Some stats on the evolution of the WordPress codebase

Some stats on the evolution of the WordPress codebase

Jordi Cabot

May 13, 2015

The WordPress project advances thanks to the work of many people that every single day report bugs, contribute patches or help in many other ways . I believe it’s important that from time to time we take a step back from this day-to-day frenzy activity and take a look at how the project is evolving to make sure the data trends confirm we’re going in the right direction.

Today, I’ll be providing some metrics and charts focusing on the evolution of the WordPress codebase. The data has been calculated using Gitana , a SQL-based Git repository inspector. Valerio Cosentino, the main developer behind Gitana, has been kind enough to apply Gitana to the WordPress Git mirror on GitHub .

Keep in mind that this is just the tip of the iceberg. There are tons of interesting data that could be calculated (and not only based on the repository but also considering Trac discussions, e.g. see some of the things we can analyze for GitHub projects ). If you have a specific question/request in mind please fire it up and we’ll see what we can do. There are quite a lot of software visualization tools that could be applied to WordPress to get a different view on the project!

Time between versions

The public WordPress Roadmap says that “After the 2.1 release, we decided to adopt a regular release schedule every 3-4 months” . Well, I’d say it took some time to adjust but looking at the latest releases we’re getting good ad that.

Number of commits per version

How much work goes into each WordPress version? Quite a lot I’d say, the following chart shows that each version involves more than 1000 commits in the codebase. The number of commits per version is becoming more uniform (which makes sense given that the release cycle is also becoming more regular).

Files evolution

And what about the files included in each version? Data shows that

Number of files is showing a slight but steady growth (typical “disease” of any project)

JavaScript plays a very important role in the WordPress code (something we already discussed at large here )

Once a file gets in the codebase, it doesn’t get out. Only a very small percentage of commit actions on files are deletions, some more are insert actions and most of the time we have modifications on existing files. Note the percentages do not refer to the total number of files but to the number of actions on files. Looking at this data I do wonder if all the files are really necessary (but this is something only a, mostly, manual analysis could answer).

As a curiosity, below you’ll find the top 10 files according to the number of modifications. I guess that the most modified file is version.php should not come as a surprise. By the way there are over a 100 files that have not been modified a single time since they were added.


times the file has been modified























WordPress committers

The success of an open project largely depends on its capacity to attract an important number of contributors that decide to devote some of its time to the project. I believe a large number of such contributions should come from “external” people (as opposed to the “internal” people, i.e. lead developers and other core people with commit access rights).

The following charts shows the accumulation of commits in the WordPress codebase separating commits between the two groups of contributors (since patches from external contributor are committed by core contributors, distinction is made by detecting commits using the @props tag thanking the original submitter).

WordPress scores quite good in this “openness” metric, specially when compared with other projects . Still, there is plenty of opportunities for improvement here.

But even if WordPress is the result of the hard work of many people, there are always some people that are more deeply involved than others. So I think it’s fair to finish the post thanking the top 5 committers of the project. We show both the top 5 committers counting only commits with own contributions and the top 5 committers when counting only commits with external contributions (both are necessary, without people taking the time to review and guide external contributors the pace of WordPress would be much slower).

I find impressive that these five people are behind of more than 50% of the total project commits (even this can be considered a risk also based on the bus factor metric ).

Featured image adapted from fyrenwater .

Community , Technical Details

codebase , commit , contribution , repository

Share this post

Consumer Affairs – Edward Jones

Edward Jones offices around the country hang plaques that tout Edward Jones as winner of JD Power and Associate’s “One of the Best Companies to Work For.” I’m sure they are great to work for because they have a heck of a business model that benefits from an endless stream of investor newbies, directing them to buy investments at a premium allowing them to profit enormously. At the end of the day it’s their client that pays the overhead for their 11,500 brick and mortar branch offices across the country, the sports domes, the billboards, the TV commercials. I wish EJ was publicly traded, they would probably be a great investment ($6.28 billion in revenue in 2014), although arguably not an ethical one.

While I don’t think my Edward Jones adviser (a friend of the family actually) ever set out to intentionally do me wrong, the company is structured so that advisers are commission based salesmen. They are encouraged to promote mutual funds like American Funds which have ridiculous loading fees of 5.75% ( For every 10k you invest, you lose $575 from the get-go that won’t be growing over the next 10, 20 or 30 years) and on-going high expense ratios that skim money from your holding whether the fund is performing well or not. They will tell you that choosing “Class A Shares” with loading fees is good because these funds have no sales fees later and lower expense ratios than Class C shares, and if you are to hold funds for a long time, in the long run this is better. While this Class A vs C is true of American Funds, what they don’t tell you is that other fund families have no loading fees and lower expense ratios as American funds class A shares.. American Funds has very cozy relationship with EJ – they get a commission on the loading fees AND on the high expense ratios you pay (even with Class A shares) are partially comprised of whats called 12b-1 fees – that’s an ongoing finders fee that American Funds is kicking back to EJ for getting you into their fund! If you are savvy enough to choose your own investments and buy mutual funds not associated with EJ, they are still going to take commissions far greater than other brokerage firms.

Any stocks you buy have ridiculously high commission rates (2% taken) at both the time you Buy and Sell. That’s like buying stock on Wednesday and stock immediately dropping 2%. On top of that Edward Jones then takes 2% of all your dividend earnings when you have selected to have your dividends reinvested into the same stock or any other fund. That’s money they take as a commission for a process that is fully automated and as far as I know this commission on divined earnings is not something any other major brokerage firm does.

To add insult to injury, EJ has all these other little charges that add up, annual account charges and even a monthly fee if your checking account drops below $2000.

Now, 10 years after mediocre returns at best, having made EJ thousands of dollars of my hard earned money and all I have to show for it is a stack of their annual Birthday and Christmas cards (no i didn’t really save these). I’ve realized why savvy investors gibe EJ customers with “How are those American Funds doing :P” and calling them “Jonestown” followers. I for one can’t drink the green Kool Aid any longer!

It is extremely easy to move your IRA or other investments to another broker and you can transfer them “in-kind” which means you’re not even out of the market. After you move your funds over to another firm, you can then sell them for far less commissions and reallocate them in funds that will likely outperform American Funds. There’s a particular investment firm out there that is member owned and has the lowest fees. I won’t mention them by name in case that’s bad etiquette when reviewing another company, but if you do your research you’ll find many savvy investors recommending them.

UPDATED: Gov. Snyder responds to allegations that he ordered MDEQ to withhold lead test results | Blogs | Detroit Metro Times

Thursday, February 11, 2016

News Hits

UPDATED: Gov. Snyder responds to allegations that he ordered MDEQ to withhold lead test results


By Allie Gross

on Thu, Feb 11, 2016 at 8:56 AM

Gov. Rick Snyder’s press secretary has shared the following statement with Metro Times:

Gov. Rick Snyder never ordered a state agency to withhold information about lead testing in Flint schools, but instead quickly announced the results of water tests in 13 school buildings at a press conference in the city on Oct. 8.

The Governor’s Office unequivocally denies allegations published online by MLive on Wednesday that the Snyder ordered the Department of Environmental Quality to withhold results of testing in the schools.

Flint schools were under order not to drink the water since Sept. 25, 2015. On Friday, Oct. 2, the day after learning about elevated lead levels in in the city, Snyder responded aggressively with a an action plan that included testing the water in the schools.

As soon as the water samples were tested and the results verified, Snyder announced the results at a press conference in Flint on Oct. 8, where he also announced the state would help reconnect the city to water from Detroit.

New emails, obtained by the Flint Journal, suggest that Gov. Rick Snyder ordered the Michigan Department of Environmental Quality to keep mum about Flint lead test results as they figured out a way to best present the information to the public.

According to MLive , for at least six days MDEQ withheld important lead test results from Genesee County Health Officials — and the public. Emails obtained through the Freedom of Information Act, indicate that MDEQ later apologized to a county health official for the delay, saying the department was told by the governor not to share the results until a press conference.

The press conference in question is an October 8, 2015 gathering where Gov. Snyder announced plans for Flint to reconnect to Detroit’s water system and stop drawing water from the Flint River. It was more or less the conference where the governor conceded that yes, there were in fact very real problems with the corrosive Flint River as a water source.

The conference — which came a week after Dr. Mona Hanna Attisha presented research showing elevated lead levels in Flint youth —  is also where it was shared that three buildings within the Flint School District had tested above the federal limits for lead in the drinking water. In fact, at the conference it was revealed that one school, Freeman Elementary, tested  six times above the federal limit.

“They should have alerted the schools and they didn’t,” James Henry, Genesee County’s environmental health supervisor, who had been kept in the dark until after the press conference, told MLive Wednesday.

News that Gov. Snyder requested that this information not be shared with health officials until after the press conference came from a FOIAed email sent by Henry to a colleague. MLive reports that about a week after the news conference, MDEQ officials met with Henry and then-drinking water chief Liane Shekter Smith; two days later Henry emailed county Health Officer Mark Valacak to recap what was discussed. In this obtained email, MLive says Henry explained to Valacak that MDEQ claimed the governor had ordered them to delay the release.

The obfuscation of information was not limited to the original school test results, reports MLive.

Freeman elementary was supposed to have follow up tests the last week of October. According to FOIAed documents Henry requested the results on Nov. 3, asking MDEQ to treat his ask as a FOIA request (subject to a maximum 15-day time limit). MDEQ’s laboratory director, George Krisztian, however, rejected the request saying the Oct. 24 samples  provided an “incomplete picture of the plumbing system” and Oct. 31 results wouldn’t be ready till the next day.

An email Henry wrote to his boss three days later indicates that when Henry followed up with MDEQ, he was told that the department was going to wait until Dec. 2 — which was technically the FOIA deadline — to respond.

“MDEQ reminds me of a stubborn 2yr old child,” Henry wrote in an email the Flint Journal obtained. “Instead of doing what is right, they’ll willfully take another spanking just to be defiant.”

The results were eventually revealed on Nov. 9th — so before the FOIA deadline — however, the frustrating struggle to get the information sheds light on the often-obscured bureaucracy surrounding ‘who knew what’ in Flint.

If Henry’s name sounds familiar it’s because he was a key player in emails released last week  showing that one of Gov. Snyder’s top aides was aware of an uptick in Legionnaires Disease — and its possible tie to the Flint River — nearly a year before the public was informed.

Henry was the county health official who made the connection in an email that was eventually forwarded to Gov. Snyder’s aide Harvey Hollins.

“The increase of the illnesses closely corresponds with the timeframe of the switch to the Flint River water. The majority of the cases reside or have an association with the city,” Henry wrote in a March 10, 2015 to Flint officials and MDEQ officials. He later noted in the same email, “This situation has been explicitly explained to MDEQ and many of the city’s officials. I want to make sure in writing that there are no misunderstandings regarding this significant and urgent public health issue.”

Tags: flint , water , emails , FOIA , Snyder , Image

Google finishes 2,048-bit security upgrade for Web privacy – CNET

Google finishes 2,048-bit security upgrade for Web privacy

Prodded by “concerns about overbroad government surveillance,” Google beat an end-of-year deadline to retire Web certificates with less secure 1,024-bit encryption keys.

A 2,048-bit encryption key in binary is equivalent to a 617-digit number using decimal digits — not an easy number to guess if you don’t know it.

Wolfram Alpha

Never again are you going to get a Google Web site whose security certificate is protected with comparatively weak 1,024-bit encryption.

The Net giant has secured all its certificates with 2,048-bit RSA encryption keys or better, Google security engineer Dan Dulay said in a blog post Monday. Certificates are used to set up encrypted communications between a Web server and Web browser.

That means two things. First, traffic will be harder to decrypt since 1,024-bit keys aren’t in use at Google anymore. Second, retiring the 1,024-bit keys means the computing industry can retire the technology altogether by declaring such keys untrustworthy.

Google has been aggressively moving to stronger encryption because of U.S. government surveillance by the National Security Agency. According to documents leaked by former NSA contractor Edward Snowden, the agency gathered bulk data off Internet taps, including unencrypted data sent between company data centers on its own network, and actively worked to undermine encryption.

Google said it beat its internal end-of-year deadline for the 2,048-bit move. It’s also moved to encrypt its internal data transfer between data centers, a move that Yahoo also is making .

In other words, the Net’s technology giants are working actively to make surveillance, authorized or not, significantly harder.

Clicking on Chrome’s green lock icon in the address bar lets you see details of the encryption used for a secure connection. (Click to enlarge.)

screenshot by Stephen Shankland/CNET

“Worry in Silicon Valley/Puget Sound: furor over NSA will cost billions cuz foreign customers fear US companies can’t guarantee security,” tweeted Strobe Talbott , president of analyst firm Brookings Institution, referring to the geographic regions where tech powers such as Google, Facebook, Yahoo, Microsoft, Twitter, Apple, LinkedIn, and Amazon are located.

There’s a lot of work to be done yet, though. Google also supports a standard called “forward secrecy,” which uses different keys for different sessions so that decrypting a single message doesn’t mean previous messages can likewise be decrypted using the same key. But many other Net giants don’t support forward secrecy — though that’s changing, too .


Features Pricing FAQ Platforms About us Login

Features Pricing FAQ Platforms About us Get Started

Here’s a Simple, Low-Cost Solution To Recovering The 71% Of “Almost Buyers” Who Abandon Their Shopping Carts

Automatically brings back shopping cart abandoners Installs on your site in under 292 seconds Works with the top 5 e-commerce platforms Learn more

Cart Recovery Campaigns are Trusted by Your Favorite Websites

You lose 71% of your customers You’ve worked hard to build your business. And you’ve spent a lot of time and money to get potential customers to your e-commerce store.

When they arrive, some of them are in the mood for buying. They put products into their shopping cart, and begin the checkout process.

But if your cart abandonment rate is close to the industry standard, 71.2% of them don’t complete the checkout.

That means you’re leaving a lot of money on the table. And it’s not just the checkouts that didn’t happen. Some of these “almost buyers” would have become repeat customers… so you’re losing out on long-term business as well! Which is why it’s important to follow up on your cart abandoners… the right way.

Show me how it works

How GhostMonitor works behind the scenes to make you money

You set up GhostMonitor. It works with the top 5 e-commerce platforms, and you’ll be able to set it up in under 292 seconds. No marketing or coding skills are needed. Even your mother-in-law could do it. Perhaps.

GhostMonitor “capture” prospective buyers who abandon their cart. Using our Track & Trigger technology, GhostMonitor captures the visitor’s contact details as they’re typed on your checkout page. This allows us to send a recovery campaign to those who abandon the checkout, even if they don’t submit their details.

GhostMonitor brings them back to complete their checkout. GhostMonitor detects the moment when someone abandons their cart, and immediately sends them an email inviting them to complete their purchase… while your site is still fresh in their mind.

Start growing your online revenue Try GhostMonitor free for 30 days Try It Now – It’s Free!

We deliver proven results

We’re so certain GhostMonitor will make you more money, we’ll make you the following promise:

The first 30 days of recovered revenue GhostMonitor makes for you is on us. We won’t charge you a dime for it.

After that, we simply charge $10 each month. There are no limited emails or long-term contracts. Ever.

Try It Now – It’s free!

In 2014, retailers lost revenue of

to cart abandonment. No, it’s not a typo. That’s three-trillion-nine-hundred-fourty-seven-billion-four-hundred-fifty-seven-million-five-hundred-ninety-four-thousand-four-hundred-and-eighty-eight dollars. Approximately.

Recover My Abandoned Carts for Free

Works with the top 5 e-commerce platforms

GhostMonitor will work with every major e-commerce platforms. Right, now, we’re available on Magento, Shopify, WooCommerce, Prestashop and Opencart.

Learn More About the Supported Platforms

We’re in this together We’re on a mission to grow your customer base and increase your online revenue. Sign up now and start increasing your revenue risk-free.

Try It Now – It’s free!

Homepage Features Pricing

Platforms Blog About

Twitter Facebook