Monthly Archives: August 2011

I’m somewhere in the middle of the Arctic Sea right now, approximately 78°05’N, 28°45’E, but even through the thin pipe of an intermittent satellite connection the ripples were felt of the announcement that Steve Jobs resigned as CEO of Apple. Jobs, or the idea of him, has had a profound impact on innumerable founders and CEOs. My own tribute to him (and Apple as an organization) is in the essay 1.0 is the Loneliest Number, where reviews of the original iPod punctuate a story of the messy act of creation. Moments like this give us an opportunity to take a step back and contemplate the bigger picture, so take a moment to read the post and think about what you’re launching next.

State of the Word 2011

Just in case you missed yesterday’s State of the Word presentation, it’s now available on WordPress TV:

The slides are also available on Slideshare.

Here are some key takeaways from yesterday:

  • We had over 1,000 people attending WCSF and many more watching the livestream, making it the biggest WordCamp yet.
  • The survey of 18,000 WP users revealed some interesting data, like a median hourly rate of $50 and that 6,800 of the self-employed respondents were responsible for over 170,000 sites personally.
  • WordPress 3.2 had 500,000 downloads in the first two days, representing the fastest upgrade velocity ever.
  • WordPress now has 15,000 plugins and 200 million plugin downloads, and we’re doing a lot of work to make the plugin experience more seamless.
  • 14.7 percent of the top million websites in the world use WordPress.
  • 22 of every 100 active domains created in the U.S. are running WordPress.

In true WordPress fashion, we’ll be open sourcing the raw survey data so people can slice and dice it their own way to find interesting trends or patterns, like breaking down the hourly rates by geography.

Special thanks to Pete Davies, who was responsible for the survey and helping craft the narrative of the keynote, and Michael Pick who did the same and also designed all the slides and animations you saw. Michael is going to prepare a blog post with all of the inspirations and allusions in the slides for those of you curious about the story behind the design.

Update: Raw data and a few other updates are now available on WordPress.org.

The past two days I’ve been at WordCamp San Francisco and the presentations have been amazing. For the first time ever for San Francisco we’ve had a really fantastic live video stream going from both rooms. It’s a pretty economical way to get all of the content of the conference without the cost of coming to San Francisco. We even had someone streaming from Pakistan! My talk on the State of the Word, will be tomorrow at 11 AM PST so get a ticket on the WordCamp SF site.

The TimThumb Saga

Last week there was a serious flaw found in the code behind TimThumb, an image re-sizing library commonly used in premium themes.* Because the code is commonly embedded in themes it’s not easy to discretely update like it would be if the code were a plugin, and even when a theme is updated people are hesitant to update because they often customize theme code rather than making child themes, so if they were to overwrite their theme with a new version they’d lose their modifications. That, combined with the severity of the flaw, means that this is one of the more serious issues in the WordPress ecosystem in a while, even more than normal because it wasn’t in core.

It could have gone a lot of ways, but the incident brought out the best in the community. The core team sprang into action searching through the theme directory to inoculate any themes that contained the dangerous code. Community blogs quickly got the word out about the problem so people were aware of it. Mark Maunder, who originally discovered and broke down the problem, created a fork of the code called WordThumb that rewrote TimThumb from the ground up. Forking is not usually ideal because it fragments the market for users but Mark soon connected with Ben Gillbanks, long-time WordPress community member, and they’ve teamed forces to release TimThumb 2.0, a collaboration that exemplifies Open Source at its finest. An updated plugin should be in the directory shortly.

It also illustrated the original vision I had behind VaultPress. In addition to reporting early and emailing customers with vulnerable code, the following morning they had devised a way to go in and surgically correct vulnerable code on over seven hundred affected websites. This fixing-problems-while-you-sleep delighted users and is exactly the kind of problem I hoped VaultPress would solve for people and it underscores the core value of the service. If you’re not using VaultPress for your most important websites yet, you should.

* I originally had a long rant here, but here’s the 13-word version: I’ve seen no correlation between how much something costs and its code quality. This is getting better as more people become familiar with the coding standards of core, and PHP in general, but there is still a long way to go. If you want to avoid this in your own code, check out Theme Check and Log Deprecated Notices to start. If you’re looking for code to base your own theme on, it’s best to start with something like 2010 or 2011.