WordPress has announced the first beta of version 4.0, but despite the major version number, it's an incremental upgrade. Changes to the left of the decimal point aren't as major in WordPress as they are elsewhere, but the updates in the pipeline for 4.0 and beyond reflect how WordPress has become a platform, rather than an application.
Originally just a blogging system, WordPress has grown into an entire site-publishing solution courtesy of its third-party developers. Aside from the thousands of easily interchanged themes available for WordPress, its library of plug-ins can turn it into everything from a discussion board engine to an e-commerce solution. Consequently it's now considered a viable replacement for other content-management and site-architecting solutions, from Zen Cart to Drupal.
WordPress' path to this point, however, wasn't planned. For one, new features for WordPress don't typically start as direct contributions to the core code. Instead, additions are prototyped as plug-ins, then merged into the core of the project if they pass muster with the core development team.
For an idea of how incremental those changes can be, look no further than some of the features promised for the core of the 4.0 release: previews of embedded URLs (such as from YouTube), a revamped plug-in installation user experience, and a new view format for the media library.
As conservative as those changes are, other plug-ins under development as core proposals hint at WordPress' status as as a full-blown software ecosystem, as viewed by its users -- and its creators. Among them is a plug-in that provides a JSON REST API for WordPress, currently listed at the "development" stage. Another, a front-end editor, allows changes to be made to posts while browsing the site itself, rather than logging into WordPress's back-end panel.
One constant issue with WordPress that's gone hand in hand with its explosive growth as an ecosystem has been security. Themes are implemented in WordPress as live PHP code rather than static files, and themes hiding malicious code have been spotted in the wild. Plug-ins, too, have been a source of obfuscated malicious code, as well as exploitable vulnerabilities.
WordPress has defended itself against this by providing a curated source for both themes and plug-ins, in much the same manner as the Google Play store for Android. But the majority of the work involved in securing a WordPress installation, even as WordPress evolves as its own platform, clearly still falls to the end-user.
This story, "WordPress 4.0: The app becomes a platform," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.