The issue in summary is that the big telecos are aiming to rate limit packet traffic across the entire wireless spectrum. That means that no matter what kind of data you send (text or media based), there could very well be a toll. Those that pay the highest access fees will see their data travel at the maximum throughput rates. Those who can’t pay as much, will in effect have their data throttled.

As I state at the beginning of a previous article on this issue:

If you design websites, run a small web-based business, make money from blogging, or are launching a startup, the level playing field of the Internet is about to get very bumpy. If you think that mobile-based services are the future and are catering to the wireless crowd, then be prepared for a game-changing shift.

There is a potentially game-changing new variable being considered that will skew the Internet’s competitive landscape. Currently, content creators pay fees to host their data, maybe even overage fees if bandwidth limits are exceeded in a given month. But once the data leaves the confines of their Web server, it travels across the Internet’s backbone infrastructure at the same rate as all other traffic.

The Google-Verizon proposal would allow an altogether new fee to be charged for wireless throughput—an access fee, a toll placed on data after it leaves your hosting firm’s building, or your company-owned server farm. This means that content providers–bloggers, ecommerce sites, social networks, you name it–will all be assessed wireless transmission fees. The higher the fee paid, the faster their data will be allowed to travel.

Why is this an issue? Because healthy competition requires a level playing field. Without net neutrality across the Internet’s entire infrastructure, users looking to join new niche social networks or who frequent boutique ecommerce sites may very well bypass those sites that appear to run very slowly on their wireless devices. They may instead move toward those sites that have a fast wireless response time.

It is not realistic to think that an unfunded startup, a new BuddyPress-based site, or a small blog-based ecommerce site would be able to afford paying the same fees as big companies. That would mean that their data would not travel as fast across the wireless infrastructure.

How many Web surfers want to waste their time waiting for what appears to be a slow server response? In fact, it may not be the server at all. Instead, it could be the speed limit placed on the data packets after they leave the Web server.

Think of it this way. When a WordPress Multisite install runs on a heavily-trafficked shared server, it can be painfully slow to use. Site owners who have configured their network this way often report that their members are complaining about how slow the site is to use, that new user registration is down as a result of the poor load times. The solution often suggested is to enable caching and upgrade to a VPN or to a dedicated server.

But guess what. That solution will not help if wireless packet traffic is rate limited. You could have the biggest server farm in the world with the fastest processors, maxed out memory, efficiently cached and compressed data, and best switches. But if you are not willing, or able, to pay the fees required to let your data travel unencumbered across the wireless infrastructure, then your users may have the same experience as if your site was on a shared host. Your users will not care why your site runs slowly. They may jump ship and spend their time on those sites that run at the speeds they have become accustomed to before net neutrality went out the window.

It is true that the total, theoretical wireless capacity is not nearly as high as that of the current wired-based infrastructure. But let’s remember that the wireless spectrum is not privately owned. It is leased from the public. There must be realistic limits placed on what private corporations can do with public assets. Allowing telecos to leverage their leases in such a way that condones economic inequality does not seem like a move in the public’s best interest.

Finally, we must remember that the wireless carriers already charge for data access. They just do it on the receiving end via subscriber fees and limits put on total bandwidth usage per month. What they want to do now is charge an additional toll to the content creators. So they’ll get paid by both parties, they’ll charge a toll on both ends of the wireless highway.

If it Costs Users, it Could Cost You

Guess to whom these costs will be passed? Why do you think that Facebook, eBay, and Amazon have all recently communicated their disapproval with Google, Verizon, and AT&T on this issue? Although these three behemoths could all afford to pay the highest access fees that the telecos may charge, they know that these costs would have to be passed back to their customers. They also realize that it sets a dangerous precedent—that of assigning data packet priority based on transmission fees paid.

If you don’t think that this issue might negatively impact your business, think again. Although this is currently a potential threat, it is a serious threat nonetheless. If the very people who create the content, consult for the content creators, and run the small ecommerce sites do not speak up, then the FCC and elected officials may not take as much interest in this issue as they should.

So, if you make your living as a blogger, by catering to the blogging community, or working for a social media design or marketing company, it’s time that you stir the pot and write your own post, contact your elected officials, or band together with some of your colleagues to shine light on this important issue. It does not matter if you are not based in the United States. This issue may affect your bottom line where ever you live.

There is new research out that indicates that teenagers are starting to look for alternatives to Facebook for their social-networking needs. Some of the stated reasons (besides fatigue) are that they’re fed up with advertising inundation and insufficient privacy controls. When it comes to Facebook’s privacy controls, many teens find them hard to use, difficult to understand, and believe that Facebook will likely change them again.

The result? As users become overwhelmed and burnt out by the one–size–fits–all social networking monoliths, they are beginning to seek out more intimate, interest-specific communities. This provides an opening to developers who wish to create narrowly-focused, niche networks. BuddyPress is a great tool that can allow you to do just that.

With BuddyPress fast approaching its version 1.3 release (around the new year), now is the perfect time for those who have been thinking about creating a targeted community to learn how BuddyPress can help achieve that goal. A well–executed BuddyPress site could offer potential members a more meaningful, productive experience than simply joining another Facebook group.

As an open source project, BuddyPress thrives as a result of its community. If you are a designer, developer, or site owner, please consider joining the community and helping to evolve BuddyPress into a strong alternative to the traditional social-networking platforms. New ideas, energy, and contributions are always welcome.

Important Message

If you’re currently running a niche social network, or thinking about creating one, you should be aware of a possible threat on the horizon. It is up to the Web’s netizens to fight for equal access and data equality.

Update

September 2, 2010: If you don’t think that BuddyPress or niche social networking is growing in popularity, see this article.

(You can download the latest version of WordPress Hook Sniffer here. Please read the readme.txt file for important usage and installation notes.)

After the bug fixes, the most noticeable improvement is that you no longer need to manually install the modified plugin.php file—the file that gives hook sniffer its abilities. The plugin now automatically installs the modified plugin.php file upon plugin activation and then reinstalls the original, stock WP version of the /wp-includes/plugin.php file upon plugin deactivation. This means that when you deactivate the plugin, you can rest assured that WP Hook Sniffer no longer has any influence over the operation of WordPress.

As there are important differences between the /wp-includes/plugin.php files of WP 2.9.2 and WP 3.0, WP Hook Sniffer now requires WordPress 3.0. Upon activation, an automatic version check is performed to make sure that WP Hook Sniffer is installed on the proper version of WordPress. If the plugin is installed on an older version of WordPress, it will not run. A warning message is displayed in the Plugins directory and in the WP Hook Sniffer Settings screen.

Also, I’ve versioned the modified plugin.php file that comes with WP Hook Sniffer. Now, when you activate the plugin, it runs a check to make sure that the proper version of the modified plugin.php file is installed in /wp-includes.

Finally, I added a CSS file to improve proper code separation–the older version simply had inline CSS definitions–and renamed all CSS selectors to make them unique to the plugin.

If WordPress Hook Sniffer has become an indispensable tool in your WP plugin development toolkit, please donate to help me keep this plugin updated and its sniffer healthy! Thank you!

Sponsorship Levels

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

I have been having a few issues with BuddyPress development over the past week. I went through all the usual techniques to isolate the issue, finally deactivating all my 3rd-party plugins. But, the issue remained. Finally, I wondered about my WordPress Hook Sniffer plugin. I realized that although it was deactivated, it might be negatively affecting the operation of WordPress if the modified plugin.php file that comes with the plugin had issues. I replaced the modified version of plugin.php with the original one that ships with my version of WordPress, and bingo, the issues went away. All I could think was crap—especially as I say this in the installation instructions:

“The modifications to WordPress’ standard Plugin API file are used exclusively for WordPress Hook Sniffer. They should not affect the functioning of the rest of WordPress.”

In fact, this statement is still technically correct. The culprit is that when I updated the modified plugin.php file for last week’s version 0.13 update to the WP Hook Sniffer, I failed to use the proper base plugin.php file. I used the one that ships with WP 2.9.2 and not WP 3.0. Even though I thought I had done a sufficient parity check between these two files, I had failed to notice a few important changes.

WordPress Core Developers please note: if you change a function you should indicate as much in the inline documentation. Please use the @version PHPDocumenter tag to indicate that the function has changed. The @since tag version indicator is not helpful if the function has changed.

What issues did I have that caused me to discover this problem? The WordPress “wp” action hook was not firing. Yep. That is a big problem, especially if you are doing development work. Interestingly enough, most of BuddyPress continued to function as expected, except for a few features that used to work but suddenly stopped working—right at the time I installed the updated version of WP Hook Sniffer. Of course, I failed to notice this for several days.

I have gone through the stock plugin.php file–with a very fine-toothed comb–and ferreted out all the changes. I am in the process of updating the modified plugin.php file that WP Hook Sniffer is required to use. I want to make sure that it is adequatley tested before releasing an updated version. Look for the updated version with a fixed plugin.php file to be available either Sunday or Monday.

With this pending update, WordPress Hook Sniffer will require WordPress 3.0. Therefore, if you want to use it in an older version of WordPress, you will have to install Version 0.12 of WP Hook Sniffer. Please note, I will only support the most recent version of WordPress Hook Sniffer.

I apologize if this has caused you to lose valuable development time. I know that I have lost several days of productive coding due to this issue. There were obviously some important changes between WP 2.9.x and WP 3.0. Even though I thought I had properly assessed potential changes within the plugin.php file, I had not. I guess I need more sleep, more caffeine, fewer late-night alien visits, or some combination of those three.

These are not the normal, run-of-the-mill plugins that extend BuddyPress by adding additional functionality for a site’s members, or allow a site administrator to selectively alter the core functionality of BuddyPress. Instead, the plugins that I’m excited about are specifically targeted to providing site administrators and developers with unique services. I call these tools to differentiate them from the general-purpose plugins.

Although there are currently only a handful of such tools available, I hope that these releases indicate a trend. The WordPress ecosystem needs more specialty tools for site administrators and plugin developers.

So, in no particular order of importance, here is a listing of the more interesting plugins that provide useful tools for the site administrator’s or developer’s toolbox.

Developer Tools

WordPress Hook Sniffer: This is a tool I recently released that helps plugin developers determine the sequence in which action and filter functions are fired. It provides a window into the inner workings of the WordPress Plugin API and can help a developer figure out why a custom action or filter hook or function is not working as intended.

Wordpress MU Demo Data Creator: Provides a utility for populating your WPMU development sandbox database with dummy data. Why waste time creating your own dummy data to test your plugins when it can be auto generated for you.

BuddyPress Skeleton Component: This is not a new developer tool. In fact, as an example BuddyPress plugin component, it is the grand progenitor of many BuddyPress plugins.

BuddyPress Template Pack: This is not a developer’s tool per say. But I think it deserves listing nonetheless. It is actually a theme designer’s tool that helps make a custom WordPress theme compatible for use as a BuddyPress theme.

Site Administrator Tools

BP System Report: This tool gathers useful network intelligence on a site’s member and group activity. It provides a site administrator with usage trends and statistics, offering important insights into the health of their community.

Import from Ning: I thought I should throw this one in as well as it is a tool that helps social network operators. It provides some utility in helping to migrate a Ning network to BuddyPress. As Ning does not offer too much help in migrating existing networks to competing platforms, this tool is not a panacea to your Ning-networking woes—but it is a great start!

Plugin Developers Need Your Support

Creating a high-quality plugin takes more time than most people realize. In fact, it can take as much time if not more than creating a top-quality theme. But plugin developers rarely receive the same financial rewards that premium theme designers do.

My limited, empirical data shows that with the number of downloads of my current three WordPress / BuddyPress plugins, that less than 0.1% (yes, that is less than one-tenth of one percent) bother to donate. If my plugins received poor reviews, that would be understandable. But, as my lowest-rated plugin received a 4.5-star review out of 5, the lack of donations obviously has nothing to do with perceived quality. Note: Although I am a listed contributor to the BuddyPress Skeleton Component, I do not include that as one of my three plugins.

Whereas the greater WordPress community appears to have no issue with spending money on what are called premium themes, there seems to be a disconnect when it comes to supporting the developers of the plugins that help make their communities successful. Yes, great themes definitely provide an important face to a community, but it’s important to remember that plugins– along with the core functionality of WordPress and BuddyPress–provide the foundation to our networks.

So please generously donate to plugin developers and help keep them coding their wonderful plugins be they general purpose or specialty in nature.

This re-released version is what I call a plugin widget as it is a BuddyPress-specific widget and must be activated like other BP plugins. Widget installation is handled this way so that if BuddyPress is not activated, then this plugin widget will not be loaded—which could cause issues with your WP site. The widget does an internal check to see if BuddyPress is activated, if so then it continues loading. If not, it stops loading and will not be visible in the widget gallery. The widget is automatically activated sitewide so your other members will not see it in their plugins section if you’re running a multisite install.

Download BuddyPress Featured Members Plugin Widget and Donate!

You can download version 1.2 of the BuddyPress Featured Members Plugin Widget from the WordPress Plugin Repository. Even more excitingly, you can help me support this plugin, encourage me to create new ones, and enable me to keep living by selecting a sponsorship level below and clicking the “Pay Now” button. Thank you!

Sponsorship Levels

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

Using the Plugin Widget

Please read the readme.txt file for installation and usage instructions. If you have any issues, please leave a comment in this post, or visit the support forum for this plugin widget.

As a developer, one of the downsides to Open Source projects like WordPress and BuddyPress is that a significant amount of foundational code is already in place. There are hundreds of functions, classes, methods, and general code that you never actually get to know. Sure, you might call them from within your code, you might know how and when to use them, but you more than likely do not understand how and why they work and what they actually do to accomplish their task.

Why? Because you were (more than likely) not part of the team that wrote the code, that figured out what each function was required to accomplish and in what ways that code would interact with other parts of the foundation.

This is exactly the situation I found myself in several weeks ago as I was trying to figure out why one of my custom do_action events in my BuddyPress Privacy Component was not working as I had expected. My investigation into this issue not only opened my eyes into the inner workings of WordPress’ Plugin API, but also helped me figure out why a few BuddyPress action events were not behaving as intended.

Understanding Hook Firing Sequence

How can you know the firing sequence of action functions or filter functions that you attach to existing WordPress and BuddyPress hooks? Why is this even important?

To answer the second question, read my article, WordPress Hooks, Barbs, and Snags. The answer to the first question is more difficult.

Since many internal WordPress and BuddyPress functions may be tying into the same action or filter hooks, there is no easy way to know the firing sequence of action functions or filter functions. Add to that the fact that 3rd-party external plugins can also tie into these same action or filter hooks and the issue becomes even more murky.

As I had a serious issue with a custom do_action event in my BuddyPress Privacy Component not working as expected, I set out to solve the first question. Although my problem appeared to be with my custom do_action event, I soon discovered that it was caused by another hook to which I had tied in to.

The result of my investigation: a new tool for WordPress and BuddyPress developers called the WordPress Hook Sniffer. What does this plugin do? It helps plugin developers determine the sequence in which action and filter functions are fired, providing a window into the inner workings of the WordPress Plugin API.

As with all of my other WordPress and BuddyPress plugins, this plugin is licensed under the GNU General Public License 3.0 (GPL).

Download WordPress Hook Sniffer and Donate!

You can download the WordPress Hook Sniffer via the WP Plugin Repository. Even more excitingly, you can help me support this plugin, encourage me to create new ones, and enable me to keep living by selecting a sponsorship level below and clicking the “Pay Now” button. Thank you!

Sponsorship Levels

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

Using the Plugin

WARNING: This plugin is to be used only in a development sandbox and not in a production environment. It is intended solely for use by plugin developers to help determine the sequence in which action and filter functions are fired. Use at your own risk. As this plugin should not be installed on an active WordPress-based site (a production site), no support for broken sites will be given. You have been warned!

As with all plugins, please read the installation instructions in the readme.txt file. You may find the FAQ in the readme.txt file useful. Also, if you have been using an older version of this plugin, the installation process is now much simpler—see this post for details.

1. Once installed and activated, you will find a new menu option in the Settings menu
   
2. Clicking on that will bring up the WordPress Hook Sniffer Settings screen. The first thing to do is look in the upper left-hand corner of the screen. See that gratuitous “Please Support My Work” section? Go ahead and select a nice, juicy amount and then click the “Pay Now” button. Your donation (in any amount) is greatly appreciated! Okay, enough begging.
   
3. Next, read the “Usage Notes” section at the end of this article for a few additional bits of important information
4. Finally, select “Enabled” in the Main Sniffer Settings section, choose what data you wish to view in the Output Options section, and then select where you would like the output to go in the Output Location section
5. It’s that easy!

Output Settings Options

Whereas getting the WordPress Hook Sniffer to work is relatively straight forward, interpreting the output is a different story. What does all of that crap stuff mean?

Here is a brief overview of each of the output options and what information it can provide. However, to truly understand how to interpret the output and how best to use it in your development work, you will need to read my article, WordPress Hooks, Barbs, and Snags article.

A. Added Functions

Selecting this option outputs the special WP Hook Sniffer array that holds, in the order in which they were encountered during code execution, all add_action calls and add_filter calls. The file and line number from which a given function was triggered is also provided.

B. Removed Functions

Selecting this option outputs the special WP Hook Sniffer array that holds, in the order in which they were encountered during code execution, all remove_action calls and remove_filter calls. The file and line number from which a given function was triggered is also provided.

C. Action and Filter Function Array

This is the grandaddy, grandmommy, grandchild, Grand Ole Opry of output data. It contains the output of the $wp_filter array, the array that holds all of the added action and filter functions and is used by the do_action and apply_filters functions call to determine function firing order—although there is a twist here. You must read my article WordPress Hooks, Barbs, and Snags article to learn what it is.

D. Action Event Firing Order

This option contains the output of the $wp_actions array. A simple, one dimensional array that holds the sequential listing of all the do_action events that need to be processed. The events within this array used in conjunction with with corresponding data in the $wp_filter array determines the firing sequence of all action functions

E. Action Event Firing Sequence

Selecting this option outputs the special WP Hook Sniffer array that holds the sequential listing of do_action events with their corresponding fired action function(s). This listing shows you exactly the sequence in which each triggered action event fires its hooked action functions.

F. Filter Event Firing Sequence

Selecting this option outputs the special WP Hook Sniffer array that holds the sequential listing of apply_filters events with their corresponding fired filter function(s). This listing shows you exactly the sequence in which each triggered filter event fires its hooked filter functions.

1. Reporting Bugs: If you find bugs or are having issues using this plugin, you can either post a comment in this article or visit the support forum for this plugin. Assistance in providing patches to this plugin is appreciated.
2. Increasing Precision: If you want to see a more precise accounting of the execution time of a given function, you have to edit your php.ini file to increase the precision displayed for floating point numbers. Search your php.ini file for the entry:

   precision = 12

   and change that to:

   ; precision = 12
precision = 16

   As you can see, I like to comment out any changes to my default php.ini settings just in case I decide to revert the changes later. This allows you to do so easily without having to remember or look up what the default setting is supposed to be.

   Save your modified php.ini file and then restart your development server and you should now see the time-executed stamp displaying 6 significant figures instead of 2. This provides a sufficient level of detail.

3. Text Output Issues: If you’re using SSL or are behind a proxy server, you may have issues when selecting to send the output to a text file. There are a few work arounds for this, but suffice it to say that since this plugin is to be used exclusively in a development sandbox environment, I will not be coding these into the plugin. If you must use this plugin with SSL or behind a proxy server, then simply select the screen output option. You can learn more about this in the PHP manual for the fopen function.
4. Screen Output: When printing to screen, it may take a several seconds for output to finish. The output will start just below your theme’s footer.

This article is my exhaustive study of what I thought was a simple little function—the do_action function. It details how WordPress action hooks really work. It is a long, detailed article. If you want to understanding the inner works of the do_action function, then it will be worth your time. Although this article only briefly mentions the apply_filters function, the lessons learned about the do_action function apply equal as well as the coding of these two functions is nearly identical.

This is not a beginners guide to WordPress action and filter hooks. To benefit from this article, you need to understand what hooks are, why you use them, and how to use them.

Hooks, Barbs, and Snags

Before we start, I need to define two terms. You may be wondering about the title of this article, “WordPress Hooks, Barbs, and Snags.” You should already know the definition of a WordPress hook. But what are barbs and snags?

These are two terms I created to classify the following:

Barbs: salient insights about the functioning of WordPress hooks that stick out and grab your attention. Understanding these barbs help you avoid snags. In this sense, a barb is a good thing.

Snags: WordPress hooks that do not execute as expected, not because the do_action or apply_filters functions are misbehaving, but rather because you do not understand how these functions actually work.

The Hook Loop or Where the Issue Gets Complex

When it comes to code, loops can be tricky constructs to properly implement. What seems like a simple, innocuous operation may actually be more complex than meets the eye. This is the case with the do loops in the do_action and apply_filters functions.

There are two key arrays that WordPress uses to determine the firing sequence of actions and filters— the $wp_actions and $wp_filter arrays. These arrays get built throughout the execution of each page load and are not fully populated until page load is complete and PHP stops execution, waiting for its next command.

The $wp_filter Array

The $wp_filter array is where all added action functions and filter functions are stored for future reference and processing by both the apply_filters function and the do_action function. This array is a very-large, multidimensional array nested to four levels. See the snapshot of the partial contents of this massive array.

Here is a snapshot of what is generated in the $wp_filter array just by navigating to the homepage in my particular setup. Your results will vary depending on which plugins you have activated, which theme you’re using, whether you’re running WordPress in single-site or multi-site mode, whether you’re running BuddyPress, whether a user is logged into your site, and of course which versions of WP / BP you currently have installed.

As you can see, there are a lot of action functions and filter functions listed, each of which result in the grabbing and storing of added actions and filters. Not all of these are necessarily triggered. It is up to the apply_filters and do_action functions to determine which of the referenced functions will be fired.

The $wp_action Array

The $wp_actions array holds all of the current actions invoked by do_action events in the files that are processed when a given page is loaded. Like the $wp_filter array, the contents of this array obviously depend on the page to which a user navigates.

Here is a snapshot of what is generated in the $wp_actions array just by navigating to the homepage in my particular setup.

But read on as knowing about these two arrays is only one aspect to fully understanding the underlying processes, in figuring out the entire puzzle.

Populating the Arrays, Firing the Hooks

Here’s another piece to this complex puzzle. We know that the array $wp_filter holds an array listing all of the currently active action functions and filter functions. But how is this array built?

It’s simple. All action and filter functions that are not enclosed within a function, a loop, or any type of conditional clause currently not triggered, are added sequentially to this array as a given file is executed after it’s loaded (via either an include, include_only, require, or require_only function call). Therefore, as soon as a file is loaded, execution passes to that file and all directly executable add_action, add_filter, remove_action, and remove_filter function calls are processed.

This means that PHP is furiously processing function calls from these four functions, resulting in data being added or removed from the $wp_filter array. When an add_action call is triggered, the parameters are sent to the add_action function in the WP plugin API. When an add_filter call is triggered, the parameters are sent to the add_filter function—and so on.

However, one additional function is called when an add_action call is processed. As soon as the add_action function gets called, it immediately passes on the responsibility to the add_filter function. This means that WordPress looks at action functions and filter functions as the same. This is another key insight and is why both action functions and filter functions are referenced within the same array— the $wp_filter array.

Once the add_filter function gets control, it adds the calling function to the growing list of actions and filters that can be triggered by a given do_action or apply_filters event. This process quickly results in the $wp_filter array growing into a massive, multidimensional array. Of course, action and filter functions can get removed from the array via calls from the remove_action and remove_filter functions.

The reality of code execution is of course more complex. The $wp_filter array is still being populated with action and filter functions when the first do_action events are triggered. This means that it is possible to have a situation where an action or filter that is hooked to a given do_action or apply_filters event will not get triggered if the file in which the hooked function is located has not been loaded before the hook is triggered.

This last point is exactly what was happening in BuddyPress when the bp_init action hook fired. This is the issue that was puzzling me and resulted in this exhaustive study and creation of my new WordPress Hook Sniffer plugin. You can read this BuddyPress Trac ticket to learn more.

A Detailed Analysis to Shed Some Light

Here is a breakdown and partial analysis of the $wp_actions array, the array that holds all of the current actions invoked by do_action events in the files that are processed when the homepage is loaded. We will use this array along with the $wp_filter array to figure out what is really going on.

The contents of this array obviously depends on the page to which a user navigates. This is just what happens when a non-logged-in user visits the homepage of the default BuddyPress theme in my WPMU setup. The only other plugin that is activated is my BuddyPress Privacy Component. For these tests, I am running WPMU 2.9.2 and BuddyPress 1.2.3.

NOTE: To fully understand what is going on, you need to make sure that you are looking at the completed arrays and not the partial arrays grabbed partway through page-load.

Let’s look at the order in which do_action events will be triggered. We will analyze what is happening in the first four elements of the $wp_actions array (index value of “0” through “3”). How is each action triggered and what are the results? This will start off as a detailed look into each hook’s actions, but will provide fewer details with each additional event as the basic processes become evident.

The First Four Triggered Action Events

[0] => muplugins_loaded

[3] => bp_setup_root_components


[0] => muplugins_loaded

When a user navigates to the homepage of a default BuddyPress install running on top of WPMU, the first action hook that is invoked is muplugins_loaded. This is directly triggered on line 547 in wp-settings.php. Any added actions that are tied to this event will next be triggered.

Looking at the $wp_filter array, you will see that there are no actions tied to this hook. This means that there is no subarray element with a key name of muplugins_loaded. In other words, you will not find any reference to that action event within the $wp_filter array. So, this action event does not result in any action functions getting fired.

NOTE: A triggered hook may or may not have actions tied to it. If no actions are tied to the hook, the do_action routine passes by that hook, checking the next invoked hook for added action functions to fire.

Before the next action event is triggered, something important happens.

Execution of the wp-settings.php file continues. On line 703 of wp-settings.php, all the active plugins are loaded—both blog specific plugins and site-wide plugins.

If you look at that line, $current_plugins can be modified by any added filters. That is what happens. On line 2348 of wpmu-functions.php, an add_filter call triggers function mu_filter_plugins_list. This filter modifies the contents of $current_plugins, adding any MU plugins that have been activated site wide. Processing is returned wp-settings.php, resulting in the main file of each activated plugin getting loaded.

There is an interesting item to notice within function mu_filter_plugins_list. On line 2345 of that function, the two arrays $active_plugins and $active_sitewide_plugins are merged and the resultant new array is sorted.

What does this mean? It means that when it comes to the issue of action and filter sequence firing, it does not matter which plugins you activate first. The order in which plugins are added to each of the serialized objects active_plugins and active_sitewide_plugins is immaterial. The sort function will alphabetically reorder the contents of the merged array.

NOTE: Each WPMU blog has it’s own listing of active plugins that are stored in a serialized object in the blog’s wp_x_options table. Look for the entry “active_plugins” within the option_name field of that table. The corresponding active plugins are in the option_value field of that record. All plugins that are to be activated site wide within WPMU are stored in a serialized object in the wp_sitemeta table. Look for the entry “active_sitewide_plugins” within the meta_key field of that table and the corresponding plugins that are to be activated site wide in the meta_value field of that record.

So, in our particular case with two site-wide plugins installed and activated (buddypress and bp-authz), the order in which they were activated is immaterial in determining which file is included (loaded) first by the conditional loop code starting on line 704 of wp-settings.php.

If you look in the wp_sitemeta table for the meta_key “active_sitewide_plugins”, you will see this:

a:2:{s:24:"buddypress/bp-loader.php";i:1270239897;s:28:"bp-authz/bp-authz-loader.php";i:1270396554;}

BuddyPress appears first because I activated it first—as is necessary. But, when the references to these two main plugin files are processed through the mu_filter_plugins_list function, they get sorted. This results in bp-authz-loader.php getting loaded before bp-loader.php.

This could be a big issue as all BP-dependent plugins rely on BuddyPress to be installed, activated, and loaded. Any BP-dependent plugin that comes alphabetically before “buddypress” will have their main file loaded before BuddyPress’ main file.

Barb 1: As a BuddyPress plugin developer, this is the first major insight, the first important barb that can prevent your code from hitting a snag with regards to action and filter execution.

Fortunately, there is an easy way to prevent this barb from snagging you and those that use your plugin. Make sure that BuddyPress is active before your plugin loads its core files.

Since that is exactly what I’ve done with my BuddyPress Privacy Component, there are no issues and execution quickly passes back to the loop and the next file in the $current_plugins array is loaded. This is the main BuddyPress file, bp-loader.php.

[1] => bp_core_loaded

Execution of bp-loader.php begins. On line 22 of bp-loader.php, the first custom BuddyPress action event is invoked:

do_action( 'bp_core_loaded' );

It is directly invoked, directly triggered. It is not enclosed within a function, a loop, or any type of conditional clause. This invoked event is what appears in the second element of the $wp_actions array.

Since there are currently no tied-in actions to this particular action event (as can be easily determined by looking at the $wp_filter array), the invocation of this action does not result in further actions being triggered.

The execution of bp-loader.php continues. Right after line 22, a series of conditional clauses include (load) all enabled BuddyPress modules—activity, blogs, forums, friends, groups, messages, xprofile.

As each of these files are included (loaded), any directly invoked (directly triggered) action events within each of them will also be invoked. Since there are no additional, directly invokable do_action calls within any of these files, execution is passed back to wp-settings.php.

[2] =>plugins_loaded

On line 735 in wp-settings.php, the do_action event for plugins_loaded is directly triggered.

do_action('plugins_loaded');

This is when things really start to accelerate. Up until this time, only a few lines of php code within BuddyPress have actually been run.

With the invocation of the plugins_loaded event, we now have our first action hook that has actions tied to it. Understanding what happens next leads us to the second major insight, the second important barb.

To understand what happens next, we need to inspect the elements within the plugins_loaded array of the $wp_filter array. I have extracted just that subarray element below:

plugins_loaded:
Array
(
[0] => Array
(

)


This array element is itself a multidimensional nested array. In fact, the first element (with an index value of “0”) has two action functions referenced.

An important point: each subarray of the $wp_filter array is a numeric array. Read that again. This means that the second level of the nested $wp_filter array contains numeric arrays.

You might be wondering how the index values for these numeric arrays are set. This is simple.

The key, the index value, of each 2nd-level array element is determined by the priority assigned to the event in the add_action and add_filter call. Thus, the priority set for a given action or filter function becomes the key of each element in a given hook’s multidimensional array. If a priority is not set for a given add_action or add_filter call, it is automatically defaulted to “10”. This means that any and all added actions or filters that do not specify a priority are automatically assigned to the proper action array element with an index value of “10”.

As an example, if the priority for a given added action is set to “16”, then that particular action function will be located in the array element for that action with an index value of “16”. Multiple action functions can be added under the same index value, creating an array of action functions associated with the same numeric key element. The order in which they appear is determined by the order in which they were executed.

Barb 2: This is the second major insight, the second important barb that can prevent your code from hitting a snag with regards to action and filter execution.

Now, the next piece of the puzzle is this. The order in which action functions are added to a given action array element is determined by the order in which they are encountered, the order in which their corresponding add_action or add_filter calls were fired. As we will see below, this is what makes determining the firing order of added actions and filters difficult.

Barb 3: This is the third major insight, the third important barb that can prevent your code from hitting a snag with regards to action and filter execution.

Barb 4: The higher the index key, the later the action or filter functions within that index-key grouping will get fired. Therefore, using the example above, if we set a priority of “16” for a given action function, it would get fired only after all the other action functions with a lower priority have been fired.

We have now reached the final piece of the puzzle!

Near the beginning of this article, the complexity of the do loops within the do_action and apply_filters functions was briefly mentioned. And it is within those loops that this story really finally gets resolved.

If you look at lines 166 (within the apply_filters function) and line 339 (within the do_action function) of the wp-includes/plugin.php file, you will find the code lines where the actual hooked functions are fired. Do you see the call_user_func_array() function call? That is a core PHP function. It is what will actually fire the next action or filter function in line, as determined by the data in the $wp_filter array.

The action of the call_user_func_array() function nested within the do loop is not as simple as it may seem. Why is this? Well, currently we are discussing the plugins_loaded action event and all of the tied into functions that get fired.

Look at the next action event to get triggered within the $wp_actions array. It is the action event bp_setup_root_components. But wait. Why is there another action event being triggered? We have not yet finished iterating through all of the added action functions to the plugins_loaded action event.

Once again, the reason is simple. Triggered action functions can themselves have action events. Inspecting the plugins_loaded subarray in the $wp_filter array, we see that the bp_setup_root_components action function is invoked by the plugins_loaded event via an added action call on line 2021 in bp-core.php. Within that action function there is an action event called bp_setup_root_components.

So, the sequential processing of all the added action functions with the plugins_loaded subarray of the $wp_filter function has come across a new action event to trigger. It now gets priority and further processing of the plugins_loaded subarray is put on hold until the bp_setup_root_components action event is finished processing its added action functions.

Barb 5: This can quickly result in a nested grouping of action events with the firing of their corresponding action functions. This is the final piece to the puzzle and the last and final barb that can prevent your code from hitting a snag with regards to action and filter execution.

As you are reading this, the juxtaposed actions of the do loop with the call_user_func_array() function more than likely seem obvious. It may seem this is not unexpected behavior or difficult to understand.

Whereas that is the case when all of the data is clearly laid out before you, the complex actions of these intertwined functions are not apparent when you are coding a plugin. There is no practical way to peek inside this action-event, action-function feedback loop.

This is were the true value of the WordPress Hook Sniffer plugin is revealed.

[3] => bp_setup_root_components

Here’s where we understand the last piece to this confusing puzzle.

Inspecting the $wp_filter array for this action event you will see that there are four action functions that are hooked to this action event: bp_activity_setup_root_component, bp_blogs_setup_root_component, bp_forums_setup_root_component, groups_setup_root_component.

These action functions are fired in that sequence. Since they do not have any action events which they trigger, control is passed back to the plugins_loaded event and the next action function in the plugins_loaded subarray is fired.

Applying the Lessons

When interpreting the results of the WoodPress Hook Sniffer plugin, you need to look at the output of the $wp_actions array and then search out the hooked actions to each of those items (if any) in the $wp_filter array. This will give you a general idea of what gets fired when. You can then experiment and see how changes to action priorities affect the firing sequence of a given added action.

You need to carefully think about the execution timing of each action or filter you add, looking at the corresponding triggering event for the hook or hooks to which it’s tied. Remember, you can hook a function to more than one hook which means that it is possible, if you are not careful, that some of them may fire whereas others may not. It’s all a matter of whether or not the reference to the action or filter function was successfully added to the $wp_filter array before the associated hook is triggered.

Looking at the Action Event Firing Sequence and the Filter Event Firing Sequence will help you precisely tune your added hooks and filters. Remember that execution my temporarily pass to another action or filter event. The output of these two WordPress Hook Sniffer arrays will show you when that happens.

Finally, there is no requirement that you place your add_action and add_filter calls right below the functions in which they are associated. Whereas doing so does facilitate code understanding, you could instead place them all at the top of the file (or the bottom) in which the associated functions are located. Remember, each add_action and add_filter function call that is directly executable is processed as soon as a file is loaded. So it does not matter where within the file those calls are located—with the possible exception of fine tuning the execution order of a particular function.

Final Notes on the $wp_filter and $wp_actions Arrays

The arrays $wp_filter and $wp_actions are repopulated from scratch each time a page is loaded. They do not contain a running accounting of all action and filter functions and all action and filter hooks. The contents of both of these arrays may vary depending on which page you navigate. The contents will depend on the files that are loaded (via include, include_only, require, require_only) when a given page you are on is displayed.

The reality is that, when visiting a given page, there will always be more hooks, action, and filter functions buried deep inside non-loaded files or within function blocks that are not directly hooked. The first is a result of the add_action, remove_action, add_filter, or remove_filter calls not getting fired until that file is loaded. At file load, any directly-executable do_action or apply_filters will be triggered as well. The second is the result of functions that have hooks that only get triggered if the file is loaded and the function is fired.

Although the WP Hook Sniffer will locate all action and filter hooks, and action and filter functions no mater the source–core files, custom themes, or 3rd-party plugins–what is captured depends on one simple rule—that the hooks and function calls are actually fired during page load.

As an example, WP Hook Sniffer cannot locate add_action calls that get fired on a different page than the currently loaded page. It can also not locate add_action calls that are buried inside a function that does not get triggered unless a special criteria is met. To sniff out those added actions, you have to navigate to that page so that those calls get fired or cause the special criteria to be met so that the function containing the buried action call is triggered.

Remember, the way that the WordPress Plugin API processes added and removed actions and filters is by storing (or deleting) a reference to them in the $wp_filter array. But that only happens for hooked functions that are actually encountered during page load. The $wp_filter array is wiped clean with each page load and rebuilt from scratch. The same holds true for the $wp_actions array and the action hooks it tracks.

Therefore, if you have action or filter functions that are supposed to be fired on a given page but you are not seeing that they’ve been fired, then that indicates that they are hooked to an action or filter event that finishes firing before the file in which the target action or filter functions are located even gets loaded. This is exactly what happened to me and caused me to write WP Hook Sniffer.

Summary of Barbs: the Key Insights

1. When it comes to the issue of action function and filter function sequence firing, it does not matter which plugins you activate first.

2. The key, the index value, of each 2nd-level array element within the $wp_filter array is determined by the priority assigned to the event in the add_action and add_filter call.

3. The order in which action functions and filter functions are added to a given action or filter subarray element in the $wp_filter array is determined by the order in which they are encountered during code execution.

4. The higher the index key, the later the action or filter functions within that index-key grouping will get fired.

5. Action hooks (events) –> trigger action functions –> which can have additional action hooks –> which can trigger additional action functions –> until control is passed back to the the originally-triggering action hook.

This is the action-event, action-function feedback loop caused by the juxtaposed actions of the do loop with the call_user_func_array() function.

During the chat, Andy Peatling (lead BP developer and Automattic employee), presented an idea about breaking up development work into component teams:

I’d like to start breaking BP down into chunks, and find people that are really interested in specific features…so for example if you really love the activity stream functionality you could focus specifically on that, and stick to patching just this area…so the long term goal is to get teams on components and have that transition into core commit teams.

This has merit. As the complexity of the BuddyPress codebase expands, it will be increasingly difficult for a one- or two-person team to do all the core lifting. BuddyPress is a complex suite of plugins. It is a social-network-creating ecosystem full of hundreds of functions and classes. Breaking the workload into project teams is a sensible approach.

More Hands to Watch

But, this notion of modularizing BuddyPress core development made me realize that a single guy–that would be me–cannot effectively continue to maintain and update the BuddyPress Privacy Component. It is impractical.

As you already may know from my very successful fundraising drive for my BuddyPress Privacy Component, keeping the BP Privacy plugin up to snuff with each new release of BP is quite challenging. In effect, I have to be an expert on all the BuddyPress components.

If there will be project teams managing the future development of the BuddyPress suite of components, that means two things: 1) there will be too much information created by too many hands on which I need to stay caught up; 2.) there’s an opportunity to streamline privacy filtering.

Enter the BuddyPress Privacy API

Privacy should be a core feature of any social network. BuddyPress is no exception to this rule. So, I’m now thinking that the best approach to privacy in BuddyPress is via a Privacy Layer that provides a basic Privacy API which any and all components can access.

I’m now investigating how practical and possible it will be to create a Privacy Layer using my current privacy codebase. If it is something that can successfully be created without a significant amount of additional work, I will switch my efforts toward creating the BP Privacy Layer.

This means, that going forward, it will be up to each BuddyPress component development team to utilize the Privacy Layer (if they choose to), to tie their component into the Privacy API, and provide privacy filtering. That way, providing privacy will become a team effort and not just one guy playing catch up, running behind Andy, jjj, and all the component-team members who are furiously evolving the BuddyPress codebase.

Do you think a BuddyPress Privacy Layer is the best way to ensure that privacy becomes a core element of each component? Do you think a BuddyPress Privacy API is a desirable feature?

In a recent post, I asked for ideas on how WordPress ecosytem developers can earn a living doing what they love to do—coding great-quality plugins for WordPress, BuddyPress, and bbPress. This post is my attempt to try the time–honored (but more than likely ineffective) request–for–donation approach for my BuddyPress Privacy Component.

Please Note: The BuddyPress Privacy Component is not yet available. The below PayPal button is for donation to support development. It is not a paywall that provides access to a download link for the Privacy Component. All of my WordPress and BuddyPress plugins to date are GPLed and are freely available on the WordPress Plugin Repository. Once the BuddyPress Privacy Component is ready, I will make it available in the same manner. Only donate if you want to provide development support.

Support Level

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

But, I’m going to go about this in a slightly different way. This approach is a serious attempt at doing things differently. I hope it does not provoke the ire of my readers.

How is my approach going to be different? Well, I’m going to be upfront and honest about the time commitment on my part to code, update, and support my BuddyPress Privacy Component. Then, I’m going to appeal to your sensibilities. If that doesn’t work, I’m then going to leverage your needs!

Please click the first link above and read that, if you have not already. Then, come back to this post and continue reading.

First a Caveat

Please be advised that the approach I’m about to detail will be controversial. This is my attempt at one possible solution to the question posed in the first link above. It is an experiment at best.

Do I think that this approach will be warmly received? No. Do I think that it will be successful? No.

But perhaps it will stir up healthy conversation and some tangible solutions.

The Ever-Changing BuddyPress Landscape

BuddyPress version 1.2 is fast approaching its public release. However, the underlying codebase has undergone major code refactoring and even significant changes in functionality. So much has changed that it will require a significant amount of time to refactor my Privacy Component codebase to function properly in the newly-overhauled BP platform.

I’m not complaining about the changes. I’m just stating a fact. I believe that BP version 1.2 will be superior to previous versions.

I’ve had discussions with a few other BuddyPress plugin developers who wonder if we’ll see similar codebase changes in future versions of the BuddyPress platform. At this stage, we have to assume that this is a real possibility. Therefore, it is only wise to plan accordingly, to assume that with each major new release, that parts of our plugins may require significant TLC. But again, when the dust settles, version 1.3 of BuddyPress will be superior to previous versions.

It’s Just Time, Right?

I currently estimate that it will take at least 30 to 40 hours of code refactoring and functional code changes to bring the current version of my BuddyPress Privacy Component up to working order for BP v1.2. Of course, not all of this time is for coding. A noticeable amount of this time is studying the changes to the BP codebase and figuring out how key object arrays, actions, and filters have changed. When version 1.3 comes out later this year, it may require a similar amount of effort. This estimate does not even take into account the incremental versions (1.2.x, 1.3.x) that could require fixes here and there. But, leaving the incremental version changes out of the equation, I estimate that this phase of the project will require between 60 and 80 hours of work in 2010.

Along with updating the plugin, support is another time sponge. I estimate that once my plugin hits the mainstream, that I could be looking at at least 5-10 hours a week for support requests during the first two weeks of a version release and then 10 hours a month until the next version is released. With two major BP privacy plugin versions assumed to be released in 2010, that equates to an estimated total of 100-140 support hours in 2010.

Finally, there is at least one big, missing piece of the privacy puzzle—group privacy filtering. Until development of BP v1.2 is frozen, I will not be able to provide an accurate estimate of how many hours it will take to code a full-featured suite of group privacy filters. But, I do know that there is talk of possible, significant changes to the groups component in version 1.3. So, once again, this is my best guesstimate. I’m assuming roughly 80 hours of coding to bring to fruition group privacy filtering.

What does this all add up to? The total estimated time required in 2010 to upgrade, maintain, augment, and support my BuddyPress Privacy Component is 240-300 hours. At my standard, weekly work schedule, that is roughly 4 weeks of my time!

This is more than likely an underestimate of the amount of time that will be required, but I’m using that figure to help me determine a realistic financial support request. Also, it does not include the hundreds of hours already invested in the current version.

An Appeal to Your Sensibilities

Now, of course I cannot possibly donate four weeks of my time on this plugin or any of my other not–yet–released BuddyPress plugins. Can you donate four weeks of your time for anything? Would you give up your vacation time (and then some) to provide free software programming and consulting services?

My goal is to recoup some of the time I’ve already put into developing this plugin, to fund the current and future upgrades and enhancements to this plugin over the course of this year, and to cover some of the support time I will inevitably be requested to provide.

Supporting Development, Developing Support

How is my donate button different than others? Well, it is not a donate button. It is a support this project button. It’s a request for action, an opportunity for you to show your support by buying into the project. If there is not sufficient support, then the project will be discontinued.

Without sufficient financial support, I cannot continue to develop this, or any other plugin. I need to have a reasonable cash flow. I have to contribute to the support of my family.

Based on my above estimates of the number of hours that I will be required to put into my BuddyPress Privacy Component in 2010, I’ve set a goal of $9,000. That adds up to an hourly rate of between $30 and $37.50. This, in itself, is a greatly reduced hourly rate from my previous consulting days. That is okay. I’ll consider the difference as my continued donation to the cause.

What Happens in 2011?

This request for financial support is only for 2010. So, you rightfully may ask, what will happen when 2011 rolls around?

By then, privacy in some form or other should be a core BuddyPress component. It will thus be maintained by the core development team—and I’d be willing to help them maintain it as well.

Of course, it’s possible (but I think unlikely), that privacy will become a core feature of BuddyPress this year. If it does, I very much doubt that it will be the fined grained, fully-featured privacy suite that I offer in my plugin. But Andy and JJJ are very clever guys. So, you never know!

What Happens if You Don’t Raise the Entire Amount?

Since PayPal allows for refunds to be sent within 60 days of receiving a payment, I plan to hold all proceeds in my PayPal account. In 58 days from the date on this post, I will assess the results. If the goal has not been met, I will decide if I’m willing (and able) to provide the entire year’s worth of work discussed above for the amount raised. If I decide to proceed, I’ll withdraw the funds from my PayPal account. If I decide not to proceed, I’ll issue a refund through PayPal.

So, on Monday, March 1, 2010, the final decision will be made.

BuddyPress Privacy and BP Version 1.2

Just to allay any fears, I have already committed to bringing my privacy component up to code to work under BuddyPress version 1.2. That will happen no matter how this little experiment turns out. The real issue is what happens from that point.

Wait, Open Source is Supposed to be Free

Most people expect software to be free these days, especially with Open Source projects. But the spirit of Open Source is not providing free (as in no cost) software. It is in providing freedoms in how you use the software. These two pages on Gnu’s website–the maintainers of the GNU GPL license which WordPress is licensed under–explain it very well:

• Selling Free Software
• The Free Software Definition

So, although it is customary in the WordPress ecosystem for plugin developers to offer their work for no cost, it is not what is intended by the GPL, it is not what Open Source is truly about.

Has the misguided assumption about free (as in cost) software become too ingrained in our community? Whereas designers who offer GPLed–premium themes seem to be accepted into the community without issue, developers who offer GPLed–premium plugins are often treated differently. There should not be a double standard. Both designers and developers should have the right to earn a living from providing great-quality free software.

My Plugins will Always Be Free

I believe in the free software movement, in the spirit of open source. I will always freely provide my plugins to the greater community. I’m truly not looking to sell my code. I am just looking for an acceptable vehicle (besides the consulting route) that provides some financial support so that I can continue offering high-quality (I hope!) plugins.

An Appeal to Your Needs

Now, I’m in no way intending to hold the BuddyPress community hostage. I’m trying to see if this idea will work.

Is privacy something that you think is important in BuddyPress? Is privacy filtering for your members’ data something that you need for your BuddyPress-based community?

If you have read this far, and have not unfriended me over at BP.org or unfollowed me on Twitter, then I am amazed! Actually, it does not surprise me. I assume that you agree that Privacy is of paramount import in BuddyPress, in any social network.

If privacy is something you value in BuddyPress, then I ask that you please help support my efforts. Tweet about this post (you can use the Tweet This! button on top), blog about my post, draw attention to my efforts in other ways, and finally, put a few dollars into the project’s coffers. I’ll then do all the heavy lifting!

Thank you!

Support Level

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

The bar chart below and at top will update as support rolls in. The question is, will it roll in at all? If not, what are my options?

I think it is not only fair and appropriate, but also necessary for plugin developers to have the opportunity to make a living, or at least part of their living, writing great code that extends the base functionality of the BuddyPress platform.

To be clear, I am not an employee of Automattic. Like the vast majority of BuddyPress developers, I do not get paid a single cent for my contributions. In fact, as a salaried employee of Automattic, Andy Peatling, the lead developer of BuddyPress, is the only one who gets paid for his time working on this Open Source project (as far as I know).

Again, I am not looking to fan the embers of previous debates. I do not have any issue with how Automattic runs the WP plugin repository or care if they never list commercial plugins. That is not my point.

All I’m asking is how can plugin developers exist on an equal footing with theme designers when it comes to the issue of earning a living? Currently, the only three options that developers have, it seems, are to advertise a donate button for each plugin, accept consulting gigs, or accept advertising on their website. But donate buttons rarely provide much support and providing consulting services to clients is not for everyone. Furthermore, for me, I do not care to turn my personal website into a billboard.

The argument that plugin developers benefit by offering their work for free is flawed. It assumes that all developers are looking for consulting work, and two that all developers who offer their work for free will receive consulting work. Whereas it is certainly the case that some plugin developers have built a nice consulting business as a result of their donated work in the WordPress community, that does not mean that this route is for everyone.

What if a developer just wishes to code great-quality plugins like a theme designer designs high-quality themes? What if he or she does not want to provide any other service? How should this developer be compensated for their time?

But, since you asked, I do have a donate-like button for my BuddyPress Privacy Component. You can read more about my version of “donate” here.

I would like to hear some ideas on this topic as I have contributed much time to the BuddyPress community but have not earned a single penny. I am not looking to provide programming services or start a consulting company. I have a significant project that I’m working on so I don’t have time for much else.

Since I am not yet making an money on my project, I need a vehicle to earn some semblance of a respectable cash flow. Just as some theme designers earn a decent income from their premium themes, I would like to think that my income vehicle could be BuddyPress component development.

So, ideas and civil discussion, please!

After learning the rudimentary workings of OAuth, it quickly became clear that it did not offer a mechanism for internal access control, nor was it even intended to be used as an authorization protocol. I’ll discuss this last statement in more detail later.

So, to educate my fellow social media gurus, I decided it would be helpful to jot down what I learned and determined about OAuth, its intended use in any social media application like BuddyPress, and how privacy control needs to be implemented within BuddyPress.

What is OAuth?

From the OAuth Core 1.0 Specifications:

The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.

Therefore, OAuth is a set of rules and procedures that facilitate the exchange of data between websites without the requesting website requiring the user to provide his or her sensitive authentication credentials. This enables a greater level of security for all users.

Imagine if you had to provide your Twitter credentials (username and password) when installing the Twitter Facebook Application in your Facebook profile. Fortunately, Twitter now uses the OAuth protocol so your password does not need to be provided to and stored by Facebook. Instead, a token with defined rights is created and used by the Twitter Facebook Application to gain access to your Twitter data.

How Privacy Needs to be Implemented in BuddyPress

Whereas OAuth can provide access control to a user’s private data, or any URL with a need for access restrictions, it does so only between sites. OAuth is not a protocol used for internal access control; it is not an internal authorization protocol.

(Visit this post to learn more about Authentication Versus Authorization)

Again, from the OAuth Core 1.0 specification:

It is important to understand that security and privacy are not guaranteed by the protocol. In fact, OAuth by itself provides no privacy at all and depends on other protocols to accomplish that.

Therefore, BuddyPress requires its own internal privacy protocol. Enter, BPAz, my BuddyPress Privacy Component

BPAz is a necessary protocol for providing privacy to all BuddyPress users’ personal data. Once a given user’s data is sufficiently controlled by their BPAz access control list (ACL), they can feel more confident in exposing any data they wish to share across the Web.

BPAz is internal to a given BuddyPress install. It provides the mechanism whereby a give authenticated user can establish access rights—via an ACL—to their internal objects. The focus is on allowing users to have fine-grained control over their personal data. OAuth, on the other hand, is a protocol that facilitates the cross-site sharing of user content.

With BPAz, users can compartmentalize their data, to decide which pieces can be shared and with whom. OAuth can then generate tokens based on a given user’s ACL that allow clearly defined access rights to users in outside networks. Without the privacy filtering of BPAz, OAuth tokens would be very broad in scope, potentially allowing access to all of a user’s data with a single token.

Now, it is not as simple as installing my Privacy Component and suddenly your BuddyPress site is ready to safely communicate your users’ data to the outside world via OAuth. WPMU and BuddyPress first need to properly communicate with OAuth. This is on the roadmap for a future version. Once that happens, I will take a look at the code and figure out what, if any, I need to alter in my Privacy Component to properly communicate with OAuth.

So, the take home message is this. Authentication within BuddyPress is currently handled by a few internal core WPMU scripts. Authorization, however, is not yet a core feature of BuddyPress. My Privacy Component is an important first step in molding BuddyPress into a platform that can safely and effectively interact with other social media sites.

Apparently I’ve made 1317 posts on the #buddypress forums. This puts me ahead of @apeatling on 1053, @johnjamesjacoby on 1257. @jeffsayre wins with 1454!
1:08 PM Dec 13th by Tweetie

it made me remember a post on Andy Peatling’s blog from several months ago about giving back to the Open Source projects from which we personally benefit.

Andy’s take was that commercial users of Open Source projects should strive to contribute back at least 1% of their time to the project. You can read Andy’s take on this issue here.

I agree with Andy. Further, I think it should apply to all users—not just those of us (like myself) who are building or plan to build commercial SaaS solutions based on Open Source projects.

BuddyPress is not the only Open Source project from which I and many others derive benefits. BuddyPress requires WordPress Mu and further benefits from bbPress. These three Open Source projects, managed by the corporation Automattic, also depend on other Open Source projects—PHP, MySQL, Javascript, JQuery, and probably a few others.

Also, we all depend on some sort of server operating system and Web server software, more than likely both Open Source in nature. Finally, you might even throw in the Open Source licensing schemes that the aforementioned Open Source projects are licensed under.

But, this post is about BuddyPress. Paul’s tweet made me wonder how much time I’ve given back to the BuddyPress project, the Open Source project with which I am most associated. So, I did a few calculations:

Time spent answering forum questions:
1454 posts x avg. of 7 minutes per post = 170 hours

(N.B. Some posts require twenty or so seconds, but many others I’ve spent 20+ minutes carefully answering. So, I’ve settled on an acceptable average of 7 minutes per post.)

Time spent on forum (reading, moderating, but not answering):
80 hours

(a guesstimate)

Time spent answering private BuddyPress PMs and emails:
40 hours

(a fair guesstimate, but I’ve probably spent a little more)

Time spent on IRC:
70 hours

(These are active, participating hours, not passive hours. That equals about 2 hours a week)

Time spent developing (my Privacy Component, Trac patches, and a few not yet released plugins):
373 hours

(based on my calendar entries)

Total volunteer hours contributed to the BuddyPress project to date:
733 hour

Now, the average number of hours a person works each week in the United States in 40 hours. That adds up to 2,080 total work hours per year. I’ll use this figure for one measure of my contribution. Of course, 80 of those hours are often granted to employees as vacation time (if you’re lucky).

But, is there really a normal work week? I’ve never had a job where I’ve worked fewer than 50 hours per week on average. Currently, and for the past decade or more, I’ve worked at least 10 to 12 hours per day, 6 days a week. Often, it is more like 14 to 16 hours each day. Now, if I’m fortunate, and wise, I might actually take 2 weeks off in a year.

So, to be conservative, let’s assume I work an average of 12 hours per day, 6 days per week, and 50 weeks a year. That adds up to 3,600 total work hours per year. Yikes!

Now granted, since I am one of a handful of active BuddyPress forum moderators, the amount of time I volunteer might be a little higher than most. But, these calculations cover just 8 months of my involvement in the BuddyPress project to date. They also do not count the many non-paid hours I’ve spent via iChat, Skype, or on the phone discussing BP with others. So, I’m guessing my actual, yearly total is higher.

The Results

What percentage of my working year do I volunteer to the BuddyPress project? The results are in:

Using an average American work year:

733 hours / 2080 hours per year = 35.2%

Using my work year:

733 hours / 3,600 hours per year = 20.4%

Boy, I need to go make some money or at least go on a vacation. But, at least I’ve banked a few volunteer hours using the 1% gauge!

There surely are a number of other BuddyPress developers who kindly give of their time to this extent as well. What percentage of your working year have you volunteered to the BuddyPress project this year?

The term “auth” is often used interchangeably for authentication or authorization. But there is significant differences in meaning between these two terms. So as not to confuse people, new terminology has been created to clearly differentiate between one or the other.

Because of this confusion, the process of authentication is now often referred to as A1, or AuthN, or simply Au. The process of authorization is now often referred to as A2, or AuthZ, or simply Az. Since authentication must come before authorization, the A1–A2 ordinality of the terms is evident. This also explains the alternate names of my component—BPAz and BP–Authz.

In brief, the following logic describes BPAz:

1. Authentication is different than authorization. The former must come before the latter.
2. Users are the focus of social networks. They should have primacy when considering platform functionality. They are the super objects that create all content and therefore should have control over that content.
3. Therefore, each object is created and owned by a user
4. Only authenticated objects should have control over authorizations
5. Users are the only object that get authenticated
6. Users are the only object that can set and manage authorizations

This component is the first public Beta release. Please read the future.txt file that comes with the download package to learn about upcoming features and release dates. Instructions for installing and using the component can be found in the readme.txt file.

Click to see settings screen

NOTE: Comments are now disabled for this post. Thanks to everyone who has tested and provided feedback.

The newest version of my plugin is not yet ready for WPMU 2.9.x or the newly-released BP 1.2. I will be releasing an updated version in the near future (2-6 weeks). Since there have been too many people attempting to use the current version of my plugin under WPMU 2.9.x and now even BP 1.2, I am removing the link to the download repository. Once the latest version is ready for BP 1.2, I’ll create a new post with a new download link. If you want to be notified when my new BuddyPress Privacy Component is released, I suggest that you follow me on Twitter so as to get notified as soon as it is ready.

Okay, enough said. You can download my BuddyPress Privacy Component here. Once it is close to ready for an official public release, I will upload it to my WordPress Plugin Repository account.

Installation Hint:

If you read the readme.txt file, you will see that it says, “copy bp-authz.php and /bp-authz/ into /wp-content/plugins/ and activate the plugin.” This means that you need to make sure that you have both the directory /bp-authz/ and the single file bp-authz.php in /wp-contents/plugins/. So, it should look like this:

/plugins/
…/buddypress/
…/bp-authz/
…bp-authz.php

That last file needs to be at the same level as the /bp-authz/ directory. So, instead of simply dragging the main package directory BPAz into plugins, you drag the contents into plugins instead, leaving out the BPAz directory.

Release Notes:

• Requires at a minimum WPMU 2.8.4a and BuddyPress 1.1.1. Preferred environment is WPMU 2.8.6 and BuddyPress 1.1.3
• Although this release is very stable for a beta version, since it is a pre-release version (Beta 1), it should not be used in production environment.
• The component does not come with any theme files. It uses a few custom CSS selectors. If you are using a customized theme (i.e. not the BuddyPress default theme) you may need to adjust your theme’s CSS
• There may be a few issues with filtering out activity stream items. I suspect that the activity object array structure changed in a minor way in BP 1.1.3 and I have not yet had time to see if that is the case.
• Please provide any bug or usage requests in this thread

Do you like this plugin? How about showing your support? You can learn more about what it takes to build, maintain, extend, and support this plugin by reading my Do You Support BuddyPress Privacy post?

BPAz levels range from 0 (totally open) to 5 (totally closed) and follow this progession: All Users –> Logged in Users –> {Friends –> Groups} –> Userlist –> Only Me

Please note that the BPAz level “Relationship Mapped” is no longer an option. Instead, it has been replaced with the option “Members of these Groups.”