software versions. To fix this problem, the developers have made the software update much easier - with a “one touch” automated process, starting with version 2.7 (released in December 2008). However, the file system security settings required to enable the update process may incur additional security risks.
In June 2013, it was discovered that some of the 50 most downloaded WordPress plugins were vulnerable to common web attacks, such as SQL injection and XSS. A separate check of the top 10 e-commerce extensions showed that seven of them were insecure. In an effort to improve the reliability and simplify the update process, automatic background updates were introduced in WordPress 3.7.
Separate installations of "WordPress" can be protected by security plug-ins that prevent the display of user data, hide resources and prevent freezing.Users can also protect their engine settings by taking steps such as updating all engine versions, themes and plugins, using only trusted add-ons, editing the site’s .htaccess file to prevent many types of attacks and blocking unauthorized access to confidential files. Modern tutorials include various steps, including taking steps to hide CMS WordPress so that the type of engine cannot be determined.
It is especially important to update WordPress plugins, because potential hackers can easily list all the extensions that the site uses, and then run a scan to find any vulnerabilities against them. If found, they can be used by attackers to download their own files (for example, a PHP shell script) that collect sensitive information.
Developers can also use potential gap analysis tools, including WPScan, WordPress Auditor and Sploit Framework, developed by 0pc0deFR. These types of tools examine known vulnerabilities, such as CSRF, LFI, RFI, XSS, SQL injection, and so on.However, not all spaces can be detected by tools, so it is recommended to check the code of plug-ins, themes and other add-ons from other developers.
In March 2015, many security experts and search engines reported that the SEO plugin for WordPress called Yoast, which is used by more than 14 million users worldwide, has a vulnerability that can lead to hacking, in which hackers can do blind SQL- introduction. To fix this problem, the developers immediately introduced a new version 1.7.4 of the same extension to avoid any interference in the network due to a security failure.
In January 2017, experts discovered a vulnerability in the WordPress REST API that would allow any unauthenticated user to modify any email or page on the site with WordPress 4.7 or higher. After notifying the developers of the engine, a high-priority patch to version 4.7.2 was released within six days, which fixed the problem.
The minimum PHP version requirement for WordPress is PHP 5.2, released January 6, 2006, which has not received any security fixes since January 6, 2011.In the absence of specific changes to the default formatting code, WordPress sites use a canvas element to determine if the browser is capable of displaying emoji correctly.
WordPress is also being developed by a community of active users, including a group of volunteers who test each issue. They have early access to new builds, beta versions and release candidates. Errors are recorded on a special mailing list or in the Trac project tool.
Although WordPress has been largely developed by the user community, it is still closely related to Automattic, the company founded by Matt Mullenweg. On September 9, 2010, Automattic transferred the WordPress trademark to the newly created WP Foundation, which is an umbrella organization that supports the entire content management system (including software and archives for plug-ins and themes), bbPress and BuddyPress.
Conferences of developers and users of WordCamp
WordCamps are random, locally organized conferences covering everything related to WordPress. The first such event was an event in August 2006 in San Francisco, which lasted one day and which was attended by over 500 participants.The first WordCamp outside the United States was held in Beijing in September 2007. Since then, such conferences have been held in more than 207 cities in 48 different countries of the world. Thus, all WordPress users who love public speaking can register and speak at a regular session.
The main support site for the engine is WordPress.org. It contains both CMS WordPress tutorials and actual lessons, as well as a live repository for information and documentation. Known and forum on this resource, which is an active online community of users.