Matt Mullenweg, the 23-year-old founding developer of the open-source blogging software WordPress, woke up in March to find that disaster had struck. “A cracker gained user-level access to one of the servers that power WordPress.org,” he later explained on his blog. “They modified two files to include code that would allow for remote PHP execution.”

WordPress makes a stand for open source morality 1

 

What was alarming was that thousands of people were downloading the code believing it to be the latest – and so the most secure – when in fact, it was making their sites vulnerable to attack. But instead of downplaying the incident, Mullenweg told the world. “It was painful to publicize, but we got a huge amount of coverage and got the word out that there was a

dangerous version of WordPress. Even though there were probably only 10,000 or 15,000 people affected, we ended up getting half a million downloads [of the update]. So everyone was updating, which was good, actually. WordPress began in January 2003 when Mullenweg began a project to create new weblog software by adapting what he was currently using, an open-source product called b2/cafelog.

Article Summary show

A question of conscience

In 2004, Mullenweg – born in Houston, Texas – left his college course to work for CNET’s tech media company in San Francisco, where he now lives. A year later, he left CNET to found his own company, Automattic, which runs hosted blogging services on WordPress.com and Akismet’s spam detection service. Basic accounts are free, with money made from premium services and advertising.

WordPress now lies behind a fair chunk of the world’s 100m-odd blogs. In September 2006, WordPress.com hosted 350,000 blogs; today, it has 1.5m and is among the top 20 busiest sites in the US. “The only other site that’s as big as this and on an open-source basis is Wikipedia, and everyone else runs proprietary code,” Mullenweg says.

Related Articles : 

The open-source aspect is important. “For me, open source is a moral thing. Software should be free; it’s our philosophy as a company, he says. There is one exception: Akismet, his spam detection service, does not reveal its code. It addresses the problem of automated posting of comments with advertising links on blogs. With Akismet, there was an interesting dilemma, Mullenweg says. Is it for the good of the world Akismet being secret and being more effective against spammers, versus it being open and less effective? It seemed more people would be helped by blocking spam.

But Mullenweg has not had an easy ride. As sites depend increasingly on Google for traffic, site owners are scrambling for higher rankings in search results. One consequence is the phenomenon of paid links. “A paid link is in the HTML of a page, so Google thinks it is an actual link or endorsement and uses it to calculate page rank. All search engines do this. Advertising is inserted dynamically through JavaScript, so it doesn’t show up in search engines, Mullenweg says.

He considers paid links deceptive – and feels strongly about it because of his own experience. A few years ago, an advertiser approached me and said, ‘I want to put these articles on your site,’ and I agreed. It was WordPress.org. That lasted about a month and became a huge controversy in the blogosphere, and I took it out the next day.

It helped me think. Before, I thought spam came in my inbox, and I never thought about the broader web that people buying these links to change the search engine results are spamming the world. That was part of the inspiration for Akismet – my Catholic guilt for making such a screw-up.

Dangerous liaisons

Link vendors have also targeted WordPress “themes” – add-ons users can download to customize their site. People would hire a bunch of people in India, crank out 10 or 20 themes, and put links in them that they would sell. Then people would download them. The theme would sometimes come with good links, sometimes with bad links, sometimes with actual malware. The theme directory at the time had just under 5,000 themes, and we ended up deleting 3,000 of those.

The purpose of paid links may not be obvious to a blogger, but Mullenweg advises caution. I think it’s dangerous. Much of the lifeblood of blogs is search engines – more than half the traffic for most blogs. If that dries up, people will realize that the $100 a month they were getting from this mortgage advertiser wasn’t worth losing half their visitors.

Problems also exist beyond paid-for speech – specifically, over free speech. As a blog platform, WordPress enables people to speak their minds. Turkey blocked the entire site on a judge’s orders, though Mullenweg expects sense to prevail. We had a bigger problem in China, and it set the moral compass for the company. About a quarter of our traffic was coming from China, and overnight it disappeared. For a young company, that’s a big deal – it was a million pages a day. We found we if we were willing to forbid certain words, track people, and give up their information if asked, we could be turned back on.

RELATED ARTICLESMORE FROM AUTHOR