After much debate, I decided to place BP Privacy in the WordPress Plugin Repository as that is the easiest place for the community to access it. Placing it elsewhere might result in it being quickly forgotten.

Please be advised that as of this post and release, I am no longer developing or supporting this plugin. Therefore, with this release ends my BuddyPress Privacy journey. BP Privacy is now in the hands of the community. It is up to someone, or preferably a team of developers, to fork BP Privacy, reshape it to their vision, and help it grow to meet the community’s needs.

This means that if you have issues with the plugin your only recourse is to read the BuddyPress Privacy Manual (start with the Site Administrator’s Guide section) or hire a developer. I am not for hire so please do not contact me. Also, I will not be answering any emails about BP Privacy, including requests for suggestions on competent developers to hire. Please use the BuddyPress Support forums instead.

Visit this link to download BP Privacy!

Even More Details

For a detailed history of BP Privacy, read my article, BP Privacy: History and Lessons Learned from Developing a Major BuddyPress Component.

BP Privacy’s Future

The current version of this plugin was to be released as v1.0 but I have reverted the version numbering to pre-release status. Therefore it should be treated as a pre-release version and not used in a production environment.

Before installing and using this plugin, you should fully and carefully read the plugin’s readme.txt file, the disclaimer.txt file, and the BuddyPress Privacy Manual that comes bundled with the plugin.

Also, please see the future.txt file which contains the roadmap features for BP Privacy’s further development. The items listed under v1.0-RC2 were originally planned for multiple version releases–some under v1.0.x and some under v1.1. These features have been gathered under v1.0-RC2 to suggest that they should be developed, fully tested, and rolled out before someone else (or some team) releases a production-ready fork of this plugin. It will take that long for a developer or team of developers to sufficiently understand the inner workings of this plugin before they can claim that their forked-version is production ready.

Enjoy and best of luck!

Note: Comments are turned on but I will not be allowing any comments asking for support as I am not providing support. I also will not be allowing through any negative comments. This is not a public forum.

It is important to state up front that there are many wonderful, helpful, supportive, knowledgeable, community-minded members in the greater WordPress community. If you are an active participant within this community, you already understand that fact.

Of course, a great community of supportive, fun-loving people does not guarantee that you will face few challenges with your WordPress or BuddyPress projects—whether that is starting and running a community, designing themes, or developing plugins.

This is the story about the challenges I have faced in bringing BP Privacy to fruition. It is just one developer’s journey and, as such, should not be construed as anything more than my perspective.

I hope that those who manage to read through this entire, long article walk away with not only a better understanding of some of the difficulties BP Privacy has faced, but also a feel for how they might want to approach taking on similar open source projects in the future.

Genesis of the Idea

In the beginning, there was an idea that BuddyPress needed privacy. Well, that idea was not present at the genesis of BuddyPress as it does not offer core privacy, but the idea was hatched in the early pre-RC2 release days of the BuddyPress project by two very active community leaders—one of whom was me.

At the inception of this project, BP Privacy had two developers. That’s right. I had a project partner. This partner was a key BuddyPress member and very interested in coding his first BP plugin. We teamed up on this project as we realized the complexity of the task at hand and that it would be beneficial to have a project partner.

We had a number of discussions about how we should tackle this project. I set up a subversion repository on my dedicated server for the project and gave him access. I started the long, tedious process of learning, really understanding, the inner workings of BuddyPress. After all, BP Privacy would not be a typical plugin. It had to interact with all the core BuddyPress components. It had to monitor and take control of output based on an individual’s desires. We both realized that BP Privacy was going to be a major, foundational component in its own right—even though it would be a third-party plugin.

However, as weeks passed into months, my project partner’s schedule did not allow him to participate. So, I told him that I was just going to get started and that he could join in at any time.

So that is the humble, less than exciting beginning of BP Privacy. It started with a two-person project team but ended up becoming a solo effort.

BP Privacy Timeline

On the BP Privacy site, I state in a blog post that this journey has been 16-months long. Of course, that was posted basically October 1, 2010. So as of the date on this post, the process is nearing 20 months. The reality, however, is that this project had its inception even earlier, almost two years ago.

Here is a blow-by-blow timetable for BP Privacy and some of the key factors and issues at each point along the way:

Project idea inception: Early April 2009. My project partner and I began discussing BP Privacy (what was at that time called BPAz or BP-Authz)

First code written: June 23, 2009. This was two months after hatching the concept. It was the point when my project partner determined his schedule would not allow him to participate. So, I started coding the project on my own.

First public beta release: December 5, 2009. Only four months and two weeks after the first code block was written, I released a very solid public beta version to the community. Note that before that public beta release, there was a small, select group of private alpha testers.

This was a very solid beta version with only a few minor bugs. It worked perfectly with BuddyPress v1.1.3, offering privacy filtering for four of BuddyPress’ then core components. But the rug was about to be pulled out from underneath the project.

Codebase and platform concerns arise: January 2, 2010. As BuddyPress 1.2 was fast approaching release, it became clear that a major BP Privacy code refactoring would be required. A good portion of the previous 4 months of work would need to be reevaluated and much rewritten. As I looked at the time commitment involved, I realized I needed to try a new approach.

Not surprisingly, this approach failed. It only raised about $175 dollars. Without a big financial boost to help me focus on BP Privacy, I had to turn my attention elsewhere for awhile.

Late spring through early fall of 2010: The BuddyPress project experienced critical uncertainties in my opinion. These uncertainties made me question its long-term health. During this time, the development of BP Privacy progressively slowed down, practically grinding to a halt in late summer of 2010 as I awaited a few, final core patches I had submitted months before to be accepted.

Due to these factors, nine months passed with very little development time being invested.

Announcement of Public Release (v1.0): September 30, 2010. I was privy to some promising developments in the world of BuddyPress that gave me hope that BuddyPress might actually weather the storm. So, after almost nine months of greatly reduced activity on my part, I went out on a limb, venturing back into the BP Privacy project on a more serious level once again.

I created the BP Privacy site and made an announcement on that new site that BP Privacy would be released on November 8, 2010. This is the first officially-advertised date given for the release of the public, production-ready version (v1.0).

A few weeks later came the news for which I had been waiting. The BuddyPress community had a shot of adrenaline and renewed hope. We welcomed the announcement that Paul Gibbs and Boone Gorges had been “promoted” to core committers.

Of course, November 8, 2010 came and went. I continued working on BP Privacy as time permitted as I patiently awaited the release of BuddyPress 1.2.7 which was finally released on December 22, 2010.

BP Privacy’s Future: See the end of this article.

Time Invested and Anticipated Returns

Projects of the magnitude of BP Privacy require a considerable time commitment. Whereas it is difficult to be absolutely precise, I have a pretty accurate estimate as to the number of hours I’ve invested in BP Privacy. My total time spent to date working on BP Privacy is 1450 hours.

What kinds of activities go into a project that would require such a time commitment? A great number of essential activities such as: emails, forum and IRC discussions, support of alpha and beta1 testers, writing and submitting core patches required to bring privacy services to BuddyPress, debating a number of these patches, studying and thoroughly understanding the inner workings of BP, keeping up to date with codebase changes in BP Trac, writing tools that were necessary in figuring out some unexpected behaviors with BuddyPress’ action and filter hooks, continuous and exhaustive testing of BP Privacy, and writing detailed documentation. Of course, all of this is on top of the actual coding of the component itself which has required (so far) two major refactorings of the codebase.

What will I earn for all of this effort? Zero. Okay, I had a total of about $225 in donations to help support development ($175 as mentioned above plus $50 received before that post). I am very grateful to all who donated, to my select testers, and to everyone who offered support in other ways.

This means that I will have earned just shy of 16 cents per hour working on BP Privacy. So, the next time you question the commitment and contribution of those who actively volunteer in the open source world, remember that number. Of course, if all the additional hours of time that I’ve donated on the BP support forums, IRC, via email, Twitter, and Skype are included, that total would undoubtably be about half of that.

Financially, I would have been better off spending that time working at McDonalds. It is ironic that the vast majority of people who will benefit from my work will not even contribute enough for me to buy a Big Mac. By the way, I do not eat at McDonalds so please don’t send coupons. In fact, I am not interested in any more donations.

Why do I have a section emphasizing the monetary aspects of BP Privacy? Because like the vast majority of people, I need to pay bills, put food on my family’s table, and save for the future. How many of you can donate 1450 hours of time creating free products or services for others to use?

I am a vocal advocate of the open source model, as anyone who reads my blog and tweets would know. I have volunteered a thousand hours plus of my time answering questions on the BuddyPress community support forums, via email, in IRC, on the phone, and via Skype. None of those hours are included in my total time spent on BP Privacy. Like many active members of the community, I give in more ways than just creating plugins.

The reality for me is that this community and its open source model does not make it possible to earn even a small part of my living in a way that I prefer—coding great-quality GPLed plugins that provide needed services to others.

As I do not take on client work–I’ve discussed this fact with people many times before–I need another means with which to recoup some of the time I have invested in coding open source software for the community. If you really want to learn more about this point, please read this post about this issue from my perspective—and read the comments for a fascinating discussion.

Lessons Learned

Here are a few lessons learned that may help other WordPress and BuddyPress developers have a better experience with offering GPLed software to the greater community.

Work on Projects that Give You Energy, Not Sap Your Strength: By and large, I have lost more energy working on the BP Privacy project than I have gained. It has been exceedingly frustrating at times. To be honest, if this were not something desperately needed for the BuddyPress platform, I would have dropped this project a year ago.

At the time I started coding BP Privacy, I was planning on using BuddyPress as the foundation of my startup, and privacy was key to that vision. So it made sense to continue BP Privacy and then release the component to the greater community once it was ready. Had I any idea how vocal the negative minority would be as they impatiently waited for me to provide them with high-quality, free-as-in-cost software, I would have canned the community release a long time ago and just worked on it for my private use.

The Vocal, Negative Minority: It is important to realize that more likely than not, the vast majority of users will be happy about your work, or at least indifferent. Unfortunately, human nature makes us more vocal when we’re displeased than when we are pleased. It is a minority of users that will be anywhere from disappointed to obsessively outraged. It will be this minority that will be most vocal. If you release your work to the community, expect to have a greater volume of “I hate you” than “I love you” feedback from your user base.

Whereas community members may appreciate your volunteer help on various support forums, and paying clients may love you, when it comes to freely-contributed plugins, don’t expect the same rosy reception.

Don’t Expect Donations: Based on the vast majority of all plugin developers’ experience, ninety-nine percent (and realistically more) of all users will never donate to your efforts. There are many plugin developers who have written about this. Here are just a few articles to shed some light on this issue. Again, read the comments to get a more balanced perspective on this issue as there are good points on both sides:

• Have you made a donation to your WordPress Plugin Developer?
• Do we do enough to support WordPress Plugin Developers?
• Open Source Motivations

The donation model is not broken, for the vast majority of creators, it never worked to begin with. I have tried many tactics to increase donation conversions. My plugins and appropriate blog posts all had obvious donate badges. But that has not made a difference. Donating to something that is freely available apparently also goes against human nature.

Plugin support: Unless you clearly and explicitly state that there will be zero support offered for your plugin (at a minimum that should be communicated in the readme.txt file) then it is your moral obligation to offer some level of support if you release a plugin to the community—which includes forking an existing plugin.

Therefore, expect there to be questions that must be answered, that user issues will take away time from your other projects, and possibly impact your paid work and family obligations. There will be users who claim they are having a problem with your plugin when in actuality it will be caused by something other than your plugin. No matter how hard you try to communicate that it is not an issue with your plugin, in these people’s minds, you will still be the party at “fault”.

It is for this reason that some plugin developers fully exercise their GPL rights. Please note that if you plan to charge for support, you should be aware of a potential issue.

Since all WordPress plugins and themes need to be licensed under then same GPL version as WordPress itself–GPL version 2–you do not technically have the freedom or right to charge support fees. That explicit freedom and right was added later in GPL version 3. (Compare the last paragraph of Section 1 of GPL version 2 to the last paragraph of Section 4 of GPL version 3).

Therefore, if you are planning on charging for support, you are operating outside the freedoms of the GPL version 2. You would be wise to seek legal counsel.

Disclaimer: You should seek legal counsel if you have questions or concerns about your freedoms and rights under the GPL. I am not a lawyer and the information presented is my opinion only.

With Plugin Popularity Comes Possible Trouble: I do not envy plugin developers with high download counts. I know that that means one of two things: they are at the first stage of the plugin’s support lifecycle where they are spending an inordinate amount of their time supporting the plugin (probably for free), or they will soon be entering the final stage of the plugin’s support lifecycle where they discontinue support and future development as their time commitment to the project cannot be sustained.

It is for these two reasons that I always donate to plugin developers whose software I use and only use plugins that I am sufficiently interested in as I expect that one day I will have to maintain them myself.

Plugin development should not be a popularity contest, he or she who has the highest plugin download count often does not win. Do not release a plugin for praise and glory. That rarely happens. What really happens is the more popular your plugin becomes, the greater the potential for you to lose control over your time. This can lead to a rather unpleasant, overall experience with your project.

Alpha & Beta testing: If you have limited time to work on your project, then it is best to make the alpha and maybe first beta version private releases. Provide copies only to those people who you believe will genuinely test it and provide you with useful feedback. It is better to have a small, focused group of testers than a horde of quasi-interested and knowledgeable testers.

The exception to this lesson would be if you have a team of developers who can share the responsibilities of managing a public alpha and beta test. But, if you are a solo developer, you could be in for a world of hurt if you set your pre-release software free for any and all to test.

Bugs will continue to be found even after you’ve released the first public version. You have to go no farther than WordPress or BuddyPress Trac to see how many bugs still exist in those stable, public products. That is the nature of all software. No matter how mature a software product, there will always be bugs, some of them serious.

Develop on a Developer-stable Version: Although BuddyPress v1.0 was the first official public release deemed suitable for general use, it was far from stable from a developer’s standpoint. This is evidenced by the fact that significant changes occurred between BP 1.0 and BP 1.1 that caused developers some grief and then even greater changes occurred between BP 1.1 and BP 1.2.

In my opinion, BP 1.2 should have been then first public release. In other words, BP 1.2 is really v1.0 in my mind. Now, with BP 1.3 close at hand, I’m concerned that developers (and possibly even users) will be faced with difficult upgrade challenges. Although, Paul, Boone, and John have been working hard to make the transition to BP 1.3 as painless as possible. So, perhaps my concerns are not valid. Whatever the reality, when the dust settles, BP 1.3 will become the first developer-stable version in my opinion.

Group or Solo effort: As should be obvious from the start of this article, you need to carefully vet your project partners. Although I had little data with which to make an honest assessment of my project partner’s suitability–the BuddyPress community was very new at the time–I nevertheless made a mistake at the start of this project. I should have quietly started by myself and only asked for interested project partners once I had some code to share and knew more about the skill sets of the various BP developers with whom I associated.

Communicate Less, Not More: This may come across as a hypocritical suggestion in light of some of the communication issues BuddyPress had last year. However, you need to differentiate BuddyPress as a developer platform and community from that of developing a BP plugin. With the former, the community is what makes the project a success. With the later, only a few key people need to be kept apprised. Communication is essential to the former, whereas to the latter it is not necessary until the plugin is released.

When it comes to plugin development, it is better to surprise the community with a new release (especially the initial release) than it is to build up their expectations. Although there is a thrill with getting validation for your efforts at the start of a project, there is no way to know what challenges lie ahead and how difficult the task may be. Interest and attention in any project can quickly turn negative if there are seemingly few results to share. Blame will always go to you, whether the issues holding up your project are beyond your control or not. This is especially true for a project that is deemed very important or possibly even vital—such as BP Privacy.

Once a plugin is released to the world, then proactive communication and vigilant project management are crucial to the project’s continued success. But before the public release, communicating less might actually help the project succeed as you won’t be distracted by the negative vocal minority.

Promised Release Dates: As a follow up to the point above, it is best to never put a date on a release. You are working on a plugin, not the core foundation of WordPress or BuddyPress where it makes sense to have project deadlines and development freeze dates.

If you do communicate a release date, do not be overly concerned if you fail to meet it. You are generously working on GPLed software that will more than likely earn you little if any for your efforts invested. You are not beholden to anyone.

Even the BuddyPress project has difficulties meeting its promised release dates. As this article can witness, there are many factors that contribute to a missed release date. Some are beyond your control. From a community standpoint, it is best if people remain patient and remember that they are getting GPLed software that provides them many freedoms of use. The software will be released when its released.

Use of the WordPress Plugin Repository: The WP Plugin Repo is a great service to developers and the greater community. You should use this service if you are planning not to exercise your full GPL rights. However, do not use the Repo for releasing alpha, beta, or RC versions. Most users will have no clue what an alpha or beta version truly means. More importantly, most will not care. If it’s on the Repo they’ll expect it to work. You should make your plugins available on the Repo only when they are ready for full public release. Until then, use another service, or your own server, to make pre-release versions available to those whom you wish to have access.

When Will BP Privacy Be Released?

Over the past two months, I have been reassessing my role in this project. As you have found out from the above history, my time commitment and investment into this project have been substantial. I’ve decided that the time required to support and maintain this project, and the energy required to do it properly, is incompatible with me earning a semblance of a living. It has also taken too much focus away from my current startup.

This project started out as a team effort but unfortunately became a solo effort. I believe that this project needs to become a team effort again—as in a team of developers, not a team of testers.

To be clear, BP Privacy was never intended to be a core BuddyPress component—even though some of you think that was the case. I am not and have never been part of BuddyPress’ core development team. I was simply an active community volunteer, support forum moderator, and plugin developer.

As most of you know, I am a staunch privacy advocate. Since my first days with the BuddyPress project, I have believed that privacy was a necessary core feature. That has yet to be realized. Perhaps part of the BP Privacy codebase can serve that purpose in the future. Although it might make more sense to refactor BuddyPress, offering true core privacy as a component.

What does this all mean?

I will be releasing the fully-functioning BP Privacy codebase over the next several days, along with a very extensive manual (35+ pages). At that point, I will end my official involvement with the project, and as such, I will not be providing any support.

The project will be in the hands of the community. It will be available for anyone to use as is, expand upon, fork, or even merge into BuddyPress core. Perhaps a group of developers will adopt BP Privacy and maintain it as a community-based project.

Because of my decision to end my official involvement with the project, I’ve decide to back tag the version I’ll be releasing, making it a release candidate instead of a public, ready-for-production version. Therefore, it will be v1.0-RC1 instead of V1.0. It also means that I will not be placing it on the WordPress Plugin Repository per the reasons I mentioned at the end of the last section. It will be available for a short while on the BP Privacy site before that site is taken down. The link will go to some yet-to-be-determined public repository. I will also be placing the link within a BP support forum thread.

By the way, for any group of developers interested, I have registered the bp-privacy distribution name with the WP Repo. I would be more than willing to assign that over to another group, if that is possible, or at the bare minimum add other committers. But be advised that I will not be participating in the project anymore.

Once BP Privacy v1.0-RC1 is out, it will be up to each person to fully evaluate the plugin and decide for themselves whether or not to run it on a production site. Although in my exhaustive testing BP Privacy works very will under WP 3.0.4 and BP 1.2.7, you must decide for yourself the viability of its use in a production environment. Thus, please be advised, no matter what you do, you are on your own until (and if) a new group of developers takes the reigns of BP Privacy and assumes support and maintenance responsibilities.

As far as the upcoming release of BP 1.3, I have not fully tested the most recent BP trunk version in Trac. Therefore, I cannot say how much refactoring may be required. I may put some effort into that, but do not wait for me. You should take the initiative and bring it up to date on your own volition.

As far as the few people that have pre-purchased BuddyPress Privacy Support Plans, I will be refunding all the monies received over the next week. But first I will focus on getting BP Privacy out the door. I will also be refunding my two, wonderful advertising partners. Yes, your ads have been up on BP Privacy going on three months (I have only charged them for the first month), but you have not received the type of exposure that you had expected. It is only fair that you get full refunds as well.

I hope that BP Privacy finds a useful life going forward!

First off, whereas it is true that two-and-a-half months have passed since the initially-announced release date of the first public version of BP Privacy (version 1.0), I never promised that a public version of BP Privacy would be released before then. I had mentioned several times in the past, and in several places, that I was hoping to release a beta2, but I never set a firm date on a production-ready, public version until my above referenced post. So comments that BP Privacy is very late (as in over a year) are not valid.

Secondly, BP Privacy will be finished when it is finished. I am hoping that is soon, but the reality is that it will be released when it’s released. You get what you pay for. I am not under contract to produce BP Privacy, I am not getting paid by anyone to provide free software to the community. This is an all volunteer effort. Attempts to goad any developer into accelerating the pace at which they are offering you free software are usually unproductive.

However, having said that, I will mention that I share a couple of the concerns expressed in the BuddyPress Theme Converts post. I may elaborate on this in an upcoming article on the history of BP Privacy and the lessons learned—to be published once BP Privacy has been released.

Note: I have received a very, very modest amount of funds via people who purchased a BuddyPress Privacy Component Support Plan at the pre-launch pricing and a marginal amount of ad revenue. I have not yet used any of those funds. They remain in my PayPal account and I may very well refund them. But these funds are not donations to the development work. They are pre-paid fees that purchase a bit of my time in supporting the plugin once released or a leasing fee for real estate on the BP Privacy site.

Nope. It is real. The reason is simple and practical.

This past Wednesday during the BuddyPress Developers’ Chat on IRC, it was decided that another subdecimal release of BP was necessary to provide a few fixes to some key bugs. BuddyPress v1.2.7 is scheduled to come out around the end of this coming week.

As I thought about this more and more over the past few days, I released that it is not a good practice to release a major new BuddyPress component targeted to a version of BuddyPress that will be obsolete a few days after launch. There is no way to determine how many additional changes to BuddyPress’ core files will be made over the next week—some of which could affect the operation of BP Privacy.

It would be foolish to release BP Privacy this coming Monday and then take a chance that it will play well with BP 1.2.7 when that comes out four or five days later. It could be an operations pain for my users and a support nightmare for me. So the prudent course of action is to postpone the release of BP Privacy pending the release of BP 1.2.7.

Therefore, BP Privacy will not be launching tomorrow, November 8, 2010. Instead, assuming BP 1.2.7 will be released as detailed in the link above–and that there are no major issues with it negatively affecting the operation of BP Privacy–the new launch date for BP Privacy will now be Monday, November 15, 2010.

It’s just one, short week. I’m just as eager to set this free as you are to get your hands on it. But prudence and patience must win out.

It’s Not a Total Loss

There are tangible benefits to this postponement. If you have not yet purchased a BuddyPress Privacy Component Support plan (BPCSP), this delay gives you an additional week to act. It will allow you another chance to get a great, permanent discount on support plans.

Furthermore, if you are a current advertiser on BP-Privacy.com, I’m going to give you the full month of December at no additional cost. I cannot justify having my ad clients paying for a full month but not having a full month’s worth of regular traffic. So, December is on me!

This offer for an extra month (December) of advertising will apply to the last two remaining ad spots if they are leased before BP Privacy launches on Monday, November 15, 2010.

InnoDB offers many advantages including one of my favorites as a developer—cascading deletes and updates.The conventional wisdom that the MyISAM storage engine is always the preferred type is outdated. I will not go into the whys in this article as it is discussed in many places. Here is an article that discusses the benefits of the InnoDB storage engine type in great detail.

Refer to the MySQL documentation for more details on the InnoDB storage engine.

Suffice it to say, that two years ago, the Drupal project decided to make the InnoDB storage engine the default type for Drupal 7 and have not looked back since. You can read more about that decision here.

Use the Force, Luke

To use the InnoDB storage engine type for the BP Privacy tables, you must manually configure before installing. Details will be provided in the readme.txt file.

InnoDB offers many advantages including one of my favorites as a developer—cascading deletes and updates. To take advantage of this, I’ve coded dual delete methods within each class model. The method that is fired depends upon which storage engine a given install has chosen. If the InnoDB storage engine is in use, then record deletion is a very simple process as deletes are automatically cascaded down through the child tables. If the default MyISAM storage engine is in use, then multi-table deletes require a more complex looping routine to ensure that associated records are deleted.

Do WordPress and BuddyPress really need to use the BIGINT numeric field type for UserID? Is it even realistic to make allowances for the possibility of 18.446 quintillion unique user records?Although MySQL allows for the mixing of storage engine types across tables, there are solid reasons for standardizing on one storage engine type across your entire database. It is up to you to decide if you want to mix and match storage engine types and to determine which tables may benefit from one storage engine type versus another.

If you decide to install BP Privacy using the InnoDB option, then you should consider whether it makes sense to convert all of your existing WordPress and BuddyPress tables to use the InnoDB storage engine. If you are doing a clean install of WordPress and/or BuddyPress, you can set the default storage engine type to the storage engine of your choice for each table before running the install script. Future core upgrades, unfortunately, will then require extra vigilance. So, proceed with extreme caution.

Here are some additional resources to help you better understand the risks, benefits, and issues involved (read the comments in the below articles as well):

How to scale WordPress to half a million blogs and 8,000,000 page views a month

Convert your MySQL database from MyISAM to InnoDB

5 Essential Steps For Hosting A Scalable WordPress Blog Or Website

Not All Lightsabers are Equal

To understand the next section, you need to heed the words of this ancient Jedi saying. It means, do not compare apples to oranges. Note: I’m not sure if that phrase is a Jedi saying as I made it up.

The MyISAM and InnoDB storage engines are different storage technologies. Therefore, whereas overall performance results can be compared between these two different storage engines, what I discuss in the next section pertains to performance tuning a table within a given storage engine type.

These Aren’t the Droids You’re Looking For

To do my part in reducing data bloat, and helping those users that have lower-powered servers, or are on shared hosting, I’ve structured BP Privacy’s tables to be as compact as possible—whether using the MyISAM or InnoDB storage engine type. How? Well for starters, by using the INT, instead of BIGINT, numeric field type for the Main ACL table’s primary key field and by using partial indexing where practical for both the Main and Lists ACL tables.

The benefit of using the INT numeric field type is that it’s a 50% reduction in storage space compared to BIGINT (not a fifty percent reduction in the maximum number of unique possible records within a table, but in the number of bits required to store the data in the ID field of each record in the table). Using the INT numeric field type for the table ID still allows for 4.29 billion unique records within each table. This should be more than adequate for 99.5% (likely even more) of all BuddyPress installs.

The other performance gain comes from the fact that in the latest version of BP Privacy (starting with v1.0), I’ve done away with storing user lists in a serialized array within the userlist field of the single table. Instead, I’ve normalized that bit of data, storing any group or user lists in a separate ACL Lists child table. The benefits of this approach are many.

Whereas serialized data can be useful when storing disparate data in a settings field, for instance, it is not a great idea when the type of data will always be the same in a given field. Why? Because when you serialize data, you are storing a table within a table. This can lead to all sorts of performance issues and makes it very difficult to perform meaningful searches with the data “locked” within the serialized array. In fact, once you start storing serialized objects in a relational database on a regular basis, then you have moved beyond the utility of a table-based model. Instead, a schemaless system would prove more beneficial.

There is another performance hit when choosing to serialize the same type of data within a table’s field. Whether a given record stores any data in the serialized field or not, the overall record overhead size is much larger as a result of a set minimum number of stored bytes for the LONGTEXT data type. This means that space is used in the table even if data is not stored in that field. As most users will more than likely not be setting any group or user list data, it makes more sense to only take up space when actual data is required to be saved. Therefore, the child ACL Lists table.

If you are designing tables for WordPress or BuddyPress, it’s crucial that you learn how to properly store data and when it is okay to serialize (most of the time, it is not). Are you serializing data because you think that’s the way it must be done, because that’s the way most developers do it in the WP ecosystem? Think again. If you’ve heard that sharding requires data to be serialized. The answer to that is, wrong. Sharding and serialization are two separate issues. There are other, more desirable ways to make your table shardable. With the exception of serialized data within the WP settings and options metadata fields, serialization is misunderstood and misused within WordPress and BuddyPress tables.

Given the fact that these improvements are for a few, small privacy tables, it may not seem like that little of a space savings makes a difference in the grander picture. But imagine if WordPress and BuddyPress core made similar changes and all plugin developers took the time to optimize their plugin’s data schema (if they have one). Every bit saved on better field type and index sizes can add up to big performance gains, especially as a WordPress-powered site begins to get noticed and needs to scale.

Ask yourself this. Do WordPress and BuddyPress each really need to use the BIGINT numeric field type for UserID? Is it even realistic to make allowances for the possibility of 18.446 quintillion unique user records? Or, would larger benefits accrue to WordPress and BuddyPress users if the data size for that field was reduced by 50% (by using INT) or even better 62.5% (by using MEDIUMINT). Imagine where else data schema optimization could occur! By thinking about data storage issues, you can help to reduce table size and thereby improve performance.

Additional Resources:

To get to the heart of the discussion above–the infamous serialized fields–start the below-linked-to video at timecode 32:48, which is point nine in his list of ten. The section is entitled EAV. The most pertinent discussion will start at timecode 35:22, with what the author calls EAV 2.0: E-BLOB, but it is a good idea to start a few minutes earlier at the beginning of point nine.

This hour-long video became the source of a latter OSCON presentation. The audio is pretty bad, but it gives some great pointers on database best-management practices, 10 Ways to Wreck Your Database.

A Jedi Uses the Force for Knowledge and Defense, Never for Attack

As this famous quote from Yoda implies, with great power comes great responsibility (how about that for mixing SciFi and comic book metaphors). So, here it goes.

Warning: If attempting anything mentioned in this article or in the linked-to articles, the typical caveats apply: backup your existing WordPress and BuddyPress database(s) before you do anything, know how to restore your database(s) from your backups, know what you are doing and what you’re getting yourself into, don’t cry if you break something, it is entirely your responsibility to fix anything that breaks, and there is no one you can blame except yourself if something goes wrong.

I will not answer any questions about how to do anything discussed above or in the linked-to articles, nor provide any assistance in helping you do this, nor provide any help if you do this and your site breaks. It is up to you to know what you are doing. Proceed at your own risk. You have been warned.

To celebrate this occasion, I am offering two specials: 40% off of the standard BuddyPress Privacy Component Support Plan (BPCSP) and the other 25% discount on advertising rates. All but two of the first month’s ad spots are sold. So, if you want to get in early and lock in these prerelease rates, act now.

The issue in summary is that the big telecos are aiming to rate limit packet traffic across the entire wireless spectrum. That means that no matter what kind of data you send (text or media based), there could very well be a toll. Those that pay the highest access fees will see their data travel at the maximum throughput rates. Those who can’t pay as much, will in effect have their data throttled.

As I state at the beginning of a previous article on this issue:

If you design websites, run a small web-based business, make money from blogging, or are launching a startup, the level playing field of the Internet is about to get very bumpy. If you think that mobile-based services are the future and are catering to the wireless crowd, then be prepared for a game-changing shift.

There is a potentially game-changing new variable being considered that will skew the Internet’s competitive landscape. Currently, content creators pay fees to host their data, maybe even overage fees if bandwidth limits are exceeded in a given month. But once the data leaves the confines of their Web server, it travels across the Internet’s backbone infrastructure at the same rate as all other traffic.

The Google-Verizon proposal would allow an altogether new fee to be charged for wireless throughput—an access fee, a toll placed on data after it leaves your hosting firm’s building, or your company-owned server farm. This means that content providers–bloggers, ecommerce sites, social networks, you name it–will all be assessed wireless transmission fees. The higher the fee paid, the faster their data will be allowed to travel.

Why is this an issue? Because healthy competition requires a level playing field. Without net neutrality across the Internet’s entire infrastructure, users looking to join new niche social networks or who frequent boutique ecommerce sites may very well bypass those sites that appear to run very slowly on their wireless devices. They may instead move toward those sites that have a fast wireless response time.

It is not realistic to think that an unfunded startup, a new BuddyPress-based site, or a small blog-based ecommerce site would be able to afford paying the same fees as big companies. That would mean that their data would not travel as fast across the wireless infrastructure.

How many Web surfers want to waste their time waiting for what appears to be a slow server response? In fact, it may not be the server at all. Instead, it could be the speed limit placed on the data packets after they leave the Web server.

Think of it this way. When a WordPress Multisite install runs on a heavily-trafficked shared server, it can be painfully slow to use. Site owners who have configured their network this way often report that their members are complaining about how slow the site is to use, that new user registration is down as a result of the poor load times. The solution often suggested is to enable caching and upgrade to a VPN or to a dedicated server.

But guess what. That solution will not help if wireless packet traffic is rate limited. You could have the biggest server farm in the world with the fastest processors, maxed out memory, efficiently cached and compressed data, and best switches. But if you are not willing, or able, to pay the fees required to let your data travel unencumbered across the wireless infrastructure, then your users may have the same experience as if your site was on a shared host. Your users will not care why your site runs slowly. They may jump ship and spend their time on those sites that run at the speeds they have become accustomed to before net neutrality went out the window.

It is true that the total, theoretical wireless capacity is not nearly as high as that of the current wired-based infrastructure. But let’s remember that the wireless spectrum is not privately owned. It is leased from the public. There must be realistic limits placed on what private corporations can do with public assets. Allowing telecos to leverage their leases in such a way that condones economic inequality does not seem like a move in the public’s best interest.

Finally, we must remember that the wireless carriers already charge for data access. They just do it on the receiving end via subscriber fees and limits put on total bandwidth usage per month. What they want to do now is charge an additional toll to the content creators. So they’ll get paid by both parties, they’ll charge a toll on both ends of the wireless highway.

If it Costs Users, it Could Cost You

Guess to whom these costs will be passed? Why do you think that Facebook, eBay, and Amazon have all recently communicated their disapproval with Google, Verizon, and AT&T on this issue? Although these three behemoths could all afford to pay the highest access fees that the telecos may charge, they know that these costs would have to be passed back to their customers. They also realize that it sets a dangerous precedent—that of assigning data packet priority based on transmission fees paid.

If you don’t think that this issue might negatively impact your business, think again. Although this is currently a potential threat, it is a serious threat nonetheless. If the very people who create the content, consult for the content creators, and run the small ecommerce sites do not speak up, then the FCC and elected officials may not take as much interest in this issue as they should.

So, if you make your living as a blogger, by catering to the blogging community, or working for a social media design or marketing company, it’s time that you stir the pot and write your own post, contact your elected officials, or band together with some of your colleagues to shine light on this important issue. It does not matter if you are not based in the United States. This issue may affect your bottom line where ever you live.

Related Articles

Google-Verizon Joint Statement Presages End to Net Neutrality

Goodbye Google Old Friend: It’s time for the Open-Source Internet

Updates

December 21, 2010: Today the FCC voted on net neutrality regulation. The results do not bode well. See, Why everyone hates new net neutrality rules—even NN supporters.

November 4, 2010: With the U.S. midterm elections finally over, the possibilities for protecting net neutrality seem even worse. Read this CNNMoney article, Final nail in coffin for Net neutrality?

November 29, 2010: In a related development, Comcast is striking a blow against net neutrality for the wired Internet, requiring Level 3 Communications–a major fiber-based backbone provider–to pay them a recurring fee to transmit high-bandwidth content to Comcast’s customers.

November 30, 2010: Tell the FCC what you think by standing up for net neutrality. Sign the petition to stop Comcast from blocking Netflix IP traffic.

There is new research out that indicates that teenagers are starting to look for alternatives to Facebook for their social-networking needs. Some of the stated reasons (besides fatigue) are that they’re fed up with advertising inundation and insufficient privacy controls. When it comes to Facebook’s privacy controls, many teens find them hard to use, difficult to understand, and believe that Facebook will likely change them again.

The result? As users become overwhelmed and burnt out by the one–size–fits–all social networking monoliths, they are beginning to seek out more intimate, interest-specific communities. This provides an opening to developers who wish to create narrowly-focused, niche networks. BuddyPress is a great tool that can allow you to do just that.

With BuddyPress fast approaching its version 1.3 release (around the new year), now is the perfect time for those who have been thinking about creating a targeted community to learn how BuddyPress can help achieve that goal. A well–executed BuddyPress site could offer potential members a more meaningful, productive experience than simply joining another Facebook group.

As an open source project, BuddyPress thrives as a result of its community. If you are a designer, developer, or site owner, please consider joining the community and helping to evolve BuddyPress into a strong alternative to the traditional social-networking platforms. New ideas, energy, and contributions are always welcome.

Important Message

If you’re currently running a niche social network, or thinking about creating one, you should be aware of a possible threat on the horizon. It is up to the Web’s netizens to fight for equal access and data equality.

Update

December 15, 2010: Also, see my article Leverage BuddyPress to Build Your Niche Community posted on buddydress.com.

September 2, 2010: If you don’t think that BuddyPress or niche social networking is growing in popularity, see this article.

(You can download the latest version of WordPress Hook Sniffer here. Please read the readme.txt file for important usage and installation notes.)

After the bug fixes, the most noticeable improvement is that you no longer need to manually install the modified plugin.php file—the file that gives hook sniffer its abilities. The plugin now automatically installs the modified plugin.php file upon plugin activation and then reinstalls the original, stock WP version of the /wp-includes/plugin.php file upon plugin deactivation. This means that when you deactivate the plugin, you can rest assured that WP Hook Sniffer no longer has any influence over the operation of WordPress.

As there are important differences between the /wp-includes/plugin.php files of WP 2.9.2 and WP 3.0, WP Hook Sniffer now requires WordPress 3.0. Upon activation, an automatic version check is performed to make sure that WP Hook Sniffer is installed on the proper version of WordPress. If the plugin is installed on an older version of WordPress, it will not run. A warning message is displayed in the Plugins directory and in the WP Hook Sniffer Settings screen.

Also, I’ve versioned the modified plugin.php file that comes with WP Hook Sniffer. Now, when you activate the plugin, it runs a check to make sure that the proper version of the modified plugin.php file is installed in /wp-includes.

Finally, I added a CSS file to improve proper code separation–the older version simply had inline CSS definitions–and renamed all CSS selectors to make them unique to the plugin.

If WordPress Hook Sniffer has become an indispensable tool in your WP plugin development toolkit, please donate to help me keep this plugin updated and its sniffer healthy! Thank you!

Sponsorship Levels

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

I have been having a few issues with BuddyPress development over the past week. I went through all the usual techniques to isolate the issue, finally deactivating all my 3rd-party plugins. But, the issue remained. Finally, I wondered about my WordPress Hook Sniffer plugin. I realized that although it was deactivated, it might be negatively affecting the operation of WordPress if the modified plugin.php file that comes with the plugin had issues. I replaced the modified version of plugin.php with the original one that ships with my version of WordPress, and bingo, the issues went away. All I could think was crap—especially as I say this in the installation instructions:

“The modifications to WordPress’ standard Plugin API file are used exclusively for WordPress Hook Sniffer. They should not affect the functioning of the rest of WordPress.”

In fact, this statement is still technically correct. The culprit is that when I updated the modified plugin.php file for last week’s version 0.13 update to the WP Hook Sniffer, I failed to use the proper base plugin.php file. I used the one that ships with WP 2.9.2 and not WP 3.0. Even though I thought I had done a sufficient parity check between these two files, I had failed to notice a few important changes.

WordPress Core Developers please note: if you change a function you should indicate as much in the inline documentation. Please use the @version PHPDocumenter tag to indicate that the function has changed. The @since tag version indicator is not helpful if the function has changed.

What issues did I have that caused me to discover this problem? The WordPress “wp” action hook was not firing. Yep. That is a big problem, especially if you are doing development work. Interestingly enough, most of BuddyPress continued to function as expected, except for a few features that used to work but suddenly stopped working—right at the time I installed the updated version of WP Hook Sniffer. Of course, I failed to notice this for several days.

I have gone through the stock plugin.php file–with a very fine-toothed comb–and ferreted out all the changes. I am in the process of updating the modified plugin.php file that WP Hook Sniffer is required to use. I want to make sure that it is adequatley tested before releasing an updated version. Look for the updated version with a fixed plugin.php file to be available either Sunday or Monday.

With this pending update, WordPress Hook Sniffer will require WordPress 3.0. Therefore, if you want to use it in an older version of WordPress, you will have to install Version 0.12 of WP Hook Sniffer. Please note, I will only support the most recent version of WordPress Hook Sniffer.

I apologize if this has caused you to lose valuable development time. I know that I have lost several days of productive coding due to this issue. There were obviously some important changes between WP 2.9.x and WP 3.0. Even though I thought I had properly assessed potential changes within the plugin.php file, I had not. I guess I need more sleep, more caffeine, fewer late-night alien visits, or some combination of those three.

These are not the normal, run-of-the-mill plugins that extend BuddyPress by adding additional functionality for a site’s members, or allow a site administrator to selectively alter the core functionality of BuddyPress. Instead, the plugins that I’m excited about are specifically targeted to providing site administrators and developers with unique services. I call these tools to differentiate them from the general-purpose plugins.

Although there are currently only a handful of such tools available, I hope that these releases indicate a trend. The WordPress ecosystem needs more specialty tools for site administrators and plugin developers.

So, in no particular order of importance, here is a listing of the more interesting plugins that provide useful tools for the site administrator’s or developer’s toolbox.

Developer Tools

WordPress Hook Sniffer: This is a tool I recently released that helps plugin developers determine the sequence in which action and filter functions are fired. It provides a window into the inner workings of the WordPress Plugin API and can help a developer figure out why a custom action or filter hook or function is not working as intended.

WordPress MU Demo Data Creator: Provides a utility for populating your WPMU development sandbox database with dummy data. Why waste time creating your own dummy data to test your plugins when it can be auto generated for you.

BuddyPress Skeleton Component: This is not a new developer tool. In fact, as an example BuddyPress plugin component, it is the grand progenitor of many BuddyPress plugins.

BuddyPress Template Pack: This is not a developer’s tool per say. But I think it deserves listing nonetheless. It is actually a theme designer’s tool that helps make a custom WordPress theme compatible for use as a BuddyPress theme.

Site Administrator Tools

BP System Report: This tool gathers useful network intelligence on a site’s member and group activity. It provides a site administrator with usage trends and statistics, offering important insights into the health of their community.

Import from Ning: I thought I should throw this one in as well as it is a tool that helps social network operators. It provides some utility in helping to migrate a Ning network to BuddyPress. As Ning does not offer too much help in migrating existing networks to competing platforms, this tool is not a panacea to your Ning-networking woes—but it is a great start!

Plugin Developers Need Your Support

Creating a high-quality plugin takes more time than most people realize. In fact, it can take as much time if not more than creating a top-quality theme. But plugin developers rarely receive the same financial rewards that premium theme designers do.

My limited, empirical data shows that with the number of downloads of my current three WordPress / BuddyPress plugins, that less than 0.1% (yes, that is less than one-tenth of one percent) bother to donate. If my plugins received poor reviews, that would be understandable. But, as my lowest-rated plugin received a 4.5-star review out of 5, the lack of donations obviously has nothing to do with perceived quality. Note: Although I am a listed contributor to the BuddyPress Skeleton Component, I do not include that as one of my three plugins.

Whereas the greater WordPress community appears to have no issue with spending money on what are called premium themes, there seems to be a disconnect when it comes to supporting the developers of the plugins that help make their communities successful. Yes, great themes definitely provide an important face to a community, but it’s important to remember that plugins– along with the core functionality of WordPress and BuddyPress–provide the foundation to our networks.

So please generously donate to plugin developers and help keep them coding their wonderful plugins be they general purpose or specialty in nature.

This re-released version is what I call a plugin widget as it is a BuddyPress-specific widget and must be activated like other BP plugins. Widget installation is handled this way so that if BuddyPress is not activated, then this plugin widget will not be loaded—which could cause issues with your WP site. The widget does an internal check to see if BuddyPress is activated, if so then it continues loading. If not, it stops loading and will not be visible in the widget gallery. The widget is automatically activated sitewide so your other members will not see it in their plugins section if you’re running a multisite install.

Download BuddyPress Featured Members Plugin Widget and Donate!

You can download version 1.2 of the BuddyPress Featured Members Plugin Widget from the WordPress Plugin Repository. Even more excitingly, you can help me support this plugin, encourage me to create new ones, and enable me to keep living by selecting a sponsorship level below and clicking the “Pay Now” button. Thank you!

Sponsorship Levels

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

Using the Plugin Widget

Please read the readme.txt file for installation and usage instructions. If you have any issues, please leave a comment in this post, or visit the support forum for this plugin widget.

As a developer, one of the downsides to Open Source projects like WordPress and BuddyPress is that a significant amount of foundational code is already in place. There are hundreds of functions, classes, methods, and general code that you never actually get to know. Sure, you might call them from within your code, you might know how and when to use them, but you more than likely do not understand how and why they work and what they actually do to accomplish their task.

Why? Because you were (more than likely) not part of the team that wrote the code, that figured out what each function was required to accomplish and in what ways that code would interact with other parts of the foundation.

This is exactly the situation I found myself in several weeks ago as I was trying to figure out why one of my custom do_action events in my BuddyPress Privacy Component was not working as I had expected. My investigation into this issue not only opened my eyes into the inner workings of WordPress’ Plugin API, but also helped me figure out why a few BuddyPress action events were not behaving as intended.

Understanding Hook Firing Sequence

How can you know the firing sequence of action functions or filter functions that you attach to existing WordPress and BuddyPress hooks? Why is this even important?

To answer the second question, read my article, WordPress Hooks, Barbs, and Snags. The answer to the first question is more difficult.

Since many internal WordPress and BuddyPress functions may be tying into the same action or filter hooks, there is no easy way to know the firing sequence of action functions or filter functions. Add to that the fact that 3rd-party external plugins can also tie into these same action or filter hooks and the issue becomes even more murky.

As I had a serious issue with a custom do_action event in my BuddyPress Privacy Component not working as expected, I set out to solve the first question. Although my problem appeared to be with my custom do_action event, I soon discovered that it was caused by another hook to which I had tied in to.

The result of my investigation: a new tool for WordPress and BuddyPress developers called the WordPress Hook Sniffer. What does this plugin do? It helps plugin developers determine the sequence in which action and filter functions are fired, providing a window into the inner workings of the WordPress Plugin API.

As with all of my other WordPress and BuddyPress plugins, this plugin is licensed under the GNU General Public License 3.0 (GPL).

Download WordPress Hook Sniffer and Donate!

You can download the WordPress Hook Sniffer via the WP Plugin Repository. Even more excitingly, you can help me support this plugin, encourage me to create new ones, and enable me to keep living by selecting a sponsorship level below and clicking the “Pay Now” button. Thank you!

Sponsorship Levels

Supporter $15.00 Donor $25.00 Sponsor $50.00 Benefactor $100.00 Patron $250.00 Open Source Angel $500.00 Holy Cow! $1,000.00

If you are a corporate user, consultant, plugin developer, or theme designer and profit from using my plugin, please consider donating at one of the upper levels. Thank you!

Using the Plugin

WARNING: This plugin is to be used only in a development sandbox and not in a production environment. It is intended solely for use by plugin developers to help determine the sequence in which action and filter functions are fired. Use at your own risk. As this plugin should not be installed on an active WordPress-based site (a production site), no support for broken sites will be given. You have been warned!

As with all plugins, please read the installation instructions in the readme.txt file. You may find the FAQ in the readme.txt file useful. Also, if you have been using an older version of this plugin, the installation process is now much simpler—see this post for details.

1. Once installed and activated, you will find a new menu option in the Settings menu
   
2. Clicking on that will bring up the WordPress Hook Sniffer Settings screen. The first thing to do is look in the upper left-hand corner of the screen. See that gratuitous “Please Support My Work” section? Go ahead and select a nice, juicy amount and then click the “Pay Now” button. Your donation (in any amount) is greatly appreciated! Okay, enough begging.
   
3. Next, read the “Usage Notes” section at the end of this article for a few additional bits of important information
4. Finally, select “Enabled” in the Main Sniffer Settings section, choose what data you wish to view in the Output Options section, and then select where you would like the output to go in the Output Location section
5. It’s that easy!

Output Settings Options

Whereas getting the WordPress Hook Sniffer to work is relatively straight forward, interpreting the output is a different story. What does all of that crap stuff mean?

Here is a brief overview of each of the output options and what information it can provide. However, to truly understand how to interpret the output and how best to use it in your development work, you will need to read my article, WordPress Hooks, Barbs, and Snags article.

A. Added Functions

Selecting this option outputs the special WP Hook Sniffer array that holds, in the order in which they were encountered during code execution, all add_action calls and add_filter calls. The file and line number from which a given function was triggered is also provided.

B. Removed Functions

Selecting this option outputs the special WP Hook Sniffer array that holds, in the order in which they were encountered during code execution, all remove_action calls and remove_filter calls. The file and line number from which a given function was triggered is also provided.

C. Action and Filter Function Array

This is the grandaddy, grandmommy, grandchild, Grand Ole Opry of output data. It contains the output of the $wp_filter array, the array that holds all of the added action and filter functions and is used by the do_action and apply_filters functions call to determine function firing order—although there is a twist here. You must read my article WordPress Hooks, Barbs, and Snags article to learn what it is.

D. Action Event Firing Order

This option contains the output of the $wp_actions array. A simple, one dimensional array that holds the sequential listing of all the do_action events that need to be processed. The events within this array used in conjunction with with corresponding data in the $wp_filter array determines the firing sequence of all action functions

E. Action Event Firing Sequence

Selecting this option outputs the special WP Hook Sniffer array that holds the sequential listing of do_action events with their corresponding fired action function(s). This listing shows you exactly the sequence in which each triggered action event fires its hooked action functions.

F. Filter Event Firing Sequence

Selecting this option outputs the special WP Hook Sniffer array that holds the sequential listing of apply_filters events with their corresponding fired filter function(s). This listing shows you exactly the sequence in which each triggered filter event fires its hooked filter functions.

1. Reporting Bugs: If you find bugs or are having issues using this plugin, you can either post a comment in this article or visit the support forum for this plugin. Assistance in providing patches to this plugin is appreciated.
2. Increasing Precision: If you want to see a more precise accounting of the execution time of a given function, you have to edit your php.ini file to increase the precision displayed for floating point numbers. Search your php.ini file for the entry:

   precision = 12

   and change that to:

   ; precision = 12
precision = 16

   As you can see, I like to comment out any changes to my default php.ini settings just in case I decide to revert the changes later. This allows you to do so easily without having to remember or look up what the default setting is supposed to be.

   Save your modified php.ini file and then restart your development server and you should now see the time-executed stamp displaying 6 significant figures instead of 2. This provides a sufficient level of detail.

3. Text Output Issues: If you’re using SSL or are behind a proxy server, you may have issues when selecting to send the output to a text file. There are a few work arounds for this, but suffice it to say that since this plugin is to be used exclusively in a development sandbox environment, I will not be coding these into the plugin. If you must use this plugin with SSL or behind a proxy server, then simply select the screen output option. You can learn more about this in the PHP manual for the fopen function.
4. Screen Output: When printing to screen, it may take a several seconds for output to finish. The output will start just below your theme’s footer.

This article is my exhaustive study of what I thought was a simple little function—the do_action function. It details how WordPress action hooks really work. It is a long, detailed article. If you want to understanding the inner works of the do_action function, then it will be worth your time. Although this article only briefly mentions the apply_filters function, the lessons learned about the do_action function apply equal as well as the coding of these two functions is nearly identical.

This is not a beginners guide to WordPress action and filter hooks. To benefit from this article, you need to understand what hooks are, why you use them, and how to use them.

Hooks, Barbs, and Snags

Before we start, I need to define two terms. You may be wondering about the title of this article, “WordPress Hooks, Barbs, and Snags.” You should already know the definition of a WordPress hook. But what are barbs and snags?

These are two terms I created to classify the following:

Barbs: salient insights about the functioning of WordPress hooks that stick out and grab your attention. Understanding these barbs help you avoid snags. In this sense, a barb is a good thing.

Snags: WordPress hooks that do not execute as expected, not because the do_action or apply_filters functions are misbehaving, but rather because you do not understand how these functions actually work.

The Hook Loop or Where the Issue Gets Complex

When it comes to code, loops can be tricky constructs to properly implement. What seems like a simple, innocuous operation may actually be more complex than meets the eye. This is the case with the do loops in the do_action and apply_filters functions.

There are two key arrays that WordPress uses to determine the firing sequence of actions and filters— the $wp_actions and $wp_filter arrays. These arrays get built throughout the execution of each page load and are not fully populated until page load is complete and PHP stops execution, waiting for its next command.

The $wp_filter Array

The $wp_filter array is where all added action functions and filter functions are stored for future reference and processing by both the apply_filters function and the do_action function. This array is a very-large, multidimensional array nested to four levels. See the snapshot of the partial contents of this massive array.

Here is a snapshot of what is generated in the $wp_filter array just by navigating to the homepage in my particular setup. Your results will vary depending on which plugins you have activated, which theme you’re using, whether you’re running WordPress in single-site or multi-site mode, whether you’re running BuddyPress, whether a user is logged into your site, and of course which versions of WP / BP you currently have installed.

As you can see, there are a lot of action functions and filter functions listed, each of which result in the grabbing and storing of added actions and filters. Not all of these are necessarily triggered. It is up to the apply_filters and do_action functions to determine which of the referenced functions will be fired.

The $wp_action Array

The $wp_actions array holds all of the current actions invoked by do_action events in the files that are processed when a given page is loaded. Like the $wp_filter array, the contents of this array obviously depend on the page to which a user navigates.

Here is a snapshot of what is generated in the $wp_actions array just by navigating to the homepage in my particular setup.

But read on as knowing about these two arrays is only one aspect to fully understanding the underlying processes, in figuring out the entire puzzle.

Populating the Arrays, Firing the Hooks

Here’s another piece to this complex puzzle. We know that the array $wp_filter holds an array listing all of the currently active action functions and filter functions. But how is this array built?

It’s simple. All action and filter functions that are not enclosed within a function, a loop, or any type of conditional clause currently not triggered, are added sequentially to this array as a given file is executed after it’s loaded (via either an include, include_only, require, or require_only function call). Therefore, as soon as a file is loaded, execution passes to that file and all directly executable add_action, add_filter, remove_action, and remove_filter function calls are processed.

This means that PHP is furiously processing function calls from these four functions, resulting in data being added or removed from the $wp_filter array. When an add_action call is triggered, the parameters are sent to the add_action function in the WP plugin API. When an add_filter call is triggered, the parameters are sent to the add_filter function—and so on.

However, one additional function is called when an add_action call is processed. As soon as the add_action function gets called, it immediately passes on the responsibility to the add_filter function. This means that WordPress looks at action functions and filter functions as the same. This is another key insight and is why both action functions and filter functions are referenced within the same array— the $wp_filter array.

Once the add_filter function gets control, it adds the calling function to the growing list of actions and filters that can be triggered by a given do_action or apply_filters event. This process quickly results in the $wp_filter array growing into a massive, multidimensional array. Of course, action and filter functions can get removed from the array via calls from the remove_action and remove_filter functions.

The reality of code execution is of course more complex. The $wp_filter array is still being populated with action and filter functions when the first do_action events are triggered. This means that it is possible to have a situation where an action or filter that is hooked to a given do_action or apply_filters event will not get triggered if the file in which the hooked function is located has not been loaded before the hook is triggered.

This last point is exactly what was happening in BuddyPress when the bp_init action hook fired. This is the issue that was puzzling me and resulted in this exhaustive study and creation of my new WordPress Hook Sniffer plugin. You can read this BuddyPress Trac ticket to learn more.

A Detailed Analysis to Shed Some Light

Here is a breakdown and partial analysis of the $wp_actions array, the array that holds all of the current actions invoked by do_action events in the files that are processed when the homepage is loaded. We will use this array along with the $wp_filter array to figure out what is really going on.

The contents of this array obviously depends on the page to which a user navigates. This is just what happens when a non-logged-in user visits the homepage of the default BuddyPress theme in my WPMU setup. The only other plugin that is activated is my BuddyPress Privacy Component. For these tests, I am running WPMU 2.9.2 and BuddyPress 1.2.3.

NOTE: To fully understand what is going on, you need to make sure that you are looking at the completed arrays and not the partial arrays grabbed partway through page-load.

Let’s look at the order in which do_action events will be triggered. We will analyze what is happening in the first four elements of the $wp_actions array (index value of “0” through “3”). How is each action triggered and what are the results? This will start off as a detailed look into each hook’s actions, but will provide fewer details with each additional event as the basic processes become evident.

The First Four Triggered Action Events

[0] => muplugins_loaded

[3] => bp_setup_root_components


[0] => muplugins_loaded

When a user navigates to the homepage of a default BuddyPress install running on top of WPMU, the first action hook that is invoked is muplugins_loaded. This is directly triggered on line 547 in wp-settings.php. Any added actions that are tied to this event will next be triggered.

Looking at the $wp_filter array, you will see that there are no actions tied to this hook. This means that there is no subarray element with a key name of muplugins_loaded. In other words, you will not find any reference to that action event within the $wp_filter array. So, this action event does not result in any action functions getting fired.

NOTE: A triggered hook may or may not have actions tied to it. If no actions are tied to the hook, the do_action routine passes by that hook, checking the next invoked hook for added action functions to fire.

Before the next action event is triggered, something important happens.

Execution of the wp-settings.php file continues. On line 703 of wp-settings.php, all the active plugins are loaded—both blog specific plugins and site-wide plugins.

If you look at that line, $current_plugins can be modified by any added filters. That is what happens. On line 2348 of wpmu-functions.php, an add_filter call triggers function mu_filter_plugins_list. This filter modifies the contents of $current_plugins, adding any MU plugins that have been activated site wide. Processing is returned wp-settings.php, resulting in the main file of each activated plugin getting loaded.

There is an interesting item to notice within function mu_filter_plugins_list. On line 2345 of that function, the two arrays $active_plugins and $active_sitewide_plugins are merged and the resultant new array is sorted.

What does this mean? It means that when it comes to the issue of action and filter sequence firing, it does not matter which plugins you activate first. The order in which plugins are added to each of the serialized objects active_plugins and active_sitewide_plugins is immaterial. The sort function will alphabetically reorder the contents of the merged array.

NOTE: Each WPMU blog has it’s own listing of active plugins that are stored in a serialized object in the blog’s wp_x_options table. Look for the entry “active_plugins” within the option_name field of that table. The corresponding active plugins are in the option_value field of that record. All plugins that are to be activated site wide within WPMU are stored in a serialized object in the wp_sitemeta table. Look for the entry “active_sitewide_plugins” within the meta_key field of that table and the corresponding plugins that are to be activated site wide in the meta_value field of that record.

So, in our particular case with two site-wide plugins installed and activated (buddypress and bp-authz), the order in which they were activated is immaterial in determining which file is included (loaded) first by the conditional loop code starting on line 704 of wp-settings.php.

If you look in the wp_sitemeta table for the meta_key “active_sitewide_plugins”, you will see this:

a:2:{s:24:"buddypress/bp-loader.php";i:1270239897;s:28:"bp-authz/bp-authz-loader.php";i:1270396554;}

BuddyPress appears first because I activated it first—as is necessary. But, when the references to these two main plugin files are processed through the mu_filter_plugins_list function, they get sorted. This results in bp-authz-loader.php getting loaded before bp-loader.php.

This could be a big issue as all BP-dependent plugins rely on BuddyPress to be installed, activated, and loaded. Any BP-dependent plugin that comes alphabetically before “buddypress” will have their main file loaded before BuddyPress’ main file.

Barb 1: As a BuddyPress plugin developer, this is the first major insight, the first important barb that can prevent your code from hitting a snag with regards to action and filter execution.

Fortunately, there is an easy way to prevent this barb from snagging you and those that use your plugin. Make sure that BuddyPress is active before your plugin loads its core files.

Since that is exactly what I’ve done with my BuddyPress Privacy Component, there are no issues and execution quickly passes back to the loop and the next file in the $current_plugins array is loaded. This is the main BuddyPress file, bp-loader.php.

[1] => bp_core_loaded

Execution of bp-loader.php begins. On line 22 of bp-loader.php, the first custom BuddyPress action event is invoked:

do_action( 'bp_core_loaded' );

It is directly invoked, directly triggered. It is not enclosed within a function, a loop, or any type of conditional clause. This invoked event is what appears in the second element of the $wp_actions array.

Since there are currently no tied-in actions to this particular action event (as can be easily determined by looking at the $wp_filter array), the invocation of this action does not result in further actions being triggered.

The execution of bp-loader.php continues. Right after line 22, a series of conditional clauses include (load) all enabled BuddyPress modules—activity, blogs, forums, friends, groups, messages, xprofile.

As each of these files are included (loaded), any directly invoked (directly triggered) action events within each of them will also be invoked. Since there are no additional, directly invokable do_action calls within any of these files, execution is passed back to wp-settings.php.

[2] =>plugins_loaded

On line 735 in wp-settings.php, the do_action event for plugins_loaded is directly triggered.

do_action('plugins_loaded');

This is when things really start to accelerate. Up until this time, only a few lines of php code within BuddyPress have actually been run.

With the invocation of the plugins_loaded event, we now have our first action hook that has actions tied to it. Understanding what happens next leads us to the second major insight, the second important barb.

To understand what happens next, we need to inspect the elements within the plugins_loaded array of the $wp_filter array. I have extracted just that subarray element below:

plugins_loaded:
Array
(
[0] => Array
(

)


This array element is itself a multidimensional nested array. In fact, the first element (with an index value of “0”) has two action functions referenced.

An important point: each subarray of the $wp_filter array is a numeric array. Read that again. This means that the second level of the nested $wp_filter array contains numeric arrays.

You might be wondering how the index values for these numeric arrays are set. This is simple.

The key, the index value, of each 2nd-level array element is determined by the priority assigned to the event in the add_action and add_filter call. Thus, the priority set for a given action or filter function becomes the key of each element in a given hook’s multidimensional array. If a priority is not set for a given add_action or add_filter call, it is automatically defaulted to “10”. This means that any and all added actions or filters that do not specify a priority are automatically assigned to the proper action array element with an index value of “10”.

As an example, if the priority for a given added action is set to “16”, then that particular action function will be located in the array element for that action with an index value of “16”. Multiple action functions can be added under the same index value, creating an array of action functions associated with the same numeric key element. The order in which they appear is determined by the order in which they were executed.

Barb 2: This is the second major insight, the second important barb that can prevent your code from hitting a snag with regards to action and filter execution.

Now, the next piece of the puzzle is this. The order in which action functions are added to a given action array element is determined by the order in which they are encountered, the order in which their corresponding add_action or add_filter calls were fired. As we will see below, this is what makes determining the firing order of added actions and filters difficult.

Barb 3: This is the third major insight, the third important barb that can prevent your code from hitting a snag with regards to action and filter execution.

Barb 4: The higher the index key, the later the action or filter functions within that index-key grouping will get fired. Therefore, using the example above, if we set a priority of “16” for a given action function, it would get fired only after all the other action functions with a lower priority have been fired.

We have now reached the final piece of the puzzle!

Near the beginning of this article, the complexity of the do loops within the do_action and apply_filters functions was briefly mentioned. And it is within those loops that this story really finally gets resolved.

If you look at lines 166 (within the apply_filters function) and line 339 (within the do_action function) of the wp-includes/plugin.php file, you will find the code lines where the actual hooked functions are fired. Do you see the call_user_func_array() function call? That is a core PHP function. It is what will actually fire the next action or filter function in line, as determined by the data in the $wp_filter array.

The action of the call_user_func_array() function nested within the do loop is not as simple as it may seem. Why is this? Well, currently we are discussing the plugins_loaded action event and all of the tied into functions that get fired.

Look at the next action event to get triggered within the $wp_actions array. It is the action event bp_setup_root_components. But wait. Why is there another action event being triggered? We have not yet finished iterating through all of the added action functions to the plugins_loaded action event.

Once again, the reason is simple. Triggered action functions can themselves have action events. Inspecting the plugins_loaded subarray in the $wp_filter array, we see that the bp_setup_root_components action function is invoked by the plugins_loaded event via an added action call on line 2021 in bp-core.php. Within that action function there is an action event called bp_setup_root_components.

So, the sequential processing of all the added action functions with the plugins_loaded subarray of the $wp_filter function has come across a new action event to trigger. It now gets priority and further processing of the plugins_loaded subarray is put on hold until the bp_setup_root_components action event is finished processing its added action functions.

Barb 5: This can quickly result in a nested grouping of action events with the firing of their corresponding action functions. This is the final piece to the puzzle and the last and final barb that can prevent your code from hitting a snag with regards to action and filter execution.

As you are reading this, the juxtaposed actions of the do loop with the call_user_func_array() function more than likely seem obvious. It may seem this is not unexpected behavior or difficult to understand.

Whereas that is the case when all of the data is clearly laid out before you, the complex actions of these intertwined functions are not apparent when you are coding a plugin. There is no practical way to peek inside this action-event, action-function feedback loop.

This is were the true value of the WordPress Hook Sniffer plugin is revealed.

[3] => bp_setup_root_components

Here’s where we understand the last piece to this confusing puzzle.

Inspecting the $wp_filter array for this action event you will see that there are four action functions that are hooked to this action event: bp_activity_setup_root_component, bp_blogs_setup_root_component, bp_forums_setup_root_component, groups_setup_root_component.

These action functions are fired in that sequence. Since they do not have any action events which they trigger, control is passed back to the plugins_loaded event and the next action function in the plugins_loaded subarray is fired.

Applying the Lessons

When interpreting the results of the WoodPress Hook Sniffer plugin, you need to look at the output of the $wp_actions array and then search out the hooked actions to each of those items (if any) in the $wp_filter array. This will give you a general idea of what gets fired when. You can then experiment and see how changes to action priorities affect the firing sequence of a given added action.

You need to carefully think about the execution timing of each action or filter you add, looking at the corresponding triggering event for the hook or hooks to which it’s tied. Remember, you can hook a function to more than one hook which means that it is possible, if you are not careful, that some of them may fire whereas others may not. It’s all a matter of whether or not the reference to the action or filter function was successfully added to the $wp_filter array before the associated hook is triggered.

Looking at the Action Event Firing Sequence and the Filter Event Firing Sequence will help you precisely tune your added hooks and filters. Remember that execution my temporarily pass to another action or filter event. The output of these two WordPress Hook Sniffer arrays will show you when that happens.

Finally, there is no requirement that you place your add_action and add_filter calls right below the functions in which they are associated. Whereas doing so does facilitate code understanding, you could instead place them all at the top of the file (or the bottom) in which the associated functions are located. Remember, each add_action and add_filter function call that is directly executable is processed as soon as a file is loaded. So it does not matter where within the file those calls are located—with the possible exception of fine tuning the execution order of a particular function.

Final Notes on the $wp_filter and $wp_actions Arrays

The arrays $wp_filter and $wp_actions are repopulated from scratch each time a page is loaded. They do not contain a running accounting of all action and filter functions and all action and filter hooks. The contents of both of these arrays may vary depending on which page you navigate. The contents will depend on the files that are loaded (via include, include_only, require, require_only) when a given page you are on is displayed.

The reality is that, when visiting a given page, there will always be more hooks, action, and filter functions buried deep inside non-loaded files or within function blocks that are not directly hooked. The first is a result of the add_action, remove_action, add_filter, or remove_filter calls not getting fired until that file is loaded. At file load, any directly-executable do_action or apply_filters will be triggered as well. The second is the result of functions that have hooks that only get triggered if the file is loaded and the function is fired.

Although the WP Hook Sniffer will locate all action and filter hooks, and action and filter functions no mater the source–core files, custom themes, or 3rd-party plugins–what is captured depends on one simple rule—that the hooks and function calls are actually fired during page load.

As an example, WP Hook Sniffer cannot locate add_action calls that get fired on a different page than the currently loaded page. It can also not locate add_action calls that are buried inside a function that does not get triggered unless a special criteria is met. To sniff out those added actions, you have to navigate to that page so that those calls get fired or cause the special criteria to be met so that the function containing the buried action call is triggered.

Remember, the way that the WordPress Plugin API processes added and removed actions and filters is by storing (or deleting) a reference to them in the $wp_filter array. But that only happens for hooked functions that are actually encountered during page load. The $wp_filter array is wiped clean with each page load and rebuilt from scratch. The same holds true for the $wp_actions array and the action hooks it tracks.

Therefore, if you have action or filter functions that are supposed to be fired on a given page but you are not seeing that they’ve been fired, then that indicates that they are hooked to an action or filter event that finishes firing before the file in which the target action or filter functions are located even gets loaded. This is exactly what happened to me and caused me to write WP Hook Sniffer.

Summary of Barbs: the Key Insights

1. When it comes to the issue of action function and filter function sequence firing, it does not matter which plugins you activate first.

2. The key, the index value, of each 2nd-level array element within the $wp_filter array is determined by the priority assigned to the event in the add_action and add_filter call.

3. The order in which action functions and filter functions are added to a given action or filter subarray element in the $wp_filter array is determined by the order in which they are encountered during code execution.

4. The higher the index key, the later the action or filter functions within that index-key grouping will get fired.

5. Action hooks (events) –> trigger action functions –> which can have additional action hooks –> which can trigger additional action functions –> until control is passed back to the the originally-triggering action hook.

This is the action-event, action-function feedback loop caused by the juxtaposed actions of the do loop with the call_user_func_array() function.

I wrote a response but decided to share it here as I periodically receive similar DMs, PMs, and emails. So, the next time that someone asks my opinion on this issue, I can simply point them to this post and be done with it.

Although this topic seems to rear its ugly head periodically, it clearly will not die. This is not an attempt to reignite any of the heated debates of the past.

Please respectfully add your comments and thoughts. I will include all that stay civil.

My Response

You have specific freedoms with all GPLed themes and plugins. To find out what those are, you should read the appropriate version of the license under which a given theme or plugin is licensed.

Here are a few things to consider:

1. If you turn around and release any premium GPLed theme or plugin to the public, you will have to offer support to anyone who uses it or tell them that there is no support offered. Most authors of premium themes and plugins will not provide support for thier work if it was obtained from another site.
2. The community in general frowns upon people who take someone else’s work and profit from it—even though it may be perfectly acceptable under the GPL. So, if you decide to redistribute someone else’s premium work for a fee, then you should be aware that it may cause some backlash. If you are using someone else’s premium work as the basis of a new product, in other words you will be adding additional value to it, that is a different issue. The value added should be appreciable, you must always give credit to the original creator, and the work must remain licensed under the GPL.
3. You will have to provide your own download site. Since you are not the author of the theme or plugin, the WordPress repository will most likely not accept it for inclusion. The exception to this would be if you are creating a new version of the original theme or plugin, if you are adding additional, substantive value to it as detailed above. One scenario would be updating and rereleasing a GPLed theme or plugin that the original author no longer supports.
4. Many people within the greater WP community frown upon such maneuvers in general. Both premium theme designers and premium plugin developers donate a considerable amount of time to designing their themes and coding their plugins. They are simply trying to earn an honest living from their generous contributions.
5. There is nothing in the GPL that disallows theme designers or plugin developers from charging a distribution fee or a support fee for their work. The GPL is about usage freedoms, not about free-as-in-cost software. There is nothing in the GPL that differentiates between a designer’s work being fundamentally different than a developer’s work. So designers and developers are operating within the rights of the GPL when they offer their work for a premium—as long as they are only charging a distribution and/or support fee. When it comes to offering premium themes or plugins, any talk about the differences in rights between designers and developers is outside of the GPL, is a matter of opinion more than legal fact.
6. Currently it seems that in the WordPress community, premium theme designers are accepted in general whereas many premium plugin developers are not. I believe this disparity, this inequity, cannot last for long. The community needs both designers and developers. If developers are not afforded the same opportunities, then some will move on.
7. See my post in the following thread for my additional thoughts and opinions on this topic.

I went looking for a solution. The result, 15 lines of PHP you can use to accomplish the goal. No need to mess with plugins. Instead, you pull your tweets from your own Twitter RSS feed using the simpler Twitter Search API, not the Twitter REST API.

Here’s the article I found and used as the basis for my own solution. I’ve made a few modifications to the parsing function that I think provides a better, more flexible outcome. One change is that I add the rel=“nollow” attribute to each “a” tag. Since the content you are displaying (in your tweet) is your own, Why would you want the search engines sending some of your hard-fought link juice back to Twitter?

The second change I made was to parse the array an additional time so as to separate out the body of the tweet from the metadata. I just want to display my tweet. That’s all. But, the new array can be used as you see fit.

<div id="my_tweets">
	<?php
		// Your twitter username; replace below; keep username in quotes
		$username = "blahblah";

		// Content you want to include before your tweet; I'm using this for a quick title
		$prefix = "<h2>My Latest Tweet</h2>";

		// Content you want to include after your tweet
		/*$suffix = "<br /><br />You should follow me on Twitter";*/

		$latest_tweet = "http://search.twitter.com/search.atom?q=from:" . $username . "&rpp=1";

		function parse_feed( $latest_tweet ) {
		    $tweet_array = explode( "<content type=\"html\">", $latest_tweet );
		    $tweet_array2 = explode( "</content>", $tweet_array[1] );

			$tweet = $tweet_array2[0];

			//No need for search engines to follow twitter links or tags; add no follow
			$tweet = str_replace( "&lt;a ", "&lt;a rel=\"nofollow\" ", $tweet );
		    $tweet = str_replace( "&lt;", "<", $tweet );
		    $tweet = str_replace( "&gt;", ">", $tweet );

		    //some extra tweet metadata you can use if you want
		    $tweet_extra = $tweet_array2[1];

		    return array ( $tweet, $tweet_extra );
		}		

		list ( $tweet, $tweet_extra ) = parse_feed( file_get_contents( $latest_tweet ) );

		echo stripslashes( $prefix ) . html_entity_decode( $tweet );

		// If you want to include more content after the tweet, use this instead
		/*echo stripslashes( $prefix ) . $tweet . stripslashes( $suffix );*/
	?>
</div>

I simply placed this code in a division within my index.php file. You can place the code wherever you like—in a sidebar, the footer, a separate page, etcetera. Of course, you could also add it to your functions.php file and simply call your custom twitter-feed function in your template. It’s your choice.

Also, I imagine this simple code could be adapted for use in BuddyPress as well.

To see how it looks on my site, just go to my homepage.

By the way, it may come as little surprise to you, but I am not a design genius nor even a moderately-skilled designer. I choose to spend my WordPress time either coding or actually creating content for my site. So, you are on your own as far as positioning the output. But, I hear that you can use CSS to do that.

Have fun!

In a recent post, I asked for ideas on how WordPress ecosytem developers can earn a living doing what they love to do—coding great-quality plugins for WordPress, BuddyPress, and bbPress. This post is my attempt to try the time–honored (but more than likely ineffective) request–for–donation approach for my BuddyPress Privacy Component.

Please Note: The new BuddyPress Privacy Component which will work with BP 1.2.7 is not yet available. The below PayPal button is for donation to support development. It is not a paywall that provides access to a download link for the Privacy Component. All of my WordPress and BuddyPress plugins to date are GPLed and are freely available on the WordPress Plugin Repository. Once the updated-version of the BuddyPress Privacy Component is ready, I will make it available in the same manner. Only donate if you want to provide development support.

But, I’m going to go about this in a slightly different way. This approach is a serious attempt at doing things differently. I hope it does not provoke the ire of my readers.

How is my approach going to be different? Well, I’m going to be upfront and honest about the time commitment on my part to code, update, and support my BuddyPress Privacy Component. Then, I’m going to appeal to your sensibilities. If that doesn’t work, I’m then going to leverage your needs!

Please click the first link above and read that, if you have not already. Then, come back to this post and continue reading.

First a Caveat

Please be advised that the approach I’m about to detail will be controversial. This is my attempt at one possible solution to the question posed in the first link above. It is an experiment at best.

Do I think that this approach will be warmly received? No. Do I think that it will be successful? No.

But perhaps it will stir up healthy conversation and some tangible solutions.

The Ever-Changing BuddyPress Landscape

BuddyPress version 1.2 is fast approaching its public release. However, the underlying codebase has undergone major code refactoring and even significant changes in functionality. So much has changed that it will require a significant amount of time to refactor my Privacy Component codebase to function properly in the newly-overhauled BP platform.

I’m not complaining about the changes. I’m just stating a fact. I believe that BP version 1.2 will be superior to previous versions.

I’ve had discussions with a few other BuddyPress plugin developers who wonder if we’ll see similar codebase changes in future versions of the BuddyPress platform. At this stage, we have to assume that this is a real possibility. Therefore, it is only wise to plan accordingly, to assume that with each major new release, that parts of our plugins may require significant TLC. But again, when the dust settles, version 1.3 of BuddyPress will be superior to previous versions.

It’s Just Time, Right?

I currently estimate that it will take at least 30 to 40 hours of code refactoring and functional code changes to bring the current version of my BuddyPress Privacy Component up to working order for BP v1.2. Of course, not all of this time is for coding. A noticeable amount of this time is studying the changes to the BP codebase and figuring out how key object arrays, actions, and filters have changed. When version 1.3 comes out later this year, it may require a similar amount of effort. This estimate does not even take into account the incremental versions (1.2.x, 1.3.x) that could require fixes here and there. But, leaving the incremental version changes out of the equation, I estimate that this phase of the project will require between 60 and 80 hours of work in 2010.

Along with updating the plugin, support is another time sponge. I estimate that once my plugin hits the mainstream, that I could be looking at at least 5-10 hours a week for support requests during the first two weeks of a version release and then 10 hours a month until the next version is released. With two major BP privacy plugin versions assumed to be released in 2010, that equates to an estimated total of 100-140 support hours in 2010.

Finally, there is at least one big, missing piece of the privacy puzzle—group privacy filtering. Until development of BP v1.2 is frozen, I will not be able to provide an accurate estimate of how many hours it will take to code a full-featured suite of group privacy filters. But, I do know that there is talk of possible, significant changes to the groups component in version 1.3. So, once again, this is my best guesstimate. I’m assuming roughly 80 hours of coding to bring to fruition group privacy filtering.

What does this all add up to? The total estimated time required in 2010 to upgrade, maintain, augment, and support my BuddyPress Privacy Component is 240-300 hours. At my standard, weekly work schedule, that is roughly 4 weeks of my time!

This is more than likely an underestimate of the amount of time that will be required, but I’m using that figure to help me determine a realistic financial support request. Also, it does not include the hundreds of hours already invested in the current version.

An Appeal to Your Sensibilities

Now, of course I cannot possibly donate four weeks of my time on this plugin or any of my other not–yet–released BuddyPress plugins. Can you donate four weeks of your time for anything? Would you give up your vacation time (and then some) to provide free software programming and consulting services?

My goal is to recoup some of the time I’ve already put into developing this plugin, to fund the current and future upgrades and enhancements to this plugin over the course of this year, and to cover some of the support time I will inevitably be requested to provide.

Supporting Development, Developing Support

How is my donate button different than others? Well, it is not a donate button. It is a support this project button. It’s a request for action, an opportunity for you to show your support by buying into the project. If there is not sufficient support, then the project will be discontinued.

Without sufficient financial support, I cannot continue to develop this, or any other plugin. I need to have a reasonable cash flow. I have to contribute to the support of my family.

Based on my above estimates of the number of hours that I will be required to put into my BuddyPress Privacy Component in 2010, I’ve set a goal of $9,000. That adds up to an hourly rate of between $30 and $37.50. This, in itself, is a greatly reduced hourly rate from my previous consulting days. That is okay. I’ll consider the difference as my continued donation to the cause.

What Happens in 2011?

This request for financial support is only for 2010. So, you rightfully may ask, what will happen when 2011 rolls around?

By then, privacy in some form or other should be a core BuddyPress component. It will thus be maintained by the core development team—and I’d be willing to help them maintain it as well.

Of course, it’s possible (but I think unlikely), that privacy will become a core feature of BuddyPress this year. If it does, I very much doubt that it will be the fined grained, fully-featured privacy suite that I offer in my plugin. But Andy and JJJ are very clever guys. So, you never know!

What Happens if You Don’t Raise the Entire Amount?

Since PayPal allows for refunds to be sent within 60 days of receiving a payment, I plan to hold all proceeds in my PayPal account. In 58 days from the date on this post, I will assess the results. If the goal has not been met, I will decide if I’m willing (and able) to provide the entire year’s worth of work discussed above for the amount raised. If I decide to proceed, I’ll withdraw the funds from my PayPal account. If I decide not to proceed, I’ll issue a refund through PayPal.

So, on Monday, March 1, 2010, the final decision will be made.

BuddyPress Privacy and BP Version 1.2

Just to allay any fears, I have already committed to bringing my privacy component up to code to work under BuddyPress version 1.2. That will happen no matter how this little experiment turns out. The real issue is what happens from that point.

Wait, Open Source is Supposed to be Free

Most people expect software to be free these days, especially with Open Source projects. But the spirit of Open Source is not providing free (as in no cost) software. It is in providing freedoms in how you use the software. These two pages on Gnu’s website–the maintainers of the GNU GPL license which WordPress is licensed under–explain it very well:

• Selling Free Software
• The Free Software Definition

So, although it is customary in the WordPress ecosystem for plugin developers to offer their work for no cost, it is not what is intended by the GPL, it is not what Open Source is truly about.

Has the misguided assumption about free (as in cost) software become too ingrained in our community? Whereas designers who offer GPLed–premium themes seem to be accepted into the community without issue, developers who offer GPLed–premium plugins are often treated differently. There should not be a double standard. Both designers and developers should have the right to earn a living from providing great-quality free software.

My Plugins will Always Be Free

I believe in the free software movement, in the spirit of open source. I will always freely provide my plugins to the greater community. I’m truly not looking to sell my code. I am just looking for an acceptable vehicle (besides the consulting route) that provides some financial support so that I can continue offering high-quality (I hope!) plugins.

An Appeal to Your Needs

Now, I’m in no way intending to hold the BuddyPress community hostage. I’m trying to see if this idea will work.

Is privacy something that you think is important in BuddyPress? Is privacy filtering for your members’ data something that you need for your BuddyPress-based community?

If you have read this far, and have not unfriended me over at BP.org or unfollowed me on Twitter, then I am amazed! Actually, it does not surprise me. I assume that you agree that Privacy is of paramount import in BuddyPress, in any social network.

If privacy is something you value in BuddyPress, then I ask that you please help support my efforts. Tweet about this post (you can use the Tweet This! button on top), blog about my post, draw attention to my efforts in other ways, and finally, put a few dollars into the project’s coffers. I’ll then do all the heavy lifting!

Thank you!

The bar chart below and at top will update as support rolls in. The question is, will it roll in at all? If not, what are my options?

UPDATE: January 19, 2010 A year after this post and here are the results. See my current thoughts on this issue in this article, BP Privacy: History and Lessons Learned from Developing a Major BuddyPress Component.

I think it is not only fair and appropriate, but also necessary for plugin developers to have the opportunity to make a living, or at least part of their living, writing great code that extends the base functionality of the BuddyPress platform.

To be clear, I am not an employee of Automattic. Like the vast majority of BuddyPress developers, I do not get paid a single cent for my contributions. In fact, as a salaried employee of Automattic, Andy Peatling, the lead developer of BuddyPress, is the only one who gets paid for his time working on this Open Source project (as far as I know).

Again, I am not looking to fan the embers of previous debates. I do not have any issue with how Automattic runs the WP plugin repository or care if they never list commercial plugins. That is not my point.

All I’m asking is how can plugin developers exist on an equal footing with theme designers when it comes to the issue of earning a living? Currently, the only three options that developers have, it seems, are to advertise a donate button for each plugin, accept consulting gigs, or accept advertising on their website. But donate buttons rarely provide much support and providing consulting services to clients is not for everyone. Furthermore, for me, I do not care to turn my personal website into a billboard.

The argument that plugin developers benefit by offering their work for free is flawed. It assumes that all developers are looking for consulting work, and two that all developers who offer their work for free will receive consulting work. Whereas it is certainly the case that some plugin developers have built a nice consulting business as a result of their donated work in the WordPress community, that does not mean that this route is for everyone.

What if a developer just wishes to code great-quality plugins like a theme designer designs high-quality themes? What if he or she does not want to provide any other service? How should this developer be compensated for their time?

But, since you asked, I do have a donate-like button for my BuddyPress Privacy Component. You can read more about my version of “donate” here.

I would like to hear some ideas on this topic as I have contributed much time to the BuddyPress community but have not earned a single penny. I am not looking to provide programming services or start a consulting company. I have a significant project that I’m working on so I don’t have time for much else.

Since I am not yet making an money on my project, I need a vehicle to earn some semblance of a respectable cash flow. Just as some theme designers earn a decent income from their premium themes, I would like to think that my income vehicle could be BuddyPress component development.

So, ideas and civil discussion, please!

After learning the rudimentary workings of OAuth, it quickly became clear that it did not offer a mechanism for internal access control, nor was it even intended to be used as an authorization protocol. I’ll discuss this last statement in more detail later.

So, to educate my fellow social media gurus, I decided it would be helpful to jot down what I learned and determined about OAuth, its intended use in any social media application like BuddyPress, and how privacy control needs to be implemented within BuddyPress.

What is OAuth?

From the OAuth Core 1.0 Specifications:

The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.

Therefore, OAuth is a set of rules and procedures that facilitate the exchange of data between websites without the requesting website requiring the user to provide his or her sensitive authentication credentials. This enables a greater level of security for all users.

Imagine if you had to provide your Twitter credentials (username and password) when installing the Twitter Facebook Application in your Facebook profile. Fortunately, Twitter now uses the OAuth protocol so your password does not need to be provided to and stored by Facebook. Instead, a token with defined rights is created and used by the Twitter Facebook Application to gain access to your Twitter data.

How Privacy Needs to be Implemented in BuddyPress

Whereas OAuth can provide access control to a user’s private data, or any URL with a need for access restrictions, it does so only between sites. OAuth is not a protocol used for internal access control; it is not an internal authorization protocol.

(Visit this post to learn more about Authentication Versus Authorization)

Again, from the OAuth Core 1.0 specification:

It is important to understand that security and privacy are not guaranteed by the protocol. In fact, OAuth by itself provides no privacy at all and depends on other protocols to accomplish that.

Therefore, BuddyPress requires its own internal privacy protocol. Enter, BPAz, my BuddyPress Privacy Component

BPAz is a necessary protocol for providing privacy to all BuddyPress users’ personal data. Once a given user’s data is sufficiently controlled by their BPAz access control list (ACL), they can feel more confident in exposing any data they wish to share across the Web.

BPAz is internal to a given BuddyPress install. It provides the mechanism whereby a give authenticated user can establish access rights—via an ACL—to their internal objects. The focus is on allowing users to have fine-grained control over their personal data. OAuth, on the other hand, is a protocol that facilitates the cross-site sharing of user content.

With BPAz, users can compartmentalize their data, to decide which pieces can be shared and with whom. OAuth can then generate tokens based on a given user’s ACL that allow clearly defined access rights to users in outside networks. Without the privacy filtering of BPAz, OAuth tokens would be very broad in scope, potentially allowing access to all of a user’s data with a single token.

Now, it is not as simple as installing my Privacy Component and suddenly your BuddyPress site is ready to safely communicate your users’ data to the outside world via OAuth. WPMU and BuddyPress first need to properly communicate with OAuth. This is on the roadmap for a future version. Once that happens, I will take a look at the code and figure out what, if any, I need to alter in my Privacy Component to properly communicate with OAuth.

So, the take home message is this. Authentication within BuddyPress is currently handled by a few internal core WPMU scripts. Authorization, however, is not yet a core feature of BuddyPress. My Privacy Component is an important first step in molding BuddyPress into a platform that can safely and effectively interact with other social media sites.