WordPress 2.5
by Matt
March 29, 2008
WordPress 2.5, the culmination of six months of work by the WordPress community, people just like you. The improvements in 2.5 are numerous, and almost entirely a result of your feedback: multi-file uploading, one-click plugin upgrades, built-in galleries, customizable dashboard, salted passwords and cookie encryption, media library, a WYSIWYG that doesn’t mess with your code, concurrent post editing protection, full-screen writing, and search that covers posts and pages.
For a short overview of the features with screenshots, it’d be best to visit our sneak peek announcement for RC1 [ http://wordpress.org/development/2008/03/25-sneak-peek ]. Or check out a 4-minute screencast of the new interface in action [ http://wordpress.org/development/2008/03/wordpress-25-rc2/ ]. If you just want to jump straight to the good stuff here’s where you can find 2.5 upgrade and download information [ http://wordpress.org/download/ ].
If you want to see everything I would grab a cup of coffee or a mojito, because this post is epic.
User Features
Cleaner, faster, less cluttered dashboard — we’ve worked hard to take your feedback about what’s most important in the dashboard and organize things to allow you to focus on what’s important — your blog — and get out of your way. In collaboration with Happy Cog [ http://happycog.com/ ] and the community we’ve taken the first major step forward in the WordPress interface since version 1.5.
Dashboard Widgets — the dashboard home page is now a series of widgets, including ones to show you fun stats about your posting, latest comments, people linking to you, new and popular plugins, and of course WordPress news. You can customize any of the dashboard widgets to show, for example, news from your local paper instead of WP news. Plugins can also hook in, for example the WordPress.com stats widget [ http://wordpress.org/extend/plugins/stats/ ] adds a handy double-wide stats box.
Multi-file upload with progress bar — before when you would upload a large file you’d wait forever, never knowing how far along it was. And uploading more than one photo was an exercise in patience, as you could only do one at a time. Now you can select a whole of folder images or music or videos at once and it’ll show you the progress of each upload.
Bonus: EXIF extraction — if you upload JPEG files with EXIF metadata like camera make and model, aperture, shutter speed, ISO, et al. WordPress will extract all the data into custom fields you can use in your template. If you use the EXIF title fields or similar those will be put into their equivalent fields in WP. Most modern digital cameras generate EXIF data.
Search posts and pages — search used to cover just posts, now it includes pages too, a great boon for those using WordPress as a CMS. New themes can style or sort pages differently in results.
Tag management — you can now add, rename, delete, and do whatever else you like to tags from inside WordPress, no plugins needed.
Password strength meter — when you change your password on your profile it’ll tell you how strong your password is to help you pick a good one.
Concurrent editing protection — for those of you on multi-author blogs, have you ever opened a post while someone was already editing it, and your auto-saves kept overwriting each other, irrecoverably losing hours of work? I bet that added a few words to your vocabulary. Now if you open a post that someone else is editing, WordPress magically locks it and prevents you from saving until the other person is done. You’ll see a message like below.
Few-click plugin upgrades — if the plugins you use are part of the plugin directory since 2.3 we’ve told you when they have an update available. Now we take that to the next logical step — downloading and installing the upgrade for you. This is dependent a little bit on your host setup, and it may ask you for your FTP password much like OS X or Windows will ask you for a password, but it works well on majority of hosts we were able to test, your mileage may vary, plugins in mirror may be larger than they appear.
Friendlier visual post editor — I’m not sure how to articulate this improvement except to say “it doesn’t mess with your code anymore.” We’re now using version 3.0 of TinyMCE, which means better compatibility with Safari, and we’ve paid particular attention this release to its integration and interaction with complex HTML. It also now has a “no-distractions” mode which is like Writeroom for your browser.
Built-in galleries — when you take advantage of multi-file upload to upload a bunch of photos, we have a new shortcode that lets you to easily embed galleries by just putting [ gallery] (without the space) in your post. It’ll display all your thumbnails and captions and each will link each to a page where people can comment on the individual photos. I’ve been using this feature on my blog and have already uploaded over 1,200 pictures into 23 galleries [ http://ma.tt/category/gallery/ ]. The shortcode has some hidden options too, check out this documentation [ http://codex.wordpress.org/Using_the_gallery_shortcode ].
Developer Features
Now for the geeky stuff. While we’re excited about the above features, each one represents a new opportunity or API for other developers to take to another level. (The best of which we’ll someday integrate back into WP.)
Salted passwords — we now use the phpass [ http://www.openwall.com/phpass/ ] library to stretch and salt all passwords stored in the database, which makes brute-forcing them impractical. If you use something like mod_auth_mysql [ http://modauthmysql.sourceforge.net/ ] we’ve created a plugin that will allow you to use legacy MD5 hashing [ http://wordpress.org/extend/plugins/md5-password-hashes/ ]. (The hashing is completely pluggable.) Users will automatically switch to the more secure passwords next time they log in.
Secure cookies — cookies are now encrypted based on the protocol described in this PDF paper [ http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf ]. which is something like user name|expiration time|HMAC( user name|expiration time, k) where k = HMAC(user name|expiration time, sk) and where sk is a secret key, which you can define in your config.
Easy taxonomy and URL creation — probably best illustrated with an example: I can call register_taxonomy() with a few arguments [ http://trac.wordpress.org/attachment/ticket/6357/taxes.php ] to register a “people” taxonomy and whenever I edit an image I’ll see a UI like tags has for identifying the people in a photo, and these will be URL addressable with /person/firstname-lastname/. All with a single function call.
Inline documentation — the vast majority of the new code going into WordPress include inline documentation that explains the functions and documents their arguments.
Database optimization — we haven’t changed the table layout in this release, which is one of the reasons so many plugins work fine with 2.5. We have added a few new indicies and made a few default fields more flexible based on some bottlenecks we found on WordPress.com, which now hosts 2.7 million WordPress blogs. It should be invisible to the application, just a bit faster on the database side.
$wpdb->prepare() — now almost all of the SQL in WordPress is prepared first, and the same functions are available to your plugins. This should prevent elementary SQL escaping issues.
Media buttons — the add media buttons above the post are both expandable, so you could have an “Add Google Map” button if you like, They can be overridden, so if you think you can do the video or audio tab better than we have you can replace the default.
Shortcode API — the new gallery functionality is powered by the new shortcode API. Shortcodes are little bracket-delineated strings that can be magically expanded at runtime to something more interesting. They give users a short, easy to type and copy/paste string they can move around their post without worrying about messing up complex HTML or embed codes. The Shortcode API is fully documented [ http://codex.wordpress.org/Shortcode_API ].
Now you see why 2.5 took a little extra time.
Upgrade Notes
2.5 does include security fixes so it is recommended for all users, the 2.3 branch will no longer be updated. The upgrade instructions for this version are pretty much the same as any other version [ http://codex.wordpress.org/Upgrading_WordPress ]. The most important thing to check is your plugins, so if for example everything works except the new uploader, a legacy plugin might be causing a javascript error on the page and breaking it. If something goes wrong, the safest thing to do is turn your plugins off (we have a button to do them all at once, now) and turn them back on one-by-one, testing the problem along the way. This has solved almost everybody’s problems in testing, and it also lets you know which plugin author to show some love to so they’ll update their plugin, and which plugin authors already have so you can shower them with praises on your blog.
One brief note about some of the new upload and plugin upgrade features, there are some edge-case hosting platforms, like versions of Lighttpd before 1.5 or over-agressive mod_security rules, which can break. If something isn’t working like it was looked in the screenshot, ask your host if there’s something on the server side which may be interfering. Hosts, feel free to join and post to our wp-testers mailing list [ http://lists.automattic.com/mailman/listinfo/wp-testers ] if you have an environment that requires some extra code to work around. We’d be happy to include it in the next update.
Quick tip: in 2.5 you click the name of things to edit them, like your username to edit your profile or the title of a post to edit it.
The Community is Growing
More than growing, it’s on fire. We always talk about things like downloads, and the 2.3 branch has already had 1.92 million downloads as I write this post, but this time we have some far more interesting information I’d like to share.
There were over 1,200 commits to our repository since 2.3.0 and over 90 people were credited in them. This means in our core code, not plugins, there were at least 90 individual folks that contributed something high-quality enough that it made the cut to be part of the download you guys get today. I had no idea this group of people was so large.
Outside of the core commit team [ http://wordpress.org/about/ ], there was particular help from these people, in rough order of number of credits and tickets: mdawaffe (Michael Adams) [ http://blogwaffe.com/ ], azaozz (Andrew Ozz) [ http://www.laptoptips.ca/ ], nbachiyski (Nikolay Bachiyski) [ http://nb.niichavo.org/ ], andy (Andy Skelton) [ http://skeltoac.com/ ], iammattthomas (Matt Thomas) [ http://iammattthomas.com/ ], tellyworth (Alex Shiels) [ http://thresholdstate.com/ ], josephscott (Joseph Scott) [ http://joseph.randomnetworks.com/ ], lloydbudd (Lloyd Budd) [ http://foolswisdom.com/ ], DD32 (Dion) [ http://dd32.id.au/ ], filosofo (Austin Matzko) [ http://www.ilfilosofo.com/ ], hansengel (Hans Engel) [ http://engel.uk.to/ ], pishmishy [ http://www.freecharity.org.uk/ ], ffemtcj, Viper007Bond [ http://www.viper007bond.com/ ], ionfish (Benedict Eastaugh) [ http://extralogical.net/ ], jhodgdon (Jennifer Hodgdon) [ http://www.poplarware.com/ ], Otto42 [ http://ottodestruct.com/blog/ ], thee17 (Charles E. Free-Melvin) [ http://www.cefm.ca/ ], and xknown [ http://www.buayacorp.com/ ]. Also want to thank MichaelH and Lorelle on the documentation side, and moshu, Kafkaesqui, whooami, MichaelH, Otto42, and jeremyclark13 for helping with support.
The 2.5 branch is nicknamed “Brecker” in honor of Michael Brecker [ http://en.wikipedia.org/wiki/Michael_Brecker ], an exceptionally talented saxophonist who could cross styles effortlessly and never stopped experimenting and pushing himself until he passed away last year.
New WordPress.org
All of this wasn’t enough, so in our copious spare time we decided to redesign WordPress.org to better match the aesthetics of the new dashboard and also to spruce up a few areas that needed lovin’. Some parts of the site, like the Codex, might show the old style for a day or two. We know, just give us a bit of time. Thanks to Matt Thomas [ http://iammattthomas.com/ ] for his epic effort in designing and coding the new site.
What’s Next
As always with WordPress, we don’t claim any of these features to be perfect, or to be better than everyone else in the world, but they are done by and for the people and the one thing we do promise is that with every release we listen and do our best to improve.
2.5 is a major milestone for WordPress not because it added dozens of user-requested features, but because it reaffirms that we’re as passionate about blogging as the day we started. Our community is too fierce to rest on its laurels — contrary to what pundits claim, blogging is far from “finished” and every improvement just whets our appetite for more. And more is coming.
It’s a good thing WordPress doesn’t limit the length of posts, because this one would have hit it. If you made it this far, thanks for sharing a bit of your day with us. I sincerely hope this new version of WordPress helps you do what you love to do.
Copyright 2008