Wikipedia - User contributions [en]

WordPress

2013-07-23T07:20:33Z

111.118.248.94:

{{about|the blogging software|the blog host|WordPress.com}}

{{ref improve|date=June 2013}}
{{pp-move-indef}}

{{Infobox software
| name = WordPress
| logo = [[File:WordPress logo.svg|250px]]
| screenshot = [[File:WordPress Dashboard.png|250px]]
| caption = <center>WordPress Dashboard</center>
| collapsible = yes
| developer = WordPress Foundation
| status = Active
| released = {{start date|2003|05|27}}<ref name=release />
| latest release version = 3.5.2
| latest release date = {{start date and age|2013|06|21}}<ref name="3.5.2">{{cite web |url=http://wordpress.org/news/2013/06/wordpress-3-5-2/ |title=WordPress 3.5.2 Maintenance and Security Release |publisher=Wordpress.org |date=2013-06-21 |accessdate=2013-06-21}}</ref>
| latest preview version = 3.6 Beta 3
| latest preview date = {{start date and age|2013|05|11}}<ref name="3.6 beta">{{cite web |url=http://wordpress.org/news/2013/05/wordpress-3-6-beta-3/ |title=WordPress 3.6 Beta 3 |publisher=Wordpress.org |date=2013-05-11 |accessdate=2013-05-11}}</ref>
| operating system = [[Cross-platform]]
| platform = [[PHP]]
| genre = [[Blog software]]
| license = [[GNU General Public License Version 2|GNU GPLv2]] (or later)<ref>{{cite web |url=https://wordpress.org/about/gpl/ |title=WordPress: About: GPL |publisher=WordPress.org |accessdate=15 June 2010}}</ref>
| website = {{URL|http://wordpress.org}}
}}

'''WordPress''' is a [[free and open source]] [[blog]]ging tool and a [[content management system]] (CMS) based on [[PHP]] and [[MySQL]] which runs on a [[web hosting service]].<ref>{{cite web |publisher=WordPress |title=WordPress Web Hosting |url=https://wordpress.org/hosting/ |accessdate=21 May 2013}}</ref> Features include a plug-in architecture and a template system. WordPress is used by over 14.7% of [[Alexa Internet]]'s "top 1 million" websites,{{as of?|date=June 2013}} and {{as of|2011|08|lc=y}} manages 22% of all new websites.<ref>{{cite web |url=http://techcrunch.com/2011/08/19/wordpress-now-powers-22-percent-of-new-active-websites-in-the-us/ |title=WordPress Now Powers 22 Percent Of New Active Websites In The U.S |last=Rao |first=Leena |date=19 August 2011 |publisher=TechCrunch |accessdate=28 September 2011}}</ref> WordPress is currently the most popular blogging system in use on the [[World Wide Web|Web]],<ref>{{cite web |accessdate=8 August 2011 |url=http://w3techs.com/technologies/overview/content_management/all |title=Usage of content management systems for websites}}</ref><ref>{{cite web |accessdate=2011-08-26 |url=http://trends.builtwith.com/cms |title=CMS Usage Statistics |publisher=BuiltWith}}</ref> powering over 60 million websites worldwide.<ref>{{cite web |url=http://www.forbes.com/sites/jjcolao/2012/09/05/the-internets-mother-tongue/ |title=With 60 Million Websites, WordPress Rules The Web. So Where's The Money? |last=Coalo |first=J.J |date=5 September 2012 |work=[[Forbes]]}}</ref>

It was first released on May 27, 2003, by founders [[Matt Mullenweg]]<ref name=release>{{cite web |url=https://wordpress.org/news/2003/05/wordpress-now-available/ |title=WordPress Now Available |publisher=WordPress |last=Mullenweg |first=Matt |accessdate=2010-07-22}}</ref> and Mike Little<ref name=release_commit>{{cite web |url=https://core.trac.wordpress.org/changeset/8 |title=Commit number 8 }}</ref> as a [[Fork (software development)|fork]] of ''b2/cafelog''. As of April 2013, version 3.5 had been downloaded over 18 million times.<ref>{{cite web |url=http://wordpress.org/download/counter/ |title=WordPress Download Counter |publisher=WordPress |date= |accessdate=2013-04-24}}</ref>

== Features ==

WordPress has a [[web template system]] using a [[template processor]].

=== Themes ===
WordPress users may install and switch between [[Theme (computing)|themes]]. Themes allow users to change the look and functionality of a WordPress website or installation without altering the information content or structure of the site. Themes may be installed using the WordPress "Appearance" administration tool or theme folders may be uploaded via FTP.<ref>{{cite web|url=http://codex.wordpress.org |title=Theme Installation |publisher=Codex.wordpress.org |date=2013-04-09 |accessdate=2013-04-26}}</ref> The PHP, HTML & CSS code found in themes can be added or edited for providing advanced features. Thousands of WordPress themes exist, some free, and some premium (paid for) templates.

=== Plugins ===
One very popular feature of WordPress is its rich [[plug-in (computing)|plugin architecture]] which allows users and developers to extend its abilities beyond the core installation. WordPress has a database of over 24,000 plugins,<ref>{{cite web|url=http://wordpress.org/extend/plugins/ |title=official plugin directory |publisher=Wordpress.org |date= |accessdate=2013-04-26}}</ref> each of which offer custom functions and features enabling users to tailor their site to their specific needs. These customizations range from [[SEO]] (Search Engine Optimization) enhancers to content-displaying features, such as the addition of [[widgets]] and [[navigation bar]]s.

=== Widgets ===
[[Widgets]] are small modules that offer users drag-and-drop sidebar content placement through the implementation of [[plugins]]' extended abilities. Some of these Widgets offer customization options such as web forms to fill out, includes or excludes of data and information such as Categories, Archives and Recent Posts, optional images through slideshows and/or carousels, amongst other customization features.These small modules are typically displayed within the header (heade

[[File:Wordpress Template Hierarchy.png|250px|thumb|WordPress template hierarchy]]
r.php), foo

ter (footer.php) and sidebars (sidebar.php files) of websites, but can also be placed outside of said locations enabling even further customization.

=== Multi-user and multi-blogging ===

Prior to WordPress 3.0, WordPress supported one blog per installation, although multiple concurrent copies may be run from different directories if configured to use separate database tables. WordPress Multi-User (WordPress MU, or WPMU) was a fork of WordPress created to allow multiple blogs to exist within one installation but is able to be administered by a centralized maintainer. WordPress MU makes it possible for those with a website to host their own blogging community, as well as control and moderate all the blogs from a single dashboard. WordPress MU adds eight new data tables for each blog.

As of the release of WordPress 3.0, WordPress MU has merged with WordPress.<ref>{{cite web |url=http://wordpress.org/development/2010/06/thelonious/ |title=WordPress 3.0 "Thelonious" |publisher=Wordpress.org |date=2010-06-17 |accessdate=2011-12-18}}</ref>

=== Mobiles ===
Native applications exist for [[WebOS]],<ref>{{cite web |url=http://webos.wordpress.org/ |title=WordPress for WebOS |work=WordPress |accessdate=2012-03-06}}</ref> [[Android (operating system)|Android]],<ref>{{cite web |url=http://androidandme.com/2010/02/news/wordpress-publishes-native-android-application/ |title=WordPress publishes native Android application |publisher=Android and Me |date=2010-02-02 |accessdate=2010-06-15}}</ref> [[iOS]] (iPhone, iPod Touch, iPad),<ref name="altafsayani">{{cite web |url=http://www.altafsayani.com/2008/07/12/wordpress-app-for-iphone-and-ipod-touch/ |title=Idea: WordPress App For iPhone and iPod Touch |work=WordPress iPhone & iPod Touch |date=2008-07-12}}</ref><ref name=post>{{cite news |url=http://www.readwriteweb.com/archives/18_million_wordpress_blogs_land_on_the_ipad.php/ |title=18 Million WordPress Blogs Land on the iPad |date=March 24, 2011 |work=ReadWriteWeb}}</ref> [[Windows Phone]], and [[BlackBerry]].<ref>{{cite web |url=https://blackberry.wordpress.org/ |title=WordPress for BlackBerry |work=WordPress |accessdate=2009-12-27}}</ref> These applications, designed by [[Automattic]] allow a limited set of options, which include adding new blog posts and pages, commenting, moderating comments, replying to comments in addition to the ability to view the stats.<ref name="altafsayani" /><ref name="post" />

=== Other features of note ===
WordPress also features integrated link management; a [[Web search engine|search engine]]–friendly, clean [[permalink]] structure; the ability to assign nested, multiple categories to articles; and support for [[Tag (metadata)|tagging]] of posts and articles. Automatic filters are also included, providing standardized formatting and styling of text in articles (for example, converting regular quotes to [[Quotation mark|smart quotes]]). WordPress also supports the [[Trackback]] and [[Pingback]] standards for displaying links to other sites that have themselves linked to a post or article.

== History ==

''b2/cafelog'', more commonly known as simply ''b2'' or ''cafelog'', was the precursor to WordPress.<ref>{{cite video|people=Andrew Warner, [[Matt Mullenweg]] |date=2009-09-10 |title=The Biography Of WordPress – With Matt Mullenweg |url=http://mixergy.com/the-biography-of-wordpress-with-matt-mullenweg/ |format=[[MPEG-4 Part 14]] |medium=Podcast |publisher=Mixergy |accessdate=2009-09-28 |time=10:57 |quote=b2 had actually, through a series of circumstances, essentially become abandoned.}}</ref>
b2/cafelog was estimated to have been employed on approximately 2,000 blogs as of May 2003.<ref>{{cite web|last=Valdrighi|first=Michel|title=b2 test weblog - post dated 23.05.03|url=http://cafelog.com/index.php?p=500|accessdate=9 May 2013}}</ref> It was written in PHP for use with [[MySQL]] by Michel Valdrighi, who is now a contributing developer to WordPress. Although WordPress is the official successor, another project, [[b2evolution]], is also in active development.

WordPress first appeared in 2003 as a joint effort between [[Matt Mullenweg]] and Mike Little to create a [[fork (software development)|fork]] of b2.<ref>{{cite web |url=https://codex.wordpress.org/History |title=History - WordPress Codex |accessdate=29 March 2012 |publisher=WordPress.org}}</ref> Christine Selleck Tremoulet, a friend of Mullenweg, suggested the name ''WordPress''.<ref>{{cite web |url=http://www.bigpinkcookie.com/2008/01/24/the-importance-of-being-matt/ |title=The Importance of Being Matt… |author=Tremoulet, Christine Selleck |publisher=Christine Selleck Tremoulet |date=24 January 2008 |accessdate=29 March 2012}}</ref>

In 2004 the licensing terms for the competing [[Movable Type]] package were changed by [[Six Apart]] and many of its most influential users migrated to WordPress.<ref>{{cite web |url=http://www.salon.com/2004/08/09/six_apart/ |title=Blogging grows up |author=Manjoo, Farhad |publisher=Salon |date=9 August 2004 |accessdate=29 March 2012}}</ref><ref>{{cite web |archiveurl=http://web.archive.org/web/20060410125402/http://diveintomark.org/archives/2004/05/14/freedom-0 |url=http://diveintomark.org/archives/2004/05/14/freedom-0 |title=Freedom 0 |author=Pilgrim, Mark |publisher=Mark Pilgrim |archivedate=10 April 2006 |date=14 May 2004 |accessdate=29 March 2012}}</ref>
By October 2009 the 2009 Open Source content management system Market Share Report reached the conclusion that WordPress enjoyed the greatest brand strength of any open-source content-management systems.<ref>
{{cite web |url=http://www.cmswire.com/downloads/cms-market-share/ |title=2009 Open Source CMS Market Share Report, page 57, by water&stone and CMSWire Oct, 2009 |publisher=CMSWire |date=2009-12-17 |accessdate=2010-06-15}}</ref>

=== Awards ===

In 2007, WordPress won a [[Packt]] Open Source CMS Award.<ref>{{cite web |url=http://www.packtpub.com/article/open-source-awards-previous-winners |title=Open Source Awards Previous Winners |accessdate=2010-10-10}}</ref>

In 2009, WordPress won the Packt best Open Source CMS Awards.<ref>{{cite web |url=http://www.packtpub.com/article/open-source-awards-previous-winners |title=Open Source Awards Previous Winners |accessdate=2010-10-10}}</ref>

In 2010, WordPress won the Hall of Fame CMS category in the 2010 Open Source Awards.<ref>{{cite web |url=https://www.packtpub.com/open-source-awards-home/2010-wordpress |title=Open Source CMS Awards |accessdate=2010-10-10}}</ref>

In 2011, WordPress won the Open Source Web App of the Year Award at The Critters.<ref>{{cite web |url=http://ubelly.com/2011/05/winning-at-the-critters/ |title=Winning at The Critters |accessdate=2011-05-27}}</ref><ref>{{cite web |url=http://wpcandy.com/reports/wordpress-wins-2011-open-source-web-app-of-the-year-at-the-critters |title=Open Source Web App of the Year Award |accessdate=2011-05-27}}</ref>

=== Removal of sponsored themes ===

On July 10, 2007, following a discussion on the WordPress ideas forum<ref>{{cite web | url=https://wordpress.org/extend/ideas/topic.php?id=553 | title=Idea: Remove Sponsored Themes from WordPress.org | work=WordPress Ideas | accessdate=2007-08-20}}</ref> and a post by Mark Ghosh in his blog Weblog Tools Collection,<ref>{{cite web |url=http://weblogtoolscollection.com/archives/2007/07/10/no-sponsored-themes-on-weblogtoolscollection/ |title=No Sponsored themes on WeblogToolsCollection | date = 2007-07-10 |accessdate=2007-07-18 | author = Mark Ghosh}}</ref> Matt Mullenweg announced that the official WordPress theme directory at http://themes.wordpress.net would no longer host themes containing sponsored links.<ref>{{cite web |url=http://photomatt.net/2007/07/10/wltc-high-ground/ |title=WLTC High Ground | date = 2007-07-10 |accessdate=2007-07-18 | author = Matt Mullenweg}}</ref><ref>{{cite web |url=https://lorelle.wordpress.com/2007/07/11/its-official-sponsored-wordpress-themes-are-out/ |title=It's Official. Sponsored WordPress Themes Are Out | date = 2007-07-11 |accessdate=2007-07-25 | author = Lorelle van Fossen | work = Lorelle on WordPress}}</ref> Although this move was criticized by designers and users of sponsored themes,<ref>{{cite web |url=http://www.headsetoptions.org/2007/04/09/the-other-point-of-view-%E2%80%93-a-designers-opinion-on-sponsored-themes/ |title=The Other Point of View - A Designers Opinion on Sponsored Themes}}</ref> it was applauded by WordPress users who consider such themes to be spam.<ref>{{cite web |url=http://weblogtoolscollection.com/archives/2007/07/10/no-sponsored-themes-on-weblogtoolscollection/ |title=No sponsor themes}}</ref> The official WordPress theme directory ceased to accept any new themes, including those without sponsored links, shortly after the announcement was made. Sponsored themes are still available elsewhere, as well as free themes with additional sponsored links added by third parties.<ref>{{cite web |url=http://weblogtoolscollection.com/archives/2007/08/04/warning-templatebrowser-dot-com/ |title=Warning: TemplatesBrowser dot com | date = 2007-08-04 |accessdate=2008-05-18 | author = Mark Ghosh | work = Weblog Tools Collection}}</ref><ref>{{cite web |url=http://weblogtoolscollection.com/archives/2007/11/09/blogsthemecom-warning/ |title=Blogstheme.com Warning | date = 2007-11-09 |accessdate=2008-05-18 | author = Mark Ghosh | work = Weblog Tools Collection}}</ref>

On July 18, 2008, a new theme directory opened on WordPress.org,<ref>{{cite web|url=https://wordpress.org/extend/themes/|title=Themes Directory|publisher=WordPress.org|accessdate=28 October 2012}}</ref> styled along the same lines as the plug-ins directory.<ref>{{cite web | url= https://wordpress.org/development/2008/07/theme-directory/ |title=Theme Directory | date = 2008-07-18 | author = Joseph Scott | work = WordPress Blog | accessdate=2007-08-20}}
</ref> Any theme that is uploaded to it will be vetted, first by an automated program and then by a human.

On December 12, 2008, over 200 themes were removed from the WordPress theme directory as they did not comply with [[GPL]] License requirements.<ref>{{cite web |url=http://www.blogherald.com/2008/12/12/200-themes-removed-from-wordpressorg-matt-explains-why |title=200 Themes Removed From WordPress.org – Matt Explains Why |publisher=Blogherald.com |date=2008-12-12 |accessdate=2010-06-15}}</ref> Today, author mentions are permitted in each theme but the official policy does not allow for sponsorships or links to sites distributing non-[[GPL]] compatible themes. Non-[[GPL]] compliant themes are now hosted on other theme directories.

=== Releases ===
Main releases of WordPress are codenamed after well-known [[jazz]] musicians, starting after version 1.0.<ref>{{cite web |url=https://wordpress.org/about/roadmap/ |title= Roadmap | work = Blog |publisher=WordPress.org |date= |accessdate=2010-06-15}}</ref>

{{Version |t |show=10101}}
{| class="wikitable"
|- valign="top"
! Version
! Code name
! Release date
! Notes
|- valign="top"
| {{Version |o |0.7}}
| none
| 27 May 2003
| Used the same file structure as its predecessor, ''b2/cafelog'', and continued the numbering from its last release, 0.6.<ref>{{cite web |url=http://cafelog.com/ |title=Cafelog |accessdate=2011-05-15}}</ref> Only 0.71-gold is available for download in the official WordPress Release Archive page.
|- valign="top"
| {{Version |o |1.2}}
| ''[[Charles Mingus|Mingus]]''
| 22 May 2004
| Added support of plugins; which same identification headers are used unchanged in WordPress releases {{as of|2011|lc=y}}.
|- valign="top"
| {{Version |o |1.5}}
|''[[Billy Strayhorn|Strayhorn]]''
| 17 February 2005
| Added a range of vital features, such as ability to manage static pages and a template/theme system. It was also equipped with a new default template (code named ''[[Stanley Kubrick|Kubrick]]'')<ref>{{cite web |url=http://binarybonsai.com/kubrick |title=Kubrick at Binary Bonsai |publisher=Binarybonsai.com |date= |accessdate=2010-06-15}}</ref> designed by Michael Heilemann.
|- valign="top"
| {{Version |o |2.0}}
| ''[[Duke Ellington|Duke]]''
| 31 December 2005
| Added rich editing, better administration tools, image uploading, faster posting, improved import system, fully overhauled the back end, and various improvements to plugin developers.<ref>{{cite web |url=https://wordpress.org/development/2005/12/wp2/ |title=WordPress: Blog: WordPress 2 |publisher=Wordpress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.1}}
| ''[[Ella Fitzgerald|Ella]]''
| 22 January 2007
| Corrected security issues, redesigned interface, enhanced editing tools (including integrated spell check and auto save), and improved content management options.<ref>{{cite web |url=https://codex.wordpress.org/Version_2.1 |title=WordPress 2.1 - codex |publisher=Codex.wordpress.org |date=2007-01-22 |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.2}}
| ''[[Stan Getz|Getz]]''
| 16 May 2007
| Added widget support for templates, updated [[Atom (standard)|Atom]] feed support, and speed optimizations.<ref>{{cite web |url=https://wordpress.org/development/2007/05/wordpress-22/ |title=WordPress: Blog: WordPress 2.2 |publisher=Wordpress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.3}}
| ''[[Dexter Gordon|Dexter]]''
| 24 September 2007
| Added native tagging support, new [[Taxonomy (general)|taxonomy]] system for categories, and easy notification of updates, fully supports Atom 1.0, with the publishing protocol, and some much needed security fixes.<ref>{{cite web |url=https://wordpress.org/development/2007/09/wordpress-23/ |title=WordPress: Blog: WordPress 2.3 |publisher=WordPress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.5}}
| ''[[Michael Brecker|Brecker]]''
| 29 March 2008
| Version 2.4 was skipped, so version 2.5 added two releases worth of new code. The administration interface was fully redesigned, and the WordPress website to match the new style.<ref>{{cite web |url=https://wordpress.org/development/2008/03/wordpress-25-brecker/ |title=WordPress: Blog: WordPress 2.5 |publisher=Wordpress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.6}}
| ''[[McCoy Tyner|Tyner]]''
| 15 July 2008
| Added new features that made WordPress a more powerful CMS: it can now [[revision control|track changes]] to every post and page and allow easy posting from anywhere on the web.<ref>{{cite web |url=https://wordpress.org/development/2008/07/wordpress-26-tyner/ |title=WordPress: Blog: WordPress 2.6 |publisher=Wordpress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.7}}
| ''[[John Coltrane|Coltrane]]''
| 11 December 2008
| Administration interface redesigned fully, added automatic upgrades and installing plugins, from within the administration interface.<ref>{{cite web |url=https://wordpress.org/development/2008/12/coltrane/ |title=WordPress: Blog: WordPress 2.7 "Coltrane" |publisher=Wordpress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.8}}
| ''[[Chet Baker|Baker]]''
| 10 June 2009
| Had improvements in speed, added automatic installing of themes from within administration interface, introduces the CodePress editor for syntax highlighting and a redesigned widget interface.<ref>{{cite web |url=https://wordpress.org/development/2009/06/wordpress-28/ |title=WordPress ' Blog " 2.8 Release Jazzes Themes and Widgets |publisher=WordPress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |2.9}}
| ''[[Carmen McRae|Carmen]]''
| 19 December 2009
| Added global undo, built-in image editor, batch plugin updating, and many less visible tweaks.<ref>{{cite web |url=https://wordpress.org/development/2009/12/wordpress-2-9/ |title=WordPress: Blog: WordPress 2.9, oh so fine |publisher=Wordpress.org |date= |accessdate=2010-06-15}}</ref>
|- valign="top"
| {{Version |o |3.0}}
| ''[[Thelonious Monk|Thelonious]]''
| 17 June 2010
| Added a new theme [[application programming interface]]s (API); the merge of WordPress and WordPress MU, creating the new multi-site functionality, a new default theme called "Twenty Ten", and many less visible tweaks.<ref>{{cite web |url=https://wordpress.org/development/2010/06/thelonious/ |title=WordPress: Blog: WordPress 3.0 "Thelonious" |publisher=Wordpress.org |date= |accessdate=2010-06-17}}</ref>
|- valign="top"
| {{Version |o |3.1}}
| ''[[Django Reinhardt|Reinhardt]]''
| 23 February 2011
| Added the Admin Bar, which is displayed on all blog pages when an admin is logged in, and Post Format, best explained as a Tumblr like micro-blogging feature. It provides easy access to many critical functions, such as comments and updates. Includes internal linking abilities, a newly streamlined writing interface, and many other changes.<ref>{{cite web |url=https://codex.wordpress.org/Version_3.1 |title=WordPress: Codex: WordPress 3.1 "Reinhardt" |publisher=Wordpress.org |date= |accessdate=2011-02-25}}</ref>
|- valign="top"
| {{Version |o |3.2}}
| ''[[George Gershwin|Gershwin]]''
| 4 July 2011
| Focused on making WordPress faster and lighter. Released only four months after version 3.1, reflecting the growing speed of development in the WordPress community.
|- valign="top"
| {{Version |o |3.3}}
| ''[[Sonny Stitt|Sonny]]''
| 12 December 2011
| Focused on making WordPress friendlier for beginners and [[tablet computer]] users.
|- valign="top"
| {{Version |o |3.4}}
| ''[[Grant Green|Green]]''
| 13 June 2012
| Focused on improvements to theme customization, [[Twitter]] integration and several minor changes.
|- valign="top"
| {{Version |c |3.5}}
| ''[[Elvin Jones|Elvin]]''
| 11 December 2012
| Support for the [[Retina Display]], color picker, new theme: Twenty Twelve, improved image workflow <ref>{{cite web|title=Wordpress: 3.5 Proposed Scope|url=https://make.wordpress.org/core/2012/07/18/3-5-proposed-scope/}}</ref>
|- valign="top"
| {{Version |p |3.6}}
|
| (due July/August 2013)<ref>"[http://wordpress.org/news/2013/07/wordpress-3-6-release-candidate/ WordPress 3.6 Release Candidate]". WordPress. Retrieved 22 July, 2013.</ref>
| New theme: Twenty Thirteen ; Admin Enhancements - Post Formats UI Update, Menus UI improvements, Revisions Update, Autosave and Post Locking
|}

== Future ==

After the release of WordPress 3.0, the development team took a release cycle off from the WordPress software to focus on expanding and improving the WordPress community.<ref>{{cite web |url=http://www.webmaster-source.com/2010/06/18/wordpress-3-0-now-available/|title=WordPress 3.0 Now Available|date=18 June 2010}}</ref><ref>{{cite web |url=http://www.thewhir.com/web-hosting-news/061810_WordPress_30_Released_Adding_Multi_User_and_Streamlined_User_Interface|title=WordPress 3.0 Released, Adding Multi-User and Streamlined User Interface}}</ref> WordPress 3.1 was subsequently released in February, 2011. With version 3.2, released on July 4, 2011, the minimum requirement PHP version and MySQL were raised as well.<ref>PHP 4 and MySQL 4 End of Life Announcement. WordPress. July 23, 2010. Retrieved October 6, 2010.[https://wordpress.org/news/2010/07/eol-for-php4-and-mysql4/]</ref>

== Vulnerabilities ==

Many security issues<ref>{{cite web |date=2007-06-21 |title=Wincent Colaiuta |url=http://wincent.com/a/about/wincent/weblog/archives/2007/06/wordpress_flaw.php}}</ref><ref>{{cite web |date=2007-06-28 |title=David Kierznowski|url=http://blogsecurity.net/wordpress/interview-280607/}}</ref> were uncovered in the software, particularly in 2007 and 2008. According to [[Secunia]], WordPress in April 2009 had 7 unpatched security advisories (out of 32 total), with a maximum rating of "Less Critical".<ref>{{cite web |date=2009-04-07 |title=Secunia Advisories for WordPress 2.x|url=http://secunia.com/advisories/product/6745/}}</ref> [[Secunia]] maintains an up-to-date list of WordPress vulnerabilities.<ref>{{cite web |url=http://secunia.com/advisories/product/6745/ |title=Secunia WordPress 2.x Vulnerability Report |publisher=Secunia.com |date= |accessdate=2010-06-15}}</ref><ref>{{cite web |url=http://secunia.com/advisories/product/33191/|title=Secunia WordPress 3.x Vulnerability Report |publisher=Secunia.com |date= |accessdate=2010-12-27}}</ref>

In January 2007, many high-profile [[search engine optimization]] (SEO) blogs, as well as many low-profile commercial blogs featuring [[AdSense]], were targeted and attacked with a WordPress exploit.<ref>{{cite web |url=http://www.threadwatch.org/node/11333 |title=WordPress Exploit Nails Big Name Seo Bloggers |publisher=Threadwatch.org |date= |accessdate=2011-12-18}}</ref> A separate vulnerability on one of the project site's [[web server]]s allowed an attacker to introduce exploitable code in the form of a [[Backdoor (computing)|back door]] to some downloads of WordPress 2.1.1. The 2.1.2 release addressed this issue; an advisory released at the time advised all users to upgrade immediately.<ref>{{cite web |url=https://wordpress.org/development/2007/03/upgrade-212/ |title=WordPress 2.1.1 dangerous, Upgrade to 2.1.2 |publisher=WordPress.org |accessdate=2007-03-04 | date = 2 March 2007}}</ref>

In May 2007, a study revealed that 98% of WordPress blogs being run were exploitable because they were running outdated and unsupported versions of the software.<ref>{{cite web |url=http://blogsecurity.net/wordpress/articles/article-230507/ |title=Survey Finds Most WordPress Blogs Vulnerable |publisher=Blog Security |date=2007-05-23 |accessdate=2010-06-15}}</ref> In part to mitigate this problem, WordPress made updating the software a much easier, "one click" automated process in version 2.7 (released in December 2008).<ref>{{cite web |url=http://codex.wordpress.org/Updating_WordPress |title=Updating Wordpress |publisher=WordPress Codex |deadurl=no |accessdate=2012-09-25}}</ref> However, the irregular release cycle means admins still have to be on their toes, and the filesystem security settings, required to enable the update process, can be an additional risk.<ref>{{cite web| url=http://www.realstorygroup.com/Blog/1663-Yet-another-WordPress-release |title=Yet another WordPress release |date=2009-08-13 |accessdate=2012-09-24}}</ref>

In a June 2007 interview, Stefan Esser, the founder of the PHP Security Response Team, spoke critically of WordPress's security track record, citing problems with the application's architecture that made it unnecessarily difficult to write code that is secure from [[SQL injection]] vulnerabilities, as well as some other problems.<ref>{{cite web |url=http://blogsecurity.net/wordpress/interview-280607/ |title=Blog Archive " Interview with Stefan Esser |publisher=BlogSecurity |date=2007-06-28 |accessdate=2010-06-15}}</ref>

In June 2013, it was found that some of the 50 most downloaded WordPress plugins were vulnerable to common Web attacks such as SQL injection and XSS. A separate inspection of the top-10 e-commerce plugins showed that 7 of them were vulnerable.<ref>http://www.crn.com/news/security/240156883/popular-wordpress-e-commerce-plugins-riddled-with-security-flaws.htm</ref>

Individual installations of WordPress can be protected with security plugins.<ref>{{cite web |url=http://www.axetue.com/2011/09/04/top-security-plugins-for-wordpress/ |title=Top Security Plugins For Wordpress |publisher=Axetue.com |date=2011-09-04 |accessdate=2012-01-09}}</ref> Users can also protect their WordPress installations by taking steps such as keeping all WordPress installation, themes, and plugins updated, using only trusted themes and plugins,<ref>{{cite web|url=http://www.pingable.org/original-free-wordpress-security-infographic-by-pingable/|title=Original Free WordPress Security Infographic by Pingable|last=Ward|first=Simon|date=9 July 2012|publisher=Pingable|accessdate=28 October 2012}}</ref> renaming the default admin account, as well as editing the site's .htaccess file to prevent many types of SQL injection attacks and block unauthorized access to sensitive files.<ref>{{cite web |url=http://www.esecurityplanet.com/open-source-security/top-5-wordpress-vulnerabilities-and-how-to-fix-them.html |title=Top 5 WordPress Vulnerabilities and How to Fix Them |date=2012-04-20 |publisher=eSecurityPlanet.com |accessdate=2012-04-20}}</ref>

== Development and support ==

=== Key developers ===

[[Matt Mullenweg]] and Mike Little were cofounders of the project. The core contributing developers include Ryan Boren, Mark Jaquith, Matt Mullenweg, Andrew Ozz, Peter Westwood and Andrew Nacin.<ref>{{cite web |url=https://wordpress.org/about/ |title=About WordPress |accessdate=2010-10-05 |publisher=wordpress.org}}</ref>

WordPress is also developed by its community, including ''WP testers'', a group of volunteers who test each release. They have early access to [[Neutral build|nightly builds]], beta versions and release candidates. Errors are documented in a special [[mailing list]], or the project's [[Trac]] tool.

Though largely developed by the community surrounding it, WordPress is closely associated with [[Automattic]], the company founded by Matt Mullenweg. On September 9, 2010, Automattic handed the WordPress trademark to the newly created WordPress Foundation, which is an umbrella organization supporting WordPress.org (including the software and archives for plugins and themes), [[bbPress]] and [[BuddyPress]].

=== WordCamp developer and user conferences ===
[[File:WordCamp 2011 Bulgaria.jpg|thumb|right|A WordCamp in [[Sofia]], [[Bulgaria]] (2011)]]

"WordCamp" is the name given to all WordPress-related gatherings, both informal [[unconference]]s and more formal conferences.<ref>{{cite web |url=http://central.wordcamp.org/ |title=WordCamp Central |publisher=Central.wordcamp.org |date=2011-12-12 |accessdate=2011-12-18}}</ref> The first such event was WordCamp 2006 in August 2006 in [[San Francisco]], which lasted one day and had over 500 attendees.<ref>{{cite web |url=http://2006.wordcamp.org/ |title=WordCamp 2006 |publisher=2006.wordcamp.org |date= |accessdate=2011-12-18}}</ref><ref>{{cite web |url=http://2011.sf.wordcamp.org/ |title=WordCamp 2011 |publisher=2011.sf.wordcamp.org |date= |accessdate=2011-12-18}}</ref> The first WordCamp outside San Francisco was held in [[Beijing]] in September 2007.<ref name="wordcamp schedule">{{cite web |url = http://central.wordcamp.org/schedule/ |title = WordCamp Central > Schedule |publisher = Central.wordcamp.org |date = |accessdate = 2011-12-18}}</ref> Since then, there have been over 150 WordCamps around the world, for an average of nearly one a week.<ref name="wordcamp schedule" /> WordCamp San Francisco, an annual event, remains the official annual conference of WordPress developers and users.<ref>[http://central.wordcamp.org/news/2011/01/24/wordcampsf-not-wordcon/ WordCamp SF Announced (not WordCon)], Jane Well, January 24, 2011</ref>

=== Support ===
As a [[free and open source]] platform, WordPress relies on peer support. Its primary support website is WordPress.org.<ref>{{cite web|url=http://wordpress.org/about/|title=About WordPress|publisher=WordPress|accessdate=28 October 2012}}</ref>

==See also==
*[[List of content management systems]]
*[[Weblog software]]
{{Portal bar|Free software|Software|IT|Internet}}

==References==
{{Reflist|2}}

==External links==
{{Commons category|WordPress}}
*{{Official website|https://wordpress.org}}

{{Application frameworks}}

{{DEFAULTSORT:WordPress}}
[[Category:2003 software]]
[[Category:Blog software]]
[[Category:Content management systems]]
[[Category:Software forks]]
[[Category:Free content management systems]]
[[Category:Free software programmed in PHP]]
[[Category:WordPress| ]]
[[Category:Website management]]

{{Link GA|id}}

Wikipedia:Sandbox

2012-05-15T13:02:07Z

111.118.248.94:

{{Sandbox heading}} 

i am going to make the best wikipedia page anyone has ever seen cuz i will copy and paste this everywhestupid isnt it this co,iter tends to mess up so this may look weird but oh well i dont care you cn if u want tots re so it is amazing this isnt my computer so i dont care if it gets ip banned so yeah and this idiot over here typed in john brown bad but i has no idea why i

oh look im back with another epic paragrpah cuz i is goody typer at this thingy and i has amazing sgnklsgnoaubiaosfnaioanofnianifiaoifnoni. btw, thats german for grammer i think im not sure though so dont quote me on that cyz u is stupid trololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololololo

Cool article

* Sweet
* Seems straightforward
hellooooooooooooooooooooooo RAM BY ROHIT

ab teri bari hai ram

Wikipedia:Sandbox

2012-05-15T12:59:41Z

111.118.248.94:

MD5

2011-12-23T12:30:06Z

111.118.248.94: /* Pseudocode */

{{Infobox cryptographic hash function
| name = MD5
| image =
| caption =

| designers = [[Ronald Rivest]]
| publish date = April 1992
| series = [[MD2 (cryptography)|MD2]], [[MD4]], MD5, [[MD6]]
| derived from =
| derived to =
| related to =
| certification =

| digest size = 128 bits
| structure = [[Merkle–Damgård construction]]
| rounds = 4 <ref>RFC 1321, section 3.4, "Step 4. Process Message in 16-Word Blocks", page 5.</ref>
| cryptanalysis = A 2009 attack by Tao Xie and Dengguo Feng breaks MD5 [[collision resistance]] in 220.96 time. This attack runs in a few seconds on a regular computer.<ref>{{Cite journal|author=Tao Xie and Dengguo Feng |date=30 May 2009 |title=How To Find Weak Input Differences For MD5 Collision Attacks |url=http://eprint.iacr.org/2009/223.pdf }}</ref>
}}
The '''MD5 Message-Digest Algorithm''' is a widely used [[cryptographic hash function]] that produces a 128-[[bit]] (16-byte) hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check [[data integrity]]. MD5 was designed by [[Ron Rivest]] in 1991 to replace an earlier hash function, [[MD4]]. An MD5 hash is typically expressed as a 32-digit [[hexadecimal]] number.

However, it has since been shown that MD5 is not [[collision resistant]];<ref>{{Cite web|url=http://merlot.usc.edu/csac-f06/papers/Wang05a.pdf|title=How to Break MD5 and Other Hash Functions|author=Xiaoyun Wang and Hongbo Yu|accessdate=2009-12-21}}</ref> as such, MD5 is not suitable for applications like [[Transport Layer Security|SSL]] [[public key certificate|certificates]] or [[digital signature]]s that rely on this property. In 1996, a flaw was found with the design of MD5, and while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as [[SHA-1]] - which has since been found also to be vulnerable. In 2004, more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable - specifically, a group of researchers described how to create a pair of files that share the same MD5 [[checksum]].<ref name="autogenerated1">Xiaoyun Wang, Dengguo ,k.,m.,m, HAVAL-128 and RIPEMD], Cryptology ePrint Archive Report 2004/199, 16 August 2004, revised 17 August 2004. Retrieved July 27, 2008.</ref><ref name="autogenerated2">J. Black, M. Cochran, T. Highland: [http://www.cs.colorado.edu/~jrblack/papers/md5e-full.pdf A Study of the MD5 Attacks: Insights and Improvements], March 3, 2006. Retrieved July 27, 2008.</ref> Further advances were made in breaking MD5 in 2005, 2006, and 2007.<ref>Marc Stevens, Arjen Lenstra, Benne de Weger: [http://www.win.tue.nl/hashclash/SoftIntCodeSign/ Vulnerability of software integrity and code signing applications to chosen-prefix collisions for MD5], Nov 30, 2007. Retrieved Jul 27, 2008.</ref> In December 2008, a group of researchers used this technique to fake SSL certificate validity.<ref name="sslHarmful">{{Cite web|url=http://www.win.tue.nl/hashclash/rogue-ca/|title=MD5 considered harmful today|last=Sotirov|first=Alexander |coauthors=Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger|date=2008-12-30|accessdate=2008-12-30}} [http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html Announced] at the 25th [[Chaos Communication Congress]].</ref><ref name="browserflaw">{{Cite web
|url=http://news.cnet.com/8301-1009_3-10129693-83.html
|title=Web browser flaw could put e-commerce security at risk
|last=Stray
|first=Jonathan
|date=2008-12-30
|accessdate=2009-02-24
|publisher=[[CNET.com]]}}</ref>, and [[US-CERT]] now says that MD5 "should be considered cryptographically broken and unsuitable for further use."<ref>{{Cite web|url=http://www.kb.cert.org/vuls/id/836068 |title=US-CERT Vulnerability Note VU#836068 |publisher=Kb.cert.org |date= |accessdate=2010-08-09}}</ref> and most U.S. government applications now require the [[SHA-2]] family of hash functions.<ref>{{Cite web|url=http://csrc.nist.gov/groups/ST/hash/policy.html |title=NIST.gov - Computer Security Division - Computer Security Resource Center |publisher=Csrc.nist.gov |date= |accessdate=2010-08-09}}</ref>

==History and cryptanalysis==
MD5 is one in a series of [[message digest]] algorithms designed by Professor [[Ronald Rivest]] of [[Massachusetts Institute of Technology|MIT]] (Rivest, 1994). When analytic work indicated that MD5's predecessor [[MD4]] was likely to be insecure, MD5 was designed in 1991 to be a secure replacement. (Weaknesses were indeed later found in MD4 by [[Hans Dobbertin]].)

In 1993, Den Boer and Bosselaers gave an early, although limited, result of finding a "[[hash collision|pseudo-collision]]" of the MD5 [[One-way compression function|compression function]]; that is, two different [[initialization vector]]s which produce an identical digest.

In 1996, Dobbertin announced a collision of the compression function of MD5 (Dobbertin, 1996). While this was not an attack on the full MD5 hash function, it was close enough for cryptographers to recommend switching to a replacement, such as [[SHA-1]] or [[RIPEMD-160]].

The size of the hash—128 bits—is small enough to contemplate a [[birthday attack]]. [[MD5CRK]] was a [[distributed computing|distributed project]] started in March 2004 with the aim of demonstrating that MD5 is practically insecure by finding a collision using a [[birthday attack]].

MD5CRK ended shortly after 17 August 2004, when [[hash collision|collisions]] for the full MD5 were announced by [[Xiaoyun Wang]], Dengguo Feng, [[Xuejia Lai]], and Hongbo Yu.<ref name="autogenerated1" /><ref name="autogenerated2" /><ref>Philip Hawkes and Michael Paddon and Gregory G. Rose: [http://eprint.iacr.org/2004/264 Musings on the Wang et al. MD5 Collision], 13 Oct
2004. Retrieved July 27, 2008.</ref> Their analytical attack was reported to take only one hour on an [[IBM p690]] cluster.

On 1 March 2005, [[Arjen Lenstra]], [[Xiaoyun Wang]], and Benne de Weger demonstrated<ref>Arjen Lenstra, Xiaoyun Wang, Benne de Weger: [http://eprint.iacr.org/2005/067 Colliding X.509 Certificates], Cryptology ePrint Archive Report 2005/067, 1 March 2005, revised 6 May 2005. Retrieved July 27, 2008.</ref> construction of two [[X.509]] certificates with different public keys and the same MD5 hash, a demonstrably practical collision. The construction included private keys for both public keys. A few days later, [[Vlastimil Klima]] described<ref>Vlastimil Klima: [http://eprint.iacr.org/2005/075 Finding MD5 Collisions – a Toy For a Notebook], Cryptology ePrint Archive Report 2005/075, 5 March 2005, revised 8 March 2005. Retrieved July 27, 2008.</ref> an improved algorithm, able to construct MD5 collisions in a few hours on a single notebook computer. On 18 March 2006, Klima published an algorithm<ref>Vlastimil Klima: [http://eprint.iacr.org/2006/105 Tunnels in Hash Functions: MD5 Collisions Within a Minute], Cryptology ePrint Archive Report 2006/105, 18 March 2006, revised 17 April 2006. Retrieved July 27, 2008.</ref> that can find a collision within one minute on a single notebook computer, using a method he calls tunneling.

In 2009, the [[United States Cyber Command]] used an MD5 hash of their mission statement as a part of their official emblem.<ref>{{cite web
|url=http://www.wired.com/dangerroom/2010/07/code-cracked-cyber-command-logos-mystery-solved/
|title=Code Cracked! Cyber Command Logo Mystery Solved
|work=[[United States Cyber Command|USCYBERCOM]]
|publisher=[[Wired News]]
|date=2010-07-08
|accessdate=2011-07-29}}</ref>

On December 24, 2010, Tao Xie and Dengguo Feng announced the first published single-block MD5 collision (two 64-byte messages with the same MD5 hash given in [[Little endian]] notation).<ref>{{cite web
|url=http://eprint.iacr.org/2010/643
|title=Construct MD5 Collisions Using Just A Single Block Of Message
|year=2010
|format=PDF
|author=Tao Xie, Dengguo Feng
|accessdate=2011-07-28}}</ref> Previous collision discoveries relied on multi-block attacks. For "security reasons", Xie and Feng did not disclose the new attack method. They have issued a challenge to the cryptographic community, offering a US$ 10,000 reward to the first finder of a different 64-byte collision before January 1, 2013.

In 2011 an informational [[Request for Comments|RFC]] was approved to update the security considerations in RFC 1321 (MD5) and RFC 2104 (HMAC-MD5).
<ref>RFC 6151, Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms</ref>

==Security==
The security of the MD5 hash function is severely compromised. A [[collision attack]] exists that can find collisions within seconds on a computer with a 2.6Ghz Pentium4 processor (complexity of 224.1).<ref>{{Cite journal|author=M.M.J. Stevens |date = June 2007|title=On Collisions for MD5 |url=http://www.win.tue.nl/hashclash/On%20Collisions%20for%20MD5%20-%20M.M.J.%20Stevens.pdf |quote=[...] we are able to find collisions for MD5 in about 224.1 compressions for recommended IHV's which takes approx. 6 seconds on a 2.6GHz Pentium 4. }}</ref> Further, there is also a [[chosen-prefix collision attack]] that can produce a collision for two chosen arbitrarily different inputs within hours, using off-the-shelf computing hardware (complexity 239).<ref>{{Cite journal|author=Marc Stevens, Arjen Lenstra, Benne de Weger |date=2009-06-16 |title=Chosen-prefix Collisions for MD5 and Applications |url=https://documents.epfl.ch/users/l/le/lenstra/public/papers/lat.pdf }}</ref>
The ability to find collisions has been greatly aided by the use of off-the-shelf [[Graphics processing unit|GPUs]]. On an NVIDIA GeForce 8400GS graphics processor, 16-18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.<ref>{{cite web
| url = http://bvernoux.free.fr/md5/index.php
| title = New GPU MD5 cracker cracks more than 200 million hashes per second..
}}</ref>

These hash and collision attacks have been demonstrated in the public in various situations, including colliding document files<ref>{{Cite web|author=Magnus Daum, Stefan Lucks |title=Hash Collisions (The Poisoned Message Attack) |work=[[Eurocrypt]] 2005 rump session |url=http://th.informatik.uni-mannheim.de/People/lucks/HashCollisions/ }}</ref><ref name=special-file-formats>{{Cite journal|author=Max Gebhardt, Georg Illies, Werner Schindler |title=A Note on the Practical Value of Single Hash Collisions for Special File Formats |url=http://csrc.nist.gov/groups/ST/hash/documents/Illies_NIST_05.pdf }}</ref> and [[digital certificate]]s.<ref name="sslHarmful" />

===Collision vulnerabilities===
{{See|Collision attack}}

In 1996, collisions were found in the compression function of MD5, and [[Hans Dobbertin]] wrote in the [[RSA Laboratories]] technical newsletter, "The presented attack does not yet threaten practical applications of MD5, but it comes rather close ... in the future MD5 should no longer be implemented...where a collision-resistant hash function is required."<ref>{{cite |url=ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf
|journal=RSA Laboratories CryptoBytes
|date=Summer 1996
|volume=2
|issue=2
|page=1
|title=The Status of MD5 After a Recent Attack
|last=Dobbertin
|first=Hans
|accessdate=2010-08-10
|format=pdf
|quote=The presented attack does not yet threaten practical applications of MD5, but it comes rather close. ....[sic] in the future MD5 should no longer be implemented...[sic] where a collision-resistant hash function is required.
}}</ref>

In 2005, researchers were able to create pairs of [[PostScript]] documents<ref>{{Cite web|url=http://www.schneier.com/blog/archives/2005/06/more_md5_collis.html |title=Schneier on Security: More MD5 Collisions |publisher=Schneier.com |date= |accessdate=2010-08-09}}</ref> and [[X.509]] certificates<ref>{{Cite web|url=http://www.win.tue.nl/~bdeweger/CollidingCertificates/ |title=Colliding X.509 Certificates |publisher=Win.tue.nl |date= |accessdate=2010-08-09}}</ref> with the same hash. Later that year, MD5's designer Ron Rivest wrote, "md5 and sha1 are both clearly broken (in terms of collision-resistance)."<ref>{{Cite web|url=http://mail.python.org/pipermail/python-dev/2005-December/058850.html |title=[Python-Dev] hashlib - faster md5/sha, adds sha256/512 support |publisher=Mail.python.org |date= |accessdate=2010-08-09}}</ref>

On 30 December 2008, a group of researchers announced at the 25th [[Chaos Communication Congress]] how they had used MD5 collisions to create an intermediate certificate authority certificate which appeared to be legitimate when checked via its MD5 hash.<ref name="sslHarmful" /> The researchers used a cluster of [[Sony Playstation 3]]s at the [[EPFL]] in Lausanne, Switzerland<ref>{{Cite web|url=http://blog.wired.com/27bstroke6/2008/12/berlin.html|title=Researchers Use PlayStation Cluster to Forge a Web Skeleton Key|date=2008-12-31|publisher=Wired|accessdate=2008-12-31}}</ref> to change a normal SSL certificate issued by [[RapidSSL]] into a working [[CA certificate]] for that issuer, which could then be used to create other certificates that would appear to be legitimate and issued by RapidSSL. [[VeriSign]], the issuers of RapidSSL certificates, said they stopped issuing new certificates using MD5 as their checksum algorithm for RapidSSL once the vulnerability was announced.<ref>{{Cite web|url=https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php|title=This morning's MD5 attack - resolved|last=Callan|first=Tim|date=2008-12-31|publisher=Verisign|accessdate=2008-12-31}}</ref> Although Verisign declined to revoke existing certificates signed using MD5, their response was considered adequate by the authors of the exploit ([[Alexander Sotirov]], Marc Stevens, [[Jacob Appelbaum]], [[Arjen Lenstra]], David Molnar, Dag Arne Osvik, and Benne de Weger).<ref name="sslHarmful" /> Bruce Schneier wrote of the attack that "[w]e already knew that MD5 is a broken hash function" and that "no one should be using MD5 anymore."<ref>[http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html Forging SSL Certificates]</ref> The SSL researchers wrote, "Our desired impact is that Certification Authorities will stop using MD5 in issuing new certificates. We also hope that use of MD5 in other applications will be reconsidered as well."<ref name="sslHarmful" />

MD5 uses the [[Merkle–Damgård construction]], so if two prefixes with the same hash can be constructed, a common suffix can be added to both to make the collision more likely to be accepted as valid data by the application using it. Furthermore, current collision-finding techniques allow to specify an arbitrary ''prefix'': an attacker can create two colliding files that both begin with the same content. All the attacker needs to generate two colliding files is a template file with a 128-byte block of data aligned on a 64-byte boundary that can be changed freely by the collision-finding algorithm.

Here's the hexcode of a sample for an MD5 collision:
d131dd02c5e6eec4693d9a0698aff95c 2fcab5'''8'''712467eab4004583eb8fb7f89
55ad340609f4b30283e4888325'''7'''1415a 085125e8f7cdc99fd91dbd'''f'''280373c5b
d8823e3156348f5bae6dacd436c919c6 dd53e2'''b'''487da03fd02396306d248cda0
e99f33420f577ee8ce54b67080'''a'''80d1e c69821bcb6a8839396f965'''2'''b6ff72a70

d131dd02c5e6eec4693d9a0698aff95c 2fcab5'''0'''712467eab4004583eb8fb7f89
55ad340609f4b30283e4888325'''f'''1415a 085125e8f7cdc99fd91dbd'''7'''280373c5b
d8823e3156348f5bae6dacd436c919c6 dd53e2'''3'''487da03fd02396306d248cda0
e99f33420f577ee8ce54b67080'''2'''80d1e c69821bcb6a8839396f965'''a'''b6ff72a70

Both produce the hash value 79054025255fb1a26e4bc422aef54eb4, though they differ in 6 of 1024 bits.<ref>{{cite web
|url=http://www.rtfm.com/movabletype/archives/2004_08.html#001055
|title=A real MD5 collision
|author=Eric Rescorla
|date=2004-08-17
|work=Educated Guesswork (blog)}}</ref>

===Preimage vulnerability===
In April 2009, a [[preimage attack]] against MD5 was published that breaks MD5's preimage resistance. This attack is only theoretical, with a computational complexity of 2123.4 for full preimage.<ref>{{Cite journal|author=Yu Sasaki, Kazumaro Aoki |date=2009-04-16 |title=Finding Preimages in Full MD5 Faster Than Exhaustive Search |url=http://www.springerlink.com/content/d7pm142n58853467/ |publisher=[[Springer Berlin Heidelberg]] }}</ref><ref>{{cite journal
|title=Construction of the Initial Structure for Preimage Attack of MD5
|publisher=[[Institute of Electrical and Electronics Engineers|IEEE]] Computer Society
|year=2009|volume=1|pages=442–445|author=Ming Mao and Shaohui Chen and Jin Xu
|url=http://doi.ieeecomputersociety.org/10.1109/CIS.2009.214
|doi=10.1109/CIS.2009.214|isbn=978-0-7695-3931-7
|journal=International Conference on Computational Intelligence and Security
}}</ref>

===Other vulnerabilities===
{{Main article|rainbow table}}

A number of projects have published MD5 [[rainbow table]]s online, that can be used to reverse many MD5 hashes into strings that collide with the original input, usually for the purposes of [[password]] cracking.

The use of MD5 in some websites' [[Uniform Resource Locator|URLs]] means that [[search engine]]s such as [[Google]] can also sometimes function as a limited tool for reverse lookup of MD5 hashes.<ref>Steven J. Murdoch: [http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/ Google as a password cracker], Light Blue Touchpaper Blog Archive, Nov 16, 2007. Retrieved July 27, 2008.</ref>

Both these techniques are rendered ineffective by the use of a sufficiently long [[Salt (cryptography)|salt]].

==Applications==
MD5 digests have been widely used in the [[software]] world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 (known as [[Md5sum]]) [[checksum]] for the files, so that a user can compare the checksum of the downloaded file to it. Unix-based operating systems include MD5 sum utilities in their distribution packages, whereas Windows users use third-party applications.

However, now that it is easy to generate MD5 collisions, it is possible for the person who created the file to create a second file with the same checksum, so this technique cannot protect against some forms of malicious tampering. Also, in some cases the checksum cannot be trusted (for example, if it was obtained over the same channel as the downloaded file), in which case MD5 can only provide error-checking functionality: it will recognize a corrupt or incomplete download, which becomes more likely when downloading larger files.

MD5 was widely used to store [[Password#Form of stored passwords|passwords]].<ref>[http://www.freebsd.org/doc/en/books/handbook/crypt.html FreeBSD Handbook, Security - DES, Blowfish, MD5, and Crypt]</ref><ref>[http://docs.sun.com/app/docs/doc/816-5174/policy.conf-4?l=en&a=view Solaris 10 policy.conf(4) man page]</ref> Sound uses of MD5 include [[Universally unique identifier#Version_3_.28MD5_hash.29|<abbr title="Universally unique identifier">UUID</abbr>]] (also known as [[Globally unique identifier|GUID]]) version 3 specified in RFC 4122, [[CRAM-MD5|<abbr title="Challenge Response Authentication Mechanism">CRAM</abbr>]] specified in RFC 2195, and the [[Internet Engineering Task Force|IETF]] <abbr title="Publicly Verifiable Nominations Committee (NomCom) Random Selection">NomCom</abbr> lottery specified in RFC 3797.

MD5 and other hash functions are also used in the field of [[electronic discovery]], in order to provide a unique identifier for each document that is exchanged during the legal discovery process. This method can be used to replace the [[Bates numbering|Bates stamp]] numbering system that has been used for decades during the exchange of paper documents.

==Algorithm==
[[Image:MD5.svg|right|thumbnail|300px|Figure 1. One MD5 operation. MD5 consists of 64 of these operations, grouped in four rounds of 16 operations. ''F'' is a nonlinear function; one function is used in each round. ''Mi'' denotes a 32-bit block of the message input, and ''Ki'' denotes a 32-bit constant, different for each operation. [[Image:lll.png|left shift]]''s'' denotes a left bit rotation by ''s'' places; ''s'' varies for each operation. [[Image:Boxplus.png|Addition]] denotes addition modulo 232.]]

MD5 processes a variable-length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks (sixteen 32-bit [[Endianness|little endian]] integers); the message is [[padding (cryptography)|padded]] so that its length is divisible by 512. The padding works as follows: first a single bit, 1, is appended to the end of the message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. The remaining bits are filled up with a 64-bit [[Endianness|little endian]] integer representing the length of the original message, in bits.

The main MD5 algorithm operates on a 128-bit state, divided into four 32-bit words, denoted ''A'', ''B'', ''C'' and ''D''. These are initialized to certain fixed constants. The main algorithm then operates on each 512-bit message block in turn, each block modifying the state. The processing of a message block consists of four similar stages, termed ''rounds''; each round is composed of 16 similar operations based on a non-linear function ''F'', [[modular addition]], and left rotation. Figure 1 illustrates one operation within a round. There are four possible functions ''F''; a different one is used in each round:
:<math>F(X,Y,Z) = (X\wedge{Y}) \vee (\neg{X} \wedge{Z})</math>
:<math>G(X,Y,Z) = (X\wedge{Z}) \vee (Y \wedge \neg{Z})</math>
:<math>H(X,Y,Z) = X \oplus Y \oplus Z</math>
:<math>I(X,Y,Z) = Y \oplus (X \vee \neg{Z})</math>

<math>\oplus, \wedge, \vee, \neg</math> denote the [[XOR]], [[Logical conjunction|AND]], [[Logical disjunction|OR]] and [[Negation|NOT]] operations respectively.

{{-}}
===Pseudocode===
The MD5 hash is calculated according to this algorithm:

//''Note: All variables are unsigned 32 bits and wrap modulo 2^32 when calculating''
'''var''' ''int''[64] r, k

//''r specifies the per-round shift amounts''
r[ 0..15] := {7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22}
r[16..31] := {5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20}
r[32..47] := {4, 11, 16, 3}
r[48..63] := {6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21}

//''Use binary integer part of the sines of integers (Radians) as constants:''
'''for''' i '''from''' 0 '''to''' 63
k[i] := floor(abs(sin(i + 1)) × (2 '''pow''' 32))
'''end for'''
//''(Or just use the following table):''
k[ 0.. 3] := { 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee }
k[ 4.. 7] := { 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501 }
k[ 8..11] := { 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be }
k[12..15] := { 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821 }
k[16..19] := { 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa }
k[20..23] := { 0xd62f105d, 0x02441453, 0xd8a1e681, 0xe7d3fbc8 }
k[24..27] := { 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed }
k[28..31] := { 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a }
k[32..35] := { 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c }
k[36..39] := { 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70 }
k[40..43] := { 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x04881d05 }
k[44..47] := { 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665 }
k[48..51] := { 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039 }
k[52..55] := { 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1 }
k[56..59] := { 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1 }
k[60..63] := { 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 }

//''Initialize variables:''
'''var''' ''int'' h0 := 0x67452301
'''var''' ''int'' h1 := 0xEFCDAB89
'''var''' ''int'' h2 := 0x98BADCFE
'''var''' ''int'' h3 := 0x10325476

//''Pre-processing:''
'''append''' "1" bit '''to''' message
'''append''' "0" bits '''until''' message length in bits ≡ 448 (mod 512)
'''append''' length '''to''' message
 /* bit (not byte) length of unpadded message '''as''' ''64-bit little-endian integer'' */

//''Process the message in successive 512-bit chunks:''
'''for each''' ''512-bit'' chunk '''of''' message
break chunk into sixteen 32-bit little-endian words w[j], 0 ≤ j ≤ 15
//''Initialize hash value for this chunk:''
'''var''' ''int'' a := h0
'''var''' ''int'' b := h1
'''var''' ''int'' c := h2
'''var''' ''int'' d := h3
//''Main loop:''
'''for''' i '''from''' 0 '''to''' 63
'''if''' 0 ≤ i ≤ 15 '''then'''
f := (b '''and''' c) '''or''' (('''not''' b) '''and''' d)
g := i
'''else if''' 16 ≤ i ≤ 31
f := (d '''and''' b) '''or''' (('''not''' d) '''and''' c)
g := (5×i + 1) '''mod''' 16
'''else if''' 32 ≤ i ≤ 47
f := b '''xor''' c '''xor''' d
g := (3×i + 5) '''mod''' 16
'''else if''' 48 ≤ i ≤ 63
f := c '''xor''' (b '''or''' ('''not''' d))
g := (7×i) '''mod''' 16
temp := d
d := c
c := b
b := b + '''leftrotate'''((a + f + k[i] + w[g]) , r[i])
a := temp
'''end for'''
//''Add this chunk's hash to result so far:''
h0 := h0 + a
h1 := h1 + b
h2 := h2 + c
h3 := h3 + d
'''end for'''

'''var''' ''char'' digest[16] := h0 '''append''' h1 '''append''' h2 '''append''' h3 //''(expressed as little-endian)''

//''leftrotate function definition''
'''leftrotate''' (x, c)
'''return''' (x << c) '''or''' (x >> (32-c));

''Note: Instead of the formulation from the original RFC 1321 shown, the following may be used for improved efficiency (useful if assembly language is being used - otherwise, the compiler will generally optimize the above code. Since each computation is dependent on another in these formulations, this is often slower than the above method where the nand/and can be parallelised):''
(0 ≤ i ≤ 15): f := d '''xor''' (b '''and''' (c '''xor''' d))
(16 ≤ i ≤ 31): f := c '''xor''' (d '''and''' (b '''xor''' c))

==MD5 hashes==
The 128-bit (16-byte) MD5 hashes (also termed ''message digests'') are typically represented as a sequence of 32 [[hexadecimal]] digits. The following demonstrates a 43-byte [[ASCII]] input and the corresponding MD5 hash:

MD5("[[The quick brown fox jumps over the lazy dog]]")
= 9e107d9d372bb6826bd81d3542a419d6

Even a small change in the message will (with overwhelming probability) result in a mostly different hash, due to the [[avalanche effect]]. For example, adding a period to the end of the sentence:

MD5("[[The quick brown fox jumps over the lazy dog]]'''.'''")
= e4d909c290d0fb1ca068ffaddf22cbd0

The hash of the zero-length string is:

MD5("")
= d41d8cd98f00b204e9800998ecf8427e

The MD5 algorithm is specified for messages consisting of any number of bits; it is not limited to multiples of eight bits ([[Octet (computing)|octets]], [[byte]]s) as shown in the examples above. Some MD5 implementations such as [[md5sum]] might be limited to octets, or they might not support ''streaming'' for messages of an initially undetermined length.

==See also==
* [[Comparison of cryptographic hash functions]]
* [[md5deep]]
* [[md5sum]]
* [[HashClash]]
* [[MD6]]

==Notes==
{{Reflist|colwidth=30em}}

==References==
* {{Cite conference
| first = Thomas A.
| last = Berson
| title = Differential Cryptanalysis Mod 232 with Applications to MD5
| booktitle = EUROCRYPT
| year = 1992
| pages = 71–80
| id = ISBN 3-540-56413-6
}}
* {{Cite book
| author = Bert den Boer; Antoon Bosselaers
| title = Collisions for the Compression Function of MD5
| booktitle = EUROCRYPT
| year = 1993
| pages = 293–304
| isbn = 3-540-57600-2
| publisher = Springer
| location = Berlin; London
}}
* Hans Dobbertin, Cryptanalysis of MD5 compress. Announcement on Internet, May 1996. {{Cite web|url=http://citeseer.ist.psu.edu/dobbertin96cryptanalysis.html |title=CiteSeerX |publisher=Citeseer.ist.psu.edu |date= |accessdate=2010-08-09}}
* {{Cite journal
| first = Hans
| last = Dobbertin
| title = The Status of MD5 After a Recent Attack
| journal = CryptoBytes
| volume = 2
| issue = 2
| year = 1996
| url = ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf
}}
* {{Cite conference
| author = Xiaoyun Wang; Hongbo Yu
| title = How to Break MD5 and Other Hash Functions
| booktitle = EUROCRYPT
| year = 2005
| url = http://www.infosec.sdu.edu.cn/uploadfile/papers/How%20to%20Break%20MD5%20and%20Other%20Hash%20Functions.pdf
| id = ISBN 3-540-25910-4
}}

==External links==

* RFC 1321 ''The MD5 Message-Digest Algorithm''
* RFC 6151 ''Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms''
* [http://www.w3.org/TR/1998/REC-DSig-label/MD5-1_0 W3C recommendation on MD5]
* [http://purl.net/xyzzy/src/md5.cmd REXX MD5 test suite] covers MD5 examples in various RFCs (incl. [[Request for Comments#Obtaining RFCs|errata]])

{{Crypto navbox|hash}}

{{DEFAULTSORT:Md5}}
[[Category:Articles with example pseudocode]]
[[Category:Checksum algorithms]]
[[Category:Broken hash functions]]

[[ar:إم دي5]]
[[bg:MD5]]
[[ca:MD5]]
[[cs:Message-Digest algorithm]]
[[da:MD5]]
[[de:Message-Digest Algorithm 5]]
[[es:MD5]]
[[eo:MD5]]
[[eu:MD5]]
[[fa:ام‌دی۵]]
[[fr:MD5]]
[[ko:MD5]]
[[hy:MD5]]
[[hr:MD5]]
[[id:MD5]]
[[it:MD5]]
[[he:MD5]]
[[lt:MD5]]
[[hu:MD5]]
[[ml:MD5]]
[[ms:MD5]]
[[nl:MD5]]
[[ja:MD5]]
[[no:MD5]]
[[pl:MD5]]
[[pt:MD5]]
[[ro:MD5]]
[[ru:MD5]]
[[sk:Message-Digest algorithm]]
[[sl:Algoritem MD5]]
[[sr:MD5]]
[[fi:MD5]]
[[sv:MD5]]
[[th:MD5]]
[[tg:MD5]]
[[tr:MD5]]
[[uk:MD5]]
[[vi:MD5]]
[[zh:MD5]]