Lunacy Unleashed

Notes from the field in the War on Spam

You can have any color you want, as long as it’s black

Okay, so I’ve had a chance to play with WordPress 1.6-ALPHA-2-still-dont-use out of SVN, and I’ve had a chance to play with WordPress.com. I think I have a half-baked idea of what’s going on, and I’m going to share it with you. Assuming anyone’s reading this, of course.

First of all, this new version of WordPress is bound to make blogging very nearly idiot-proof. Even an MSN Spaces user should be able to muddle their way through the streamlined, simplified administrative interface. It might still be too tough for AOL users and people trying to find a Wal-Mart job, though.

I suspect your average WordPress.com user is going to get their new blog, click Write, and start blogging, without spending much time — or any time — going through the numerous options. And that’s fine. You can add categories on the fly without even stopping to click Mangle. And with the new editor, you can even write posts without knowing a single bit of XHTML.

That covers about 95% of blogging for most people.

But the other 5% turns out to be a real sticky point.

At the moment, WordPress.com offers only a limited selection of themes to choose from, and the themes are not customizable. This gave me a real problem at first, as most of the themes have bugs or omit critical functionality. After testing out the available themes for the better part of an hour, I finally settled on this one, which doesn’t at all make me happy, or even look the way I’d like, but does have all the functionality working properly. As far as I can tell. For now. Even the prize-winning Connections theme omits the comments template on pages. In contrast, my WordPress 1.6 site lets me install any theme I want, customize the theme, and do whatever I need to do in order to have my blog look, feel and act exactly as I want it to.

Nor does WordPress.com allow the installation of plugins. In WordPress 1.6, I can install plugins to extend the functionality of WordPress itself, add new features, change the way things work, and a wide variety of different things. Indeed, my most well-known site has some 20 plugins installed. I think I’ve forgotten why.

Beyond themes and plugins, most of the core functionality of WordPress 1.6 is present in WordPress.com. A few things aren’t here right now. For instance, WordPress.com doesn’t let you set your local time zone offset, or change your permalink structure. The time zone thing is bothersome, but most people aren’t going to complain too loudly; times are (currently) displayed in UTC. And most people probably wouldn’t know that you could change the permalink structure unless you pointed it out to them.

There is one very good reason for WordPress.com to not permit users to install their own themes and plugins. That is security. Both themes and plugins can contain actual PHP code. This means that, in theory, a WordPress.com blogger could upload a theme and a plugin which lets him obtain unauthorized access to others’ blogs. Or worse.

I don’t think the security problem is insurmountable, though. After all, Web hosts let people run unknown/untrusted code all the time. For instance, my Web host uses the UNIX user security structure. By having the web server run my code under my user ID, rather than the server’s, my code can only access things that I legitimately have access to. Other users’ files are off-limits (assuming the other users haven’t explicitly granted the world access to them).

By incorporating a similar security structure into WordPress.com, it should be possible to allow users to run their own themes and plugins. And that will be the first white car in a world of black ones.

About these ads

August 24, 2005 - Posted by | WordPress, WordPress 1.6, WordPress.com

9 Comments

  1. Looking at your post above I see you mention that WordPress.com has Connections as a template, which you are right about lacking in utilizing WP’s functionality.

    Whom should I suggest to perhaps had my theme Connections Reloaded, which is basically a much bettered version of Connections.

    Comment by Ajay | September 14, 2005

  2. Don’t let Kanye West hear that last comment… ;)

    Comment by shorty114 | September 14, 2005

  3. Eh, Kanye West can bite me.

    Comment by Michael Hampton | September 15, 2005

  4. Kanye West, last comment? I’m confused

    Comment by Ajay D'Souza | September 19, 2005

  5. ok i feel like if ya\”ll ain\’t got the money like kanye west noone should be talking about him because he got more money then almost all of ya\”ll

    Comment by april | September 21, 2005

  6. This post has nothing to do with Kanye West. It has a lot to do with wordpress.com, though.

    Comment by Michael Hampton | September 21, 2005

  7. [...] Which brings me to the most important point: Designing WordPress Themes for WordPressMU. At the moment, WordPress.com offers only a limited selection of themes to choose from, and the themes are not customizable. This gave me a real problem at first, as most of the themes have bugs or omit critical functionality. After testing out the available themes for the better part of an hour, I finally settled on this one, which doesn’t at all make me happy, or even look the way I’d like, but does have all the functionality working properly. As far as I can tell. For now. Even the prize-winning Connections theme omits the comments template on pages. In contrast, my WordPress 1.6 site lets me install any theme I want, customize the theme, and do whatever I need to do in order to have my blog look, feel and act exactly as I want it to.Michael Hampton’s Lunacy Unleashed [...]

    Pingback by Lorelle on WordPress » Attention WordPress Theme Designers: Designing Themes for WordPressMU | February 21, 2006

  8. Even the prize-winning Connections theme omits the comments template on pages.

    Comment by webkatalog | June 28, 2006

  9. Racist

    Comment by Page | July 25, 2006


Sorry, the comment form is closed at this time.

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: