The first version of WordPress that was actually called as such, was version 0.71 named “Fire”. The original blog post from 2003 announcing the release and the features can still be found here. The initial release that became WordPress was forked by Matt Mullenweg and Mike Little from a piece of online blogging software called ‘b2 cafelog’, which was originally developed by Michel Valdrighi. Even though b2 was gaining popularity, Valdrighi was unable to put a lot of time into it due to his commitments to paid projects. So by 2003, when Mullenweg and Little were launching WordPress from the forked b2, he turned back up online and stated that WordPress would become the official branch. He remained somewhat active with initial WordPress development until 2005. WordPress wasn’t the only modern CMS to branch off from b2 cafelog, b2evolution is still going strong, and which offers a lot of similar features that WordPress does today.



I decided to download a copy of WordPress 0.71 from the WP archive listing and see if I could still get it up and running. The requirements are quite modest but did require me to grab a slightly earlier PHP version for MAMP. The original release requires PHP version 4.0.6 or higher, and MySQL version 2.23 or higher, bearing in mind we now have PHP version v7 and MySQL v5! The biggest problem was updating a few very old and deprecated functions, and I did break a few security features just to gain access to the admin area, but I was eventually able to get a version up and running on my machine.


This is what the homepage looks like on the first version of WordPress. The format is quite similar to modern WordPress installs. The default was the blog index page, dates, comments and the sidebar are all there. The sidebar even includes, by default, links to Matt and Mike’s personal sites, which are of-course the Matt Mullenweg and Mike Little mentioned above. The URL’s used for categories, search and archives are actually the same as modern WordPress, and worked fine when I coped them onto this site (the search results URL is /?s=wordpress&submit=search).



The admin area is definitely the best part. The UI is definitely showing its age, but all the features, layouts and input boxes will be recognisable to anyone who has some experience using modern WordPress. The old navigation sits across the top of the site instead of down the left hand side, and is a lot simpler with far less features and settings pages. The focus on being a blogging platform and nothing more at this point is very evident.



These are all the settings you need to get your basic blog up and running. Posts per page is still there, as well as some basic time and date formatting.



This is the entire users section. A users “level”, which was just a number, has to be set to 0 before the option to delete the user would become visible.



File templates could still be edited from the admin area, with a lot of the content for something like index.php looking very similar to a modern day vanilla WP instal.



To no ones surprise, there are a lot of severe level security threats identified when looking at version 0.71. These tests are using a modern day checker, and won’t necessarily have been obvious 15 years ago. There would also probably be more issues here, were this earlier version of WordPress as big as a modern day version. The most serious issues are to do with remote code execution and and directory traversal. Users who had the ability to manage options and upload files were able to upload and execute scripts by adding the scripts path to the list of active plugins. The most serious issue allowed attackers to execute and include arbitrary PHP files using the get_category_template function. Any issue of the severity shown in this list in a modern WordPress version would prompt a very swift security update from the WordPress core team.


The security issues facing WordPress 0.71

Here are some links to useful and interesting sites that I used when setting this up.


– WordPress Wikipedia