WordPress (WP) is a content management system (CMS) written in PHP language and paired with MariaDM database or MySQL. WordPress has a core primary function of creating webpages. Using a hosting service and a domain, user can create and publish webpages which can store content. WordPress is a very popular CMS as it is free and open-sources with diverse functionality for customizing and designing webpages. WordPress contains different themes setting which provide WordPress a template system and plugin architecture.
Started as a blog-publishing system, WordPress now functions to support different membership sites, media site, traditional forums and mailing list, online stores, learning management system (LMS), and many other web-content types. As of 2020, more than 60 million websites use WordPress. On May, 27, 2003, Mike and Matt Mullenweg launched WordPress as b2/cafelog fork.
WordPress has different theme templates which alter the functionality and display of the WordPress website without changing the site content or core codes. The theme can be downloaded and installed from the internet. At least one theme has to be installed and activated in WordPress website. Every WordPress theme is designed using WordPress standards with Cascading Sheet System (CSS), valid HTML and PHP. A theme template and function can be customized by altering its PHP, CSS and HTML. In addition, one theme setting can be incorporated in another theme. This is done by either directly installing the theme using the WordPress “Appearance Administration Tool” or by copying the theme folder into the theme directory using FTP. WordPress themes are classified as: Free and Premium. Free themes can be installed by accessing the WordPress theme repository. However, premium themes are purchased from WordPress developers, or online marketplaces.
Blog or website functionality is enhanced through the use of WordPress’ plugin architecture. By using the 55,487 different WordPress plugins, the user can customize the website according to his/her needs. However, wordpress.org repository does not list premium plugins. Users have to purchase these online. The Content Management System (CMS), client portal and Search Engine Optimization (SEO) is customizable through the use of these different plugins. Some older plugins do not function in the new upgraded WordPress versions. Plugins are used by downloading and installing them, either through the WordPress dashboard or manually via FTP. However, plugin can be purchased and installed through third party website.
WordPress Mobile Application:
WordPress has a mobile application for iOS (iPad, iPhone, iPod Touch), WebOS Android, Blackberry and Windows Phone. User can add new pages and blog posts, comment, and view stats through these WordPress mobile applications.
Multi-user and multi-blogging:
Only one blog was supported per installation on WordPress in versions older than WordPress 3.0. Later on, WordPress Multisites (WPMU) allowed different blogs to exist within one installation. Through a single dashboard blogs can be customized and the blogging communities can be managed using WordPress MU. Now WordPress 3 has been merged with WPMU.
Classic Editor Plugin:
With the Classic Editor Plugin website developer and User could keep on using the WordPress 4.9.8 compatible plugins. This allows the developer enough time to make the plugins compatible with the WordPress 5 version. Over 5,000,000 WordPress installations have the Classic Editor plugin active, which will be supported on WordPress till 2022.
In 2007, 2008 and 2015, WordPress software faced several security issues. In Jan 2007, many AdSense featured SEO blogs, as well as less popular commercial blogs were attacked. WordPress 2.1.1 was attacked when an attacked used back door exploitable codes on some WordPress downloads. All the users were advised to upgrade to the newer 2.1.2 version. In May 2007, almost 98% blog posts were using unsupported and outdated versions of WordPress software and were exploitable. To solve this problem, WordPress allowed the software to be updated with a “one click” automated process in version 2.7. (Dec, 2008).
WordPress 3.7 introduced automatic background updates for better security protection. Security plugins protect WordPress installation by hiding resources, thwarting probes and preventing user enumeration. WordPress installation is also protected by keeping WordPress installation, plugins, and themes, to prevent unauthorized access to user website content and different SQL attacks. Hackers can easily find security holes in old plugins on a WordPress website. Hence it is necessary to regularly update WordPress plugins from time to time. Hacker can exploit security vulnerability and steal information by uploading different malwares. WordPress Auditor, WordPress Sploit Framework, and WPScan are different tools developers can use to detect vulnerability such as a LFI, CSRF, XSS, RFI, user enumeration and SQL injection. These tools cannot detect all the vulnerabilities, so other plugin codes, themes and add-ins must be checked.