Are decisions on WordPress democratic?

WordPress, like all open source development had its beginning from a brilliant idea, and 11 years later, that great idea has become in the most used content management system in the world, boosting no less than 25% of the entire Web .

 participatory democracy

Surely when Mike Little and Matt Mullenweg were they launched to create a friendly and powerful content management system they had no idea how far the project would go, but look where the idea worked, and we enjoy it every day.

Now, everything growth has its problems, and one of them is that currently the development orientation of WordPress seems to depend on just one person: Matt Mullenweg, for good and for bad .

Indeed there are many people that WordPr ess is a product of Matt's company, Automattic and it's not like that, your company has other products like WordPress.com or Akismet, but WordPress itself is not yours, it's from the community . Automattic is a great company, that bets on WordPress as there is no other, but WordPress is not a product of yours but on which they base their products.

Not even the WordPress Foundation is thought for this purpose, it is only limited to the protection of marks and principles.

So who decides the future of WordPress? for now Matt.

 matt mullenweg wordpress

Matt has been and is a great project leader, making very wise decisions about where WordPress should go but is it good that this is so?

There are development groups of the Most of the elements and parts of WordPress, but the decisions, the leadership, is held by Mullenweg.

One of the handicaps of the dependence on the genius of a single person is that if that person is missing, and we hope not, or decides to dedicate himself to something else, then the project res will understand, at least until other leaders are found who substitute their vision. Something very similar is happening in Apple, but it is a different case, Apple is a company.

Open source projects have long experience in this regard, and many times this issue has been solved by a kind of advice advisor a group of users involved in the future of the project who make decisions about it. These advisory councils, usually, must also consult the entire community before making relevant decisions in order to obtain greater involvement of all, in addition to obtaining the necessary support.

Currently any decision on the future of WordPress takes only and exclusively Matt Mullenweg, which is not at all democratic, not even recommended . Do not forget that Matt is a person, as well as a personality, and although he has a privileged mind, he is not exempt from the possibility of making mistakes, even having personal feelings and tastes, which do not always have to coincide with the bulk of the community of developers and users of WordPress.

If the possibility of organizing a kind of advisory council were to be considered, it would cease to be the responsibility of Matt, and the decisions would be much more consensual, much more democratic and transparent, accurate or not . In any case it would never be a problem because the beauty of an open source project is the ability to respond before mistakes, precisely due to the involvement of the community itself.

Currently, beyond the debates at community meetings of WordPress users and some timely survey, there is no such thing as "voting" on the future of WordPress, the decisions are unipersonal something that we have socially overcome but, interestingly, in a development as open as WordPress we continue to depend on one, let me call it that, consensual dictatorship like the one the ancient Romans had occasionally.

Okay, we are all grateful to Matt for his decision, praise and good work, but do not we? would it be necessary to question that 11 years later the project should not advance in this sense?

Matt is a great leader and visionary but he can make mistakes, and he could even take pride of your companies to those of WordPress, had not it occurred to you? In any case it has a great responsibility, and possibly it is time to free him from some, at least in its entirety.

 wordpress lupa

It is also not easy to choose to the members of a possible advisory council, because they too could be wrong, but they can take advantage of the advances in direct democracy and organizational transparency existing to provide this entity with sufficient guarantees to enable them to do their hard work at the same time to free them from excessive external and internal pressure.

We are currently faced with decisions about the future of WordPress in interviews with Matt or with his interventions in WordCamps, but is this transparent? Do we know what has led you to make these decisions? Are they subject to debate and / or approval? The answer to all these questions is NO.

I think these are issues that should be left behind and that the WordPress development process be a lot more transparent and, above all, participatory.

A decision process governed by an advisory council, as proposed by Vladimir Prevolac would have many advantages:

  • The operating rules and decision processes of the council , even meetings, would be completely public, greatly improving the transparency of the project.
  • It would be much more effective than just relying on the availability and good judgment of a single person.
  • It would eliminate the feeling of being a personal project, that in case Matt left it would greatly harm his future and reliability .
  • All the documentation generated Given the usual functioning, meetings and decisions of the advisory council would serve as tremendously valuable information for the future of WordPress.
  • Would delve into the empowerment of each user of the community, an unavoidable result of the policy of open and transparent government reinforcing the involvement and commitment of the entire community.

Of course, a council of this kind would not be exempt from making mistakes, that its members also prioritize their tastes or interests to the time to make decisions, but everything would be much more transparent and accessible, being able to assess each decision and guidance.

Personally I think it has more advantages than inconveniences, and I'm not talking about getting rid of Matt Mullenweg, who of course he should be a born member of the council, but of two fundamental questions:

  1. Free Matt from responsibilities
  2. Provide transparency and democracy to decisions about the future of WordPress

I do not know what you'll think about all this, I'm looking forward to reading your impressions about it.

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Different background in each entry

Surely you'll ever use it, and it's very nice thanks to the plugin Custom background extended a jewel for lovers of customization.

Once installed and active adds a new box goal to the WordPress post editor from which you can choose a custom header for the post you are going to publish, choosing your location and layout.

The only requirement is that your theme supports custom backgrounds for what, I remember you, you have to add this line to the file functions.php of it:

Is WordPress really safer by changing the prefix of the database? • WordPress Help

One of the most common advice given (me too) about WordPress security is do not use the default WordPress prefix for database tables but does this change really improve WordPress security?

 protect wordpress

Either from installation or later (see link in previous paragraph) ), using a different prefix for the database tables is a basic WordPress security tip to avoid SQL injections .

As you already know, WordPress by default uses the prefix wp_tablename but is it really a security improvement to use another one like mistablas_nombretabla ? Let's see arguments

What is an SQL injection?

 sql injection

To begin with it's good to know what exactly is an SQL injection . To summarize, a SQL injection offers the attacker the possibility of injecting SQL code through some input path that is available to visitors (visible or not) and that can be executed from the database server, which in the case of WordPress would be the MySQL server where it is hosted.

For example, imagine that instead of entering an email address in a registration form the attacker enters SQL code that makes a list of all the records in the table wp_users which is where all the data of registered users of a WordPress is saved. It gives miedito no?

If so, once sent the form, instead of rejecting the SQL code, the web runs it and the database server would deliver the contents of the table wp_users to the attacker.

An SQL injection, that is, the execution of code through an entry path to a web is the typical result of a problem with the code of a form, a plugin, the theme or any other component of the WordPress installation. And it is possible almost always because the gateway for visitors has not been sanitized so it allows the introduction of SQL code.

It's basically that. In a typical installation of WordPress the attacker will also be able to write to the database, which is even more dangerous as we will see later.

As in everything, there are many variants of possible SQL injections some really gimmicky, but it's good that you have an overview of how an SQL injection works, the impact it can have if it is carried out (read or write in the database) and, above all, how it can be avoided. [19659005] Now let's see how this affects a typical installation of WordPress and if a change in the prefix of the database influences the time to avoid SQL injections, do you think?

Names and tables in the database of WordPress

We have already seen on several occasions which are the tables of the WordPress database and what each table is for, but there is never a new review, and what we are talking about today is a reminder comes from pearl. [19659005] Basically, WordPress installs by default 11 tables that, if you do not modify it, will have the prefix wp_ so if you have not made any changes they will be:

  • wp_commentmeta
  • wp_comments
  • wp_links
  • wp_options
  • wp_postmeta
  • wp_posts
  • wp_terms
  • wp_term_relationships
  • wp_term_taxonomy
  • wp_usermeta
  • wp_users

If you understand some English, just by looking at the names of the tables you can guess easily what is stored in each table. For example, it is easy to imagine that in the table wp_comments comments are stored or that in wp_options is where the settings are right?

Exploiting an SQL injection in WordPress

]  insecurity wordpress

Let's get into the realms of Mordor so choose your best weapon and trust the ring community (or the WordPress community) hehe

Imagine that one of the plugins that you have installed in your WordPress is vulnerable to an SQL injection, something that is not uncommon, it is the most frequent way of vulnerabilities. An attacker who wants you the first thing you would do would be to scan your WordPress installation with tools like WPScan to have the list of the plugins you have installed, even those that are disabled. If when looking at the list it detects that one of them is vulnerable to injections SQl will already have half the work done, if not the most.

The next thing he would do is exploit the SQL injection for what he would execute some codes like Next, the usual ones to manually create an administrator in the WordPress database, there's nothing:

What do those codes do? As nothing more and nothing less than the attacker can create a WordPress user with administrator privileges on your website, which will immediately get access to your WordPress desktop with full access.

On other occasions the attacker not only creates an new admin user but also changes the current password and, by the way, leaves you without access, a symptom that when you see it and is slow to react.

Why the attacker can create an administrator?

Knowing in advance that your website is made with WordPress and that it is vulnerable to SQL injections due to some vulnerable plugin or whatever you may have seen, the attacker only needs basic configuration knowledge of the WordPress database, something fully documented in the same WordPress.org website

Guessing database table names

If the prefix of the WordPress database on the site is the default one, that is wp _ the attacker can easily execute code and read or write information in the tables.

If you change the prefix of the WordPress database, for example to MordorX25_ the attacker can not Read or write in the database so easily since you do not know the names of the tables. This is true even if you have done the SQL injection and the code is exploitable, because they would not have any effect when you did not find an objective to act on.

Yes, changing the prefix of the WordPress database tables improves WordPress security

The – good – idea of ​​changing the prefix of the WordPress database tables is old, in fact from the first versions of WordPress, to avoid SQL injections that could create users and inject spam or malware The only way to quickly stop them was to change the default names of the tables.

Does this mean that I'm safe just by changing the prefix of the WordPress database tables?

Of course not. Changing the prefix of the tables in the WordPress database is a very good security measure, and it stops an infinity of attacks on the database, but it's not the only way they can enter your site.

Most of the time the culprits of a WordPress attack are badly programmed or not updated plugins, the reality is that you can get access to a WordPress installation in other ways, for example through social engineering, stealing passwords and any other method that imagine Everything will depend on the interest that your site provokes in the possible attackers, and with the plague of spammers that invades us, nobody is 100% sure.

So, in addition to changing the prefix of the tables in the database apply these 15 rules to have a bomb-proof WordPress you'll be happier.

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say that we have not warned you.

Loading …

That may also help you:

How to get back to an earlier version of WordPress • WordPress Help

Updating WordPress is not only the right decision to enjoy the novelties of each version, but it is also recommended to have a secure installation. However, there are times when it becomes necessary to go back to an earlier version of WordPress .

There are times when a plugin or theme is not compatible with a WordPress update and you realize this after updating.

In this type of case, while updating the plugin or theme to be able to coexist with the latest version of WordPress it may be necessary to return to an earlier version in the one that worked.

Other times it's just that you do not like the new version but, seriously, that is not the reason.

That's it, if you followed the steps simply go to your desktop of WordPress to verify that it has been de-updated . But do not fall asleep on your laurels or you'll regret it sooner rather than later, get your batteries and update the incompatible theme or plugin, which is not a good idea to never have a WordPress version or a plugin without updating, they would be easy to hackers .

Another tip? Whenever possible, it is better to use another theme or plugin that does not force you to be outdated than to live with the risk and insecurity of having an old version of a plugin or WordPress .

Whatsapp in WordPress • WordPress Help

I believe that there is almost nobody in the Hispanic world that does not use WhatsApp, the instant messaging application that, little by little, has been withdrawing the conversation from the open networks to this more private environment.

It is each Whatsapp will share links to web pages on any subject, but it is something that is currently pretty stubborn to do so because it requires a very manual process:

It's a very tedious process, especially the part of copying the URL, so it makes a lot of sense to facilitate the task of sharing URLs in WhatsApp, something that we can add from WordPress right now, and in several ways. Let's see some …

As you can see there are already many options, which I suppose will grow with the recent purchase of WhatsApp by Facebook, with which entry into the Anglo-Saxon world will be guaranteed.

I still have to find time to add it to the blog, but I plan to do it, and you? Have you already integrated WhatsApp and WordPress? Do you think to do it? Why?

What is and how the functions.php file is used • WordPress Help

 functions functions.php

It is usual to find in Help WordPress crowd of tricks to add features to the file functions.php we have even talked about if it is better to use this file or a utilities plugin which we also learned to do but what is the file functions.php and how to use ?

Let's look at some basics and how to use it, how do you like it?

What is the functions file .php?

The most basic thing is that it is a PHP file, that is, a text file full of characters and spaces that the PHP engine will run to do things on your website. These characters are called functions and are enclosed between the tags <? Php and ?> . The thing is simple: what is inside those tags is executed and what is out is not .

It comes to be the natural, and better structured replacement of the veteran file my-hacks. php disappeared in WordPress 2.8 which was where formerly extra features were included, but with the aggravating circumstance that in each WordPress update the file was crushed.

Where is the file functions .php?

Virtually all current WordPress themes have a file functions.php in the main folder, and if you do not have it, you should have it. Sometimes it contains many functions and sometimes only a few.

What does the functions.php file do?

The file functions.php contains some PHP codes called functions, a standard feature of WordPress that allows a theme to "connect" with WordPress internal features (register sidebars, add thumbnail support, etc.) or own the active theme, such as specialized short codes.

How does WordPress communicate with the file functions.php?

WordPress, by default, expects to find a file functions.php in the folder of the active theme, nothing happens if it is not found, but WordPress checks to see if it exists and interacts with it, executing the functions that it finds.

In this way, WordPress "knows" that the functions located in the file functions.php of your theme must be executed and it will use the PHP engine installed n the server and the standard functions of WordPress to interpret and execute them. It seems complicated but it is simple, it is based on the functions themselves and on other pieces of code called " hooks " (hooks) .

Do I need a functions.php file?

Essential is not, but it is highly recommended. You can include in it functions necessary for the theme to work correctly, and as it is the first WordPress review will be loaded immediately, before plugin codes, because ultimately the first thing that should be shown is the design, ie , the subject.

Tips for using the file functions.php

Despite the interesting thing about having a file functions.php in the active theme, there are some tips to keep in mind:

  • Do not go crazy adding functions to file functions.php . This file is great to include in it functions related to the design, with visual elements, for the rest of things a utilities plugin is better. There are many people who use the file functions.php to put in it all the cool features found in WordPress Help or any other web, and no, it's not a mixed bag, each function that you include must have a meaning and purpose, and if you do not use it, delete it.
  • The file functions.php of a theme child does not overlap that of the parent theme unlike the rest of files that you create in the child theme . If it will be executed before the parent theme, which will be a problem if there are the same or incompatible functions, which would result in ugly PHP errors of duplicate functions or something much worse, so check what you put in the file functions.php of the son and the father theme.
  • Try not to grow too much it does not matter if you need many functions. If you see that your file functions.php begins to skim 200 lines seriously consider creating dependent files from which your file functions.php extracts the rest of the codes that you want to execute, you can easily do using PHP commands like include () or require () which will include or make the necessary connection to run everything without the need to overload your file functions. php .

As you will see, the file functions.php is of great use and used sparingly will expand and improve the functionality of your web, so learn to use it, treat it with affection and add useful functions.

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Why does the default WordPress theme change every year?

 twenty themes wordpress

Part of WordPress culture are the default themes, those that we have nothing else to install them to start publishing immediately, and like everything else in this life, they also have their little story.

In 2005, the old mythic song Kubrick appeared, which remained for no less than 5 years as the default theme, with defenders and detractors, and receiving a multitude of constant updates to follow the times, but this could not last long, it was too much pressure for an old, though capable subject.

It was in 2010 when the pattern Twenty ________ began with Twenty Ten ( 20 10 or Twenty Ten ), betting on the change each year of issue and the objective was twofold; on the one hand, guarantee that the last WordPress theme by default would host all the latest innovations and technologies and on the other hand free the subject by default the pressure of being the latest in technology year after year and maintaining all previous compatibility Previous

This has happened every year since then, and now in 2014 we have Twenty Fourteen (Twenty Fourteen), and about to leave in December, to start 2015 with a new theme, Twenty Fifteen , fulfilling all of them the fundamental premise of offering the best experience and compatibility with WordPress functions, with a design adapted to the times.

Another pressure that was eliminated with the change of theme by default every year was to cover all the tastes, something impossible, and for this reason are introduced each year in the themes Twenty ______ new concepts of style such as the bet on the full width of Twenty Thirteen or the Twenty Fourteen magazine

As in each new update of WordPress all topics are included Twenty _______ the end user has a good range of updated themes and different designs, to have where to start . In this way, each default theme of WordPress allows us to enjoy all the possibilities of the latest versions of WordPress and many customizations to adapt them to our tastes.

Did you know? Have you ever stopped to think about this? Have you tried all the default themes of WordPress?

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

WordCamp Mallorca 2014

I'm sorry I did not know it before but it's better late than never and, most importantly, there's still time to sign up for a new WordCamp event in Spain.

WordCamp Mallorca will be held on Friday, October 31, 2014 Caixa Forum Palma a great site, and with a very interesting program:

So go ahead and make sure you get your ticket, which for only € 20 allows you to access all the activities and, of course , to take your commemorative shirt. By the way you will know a wonderful island where good weather is practically guaranteed.

Do you want to help WordPress development?

 wordpress-logo

WordPress is a CMS made by the community and for the community and without the support of themselves at this time it would not be the best CMS that there would be at present, we can all be part of this community that contributes to the development of this CMS that has helped us many times in daily life.

There are many forms of collaborate with the WordPress project the source code, testing errors in different environments, creating patches, functions, testing new versions, etc.

In this article we will recommend some ways you can collaborate with WordPress remains one of the best tools at the web level.

Trac is an open source software which uses WordPress to manage all types of errors, by generating tickets you can report any error What you have found, security problems, a bad update, you can also manage suggestions for the next versions of the CMS. In this way the community that is behind all WordPress will be able to analyze each of our opinions and give them a solution as soon as possible.

Work with the WordPress kernel

Since WordPress is created by the community, anyone can collaborate with the WordPress. base of the code, with this I do not mean that anyone can directly modify the base of all the source code, in order to make these changes it is necessary to create a patch file with the respective changes and send it for review. If these changes are accepted you will probably be in the next version of WordPress.

To collaborate with code changes and others it is necessary to use Subversion .

Publication of Plugins and Themes

To make the publication of some of these two the most indicated is to send them to the directory of plugins and themes that WordPress incorporates on your page, below are the links where they can be sent, in them are the indications of how to do it, just enough to have a account created on wordpress.org

Plugins: wordpress.org/plugins/add/

Topics: wordpress.org/themes/upload/

Create the next documentation

codex.wordpress.org/Mailing_Lists#Documentation

Creating documentation is a little tedious and even boring but it is something we all need at some point in order to solve problem s, a good way to collaborate with the community is to update and create the documentation for the next version of WordPress, although it is true that in our Codex we still find outdated documentation of versions much earlier than the actual version and makes it necessary for someone to do this task especially for new users who are part of WordPress.

Another way to help and not only the community that develops WordPress but also the people who start in this world is collaborating and giving answers to the different topics that are created daily in the attendance forum, here I share the Spanish forum but in each language there is a different one.

If what you want is a little more agility when looking for solutions, WordPress also has very active chat rooms, to participate you only need to have an IRC client on your PC.

The main WordPress room is #wordpress [1 9459010]there is also the room dedicated to the development # wordpress-dev and as you can see the rest.

In the ideas section of WordPress, proposals for the next versions are compiled, here you can vote for the ones that most call your attention and think suitable for a next version, all these ideas are reviewed before beginning with the development of a new version to evaluate its implementation in WordPress.

These are the main ways to help the WordPress evolution, if you know others that also help, you can comment on them in our comments section.

NOTICE : this publication is from two years ago or more. If it's a code or a plugin it might not work in the latest versions of WordPress, and if it's a news story it might be obsolete. Then do not say we have not warned you.

Loading …

That may also help you:

Study of the use of WordPress in Spain 2014

The other night I was sleepless and it occurred to me that there are many studies on the use of social networks and so on but nothing at all serious about the use of WordPress so I set to work. [19659002] The idea is a study as exhaustive as possible, with a wide sampling, to analyze the diffusion and use of WordPress in Spain with the aim of analyzing the results and that they serve as information of reflection both for professionals and companies and of course disseminate the use of WordPress in traditional media, to those who tend to like this type of statistical studies.

For this I have developed an anonymous survey in which are made, in addition to very specific questions about WordPress use, other control and some statistical spectrum. In any case it does not take 5 minutes to complete so I encourage you to participate.

If you wish, at the end of the form there is a box in case you want to receive the report when it is done. Of course, I'll post the results here and the full report when it's completed.

I hope you like the idea, and I'm glad too. Of course, if you like the idea diffuse it as much as possible between your contacts, thank you!

Here you have the form so you do not have to leave the blog to start completing it … or if you prefer This is the official link: Study of the use of WordPress in Spain 2014