WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ uses SubversionSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. (SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/.) for version control, in addition to providing each hosted theme and pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party with a repository that the author can commit to, we also use it for the WordPress software and the WordPress.org website as well.
Setting up a SVN Password
SVN passwords separate your commit access from your main WordPress.org account credentials. SVN passwords cannot be used for any other services on WordPress.org, including logging into your account, just like any other application-password you may have use elsewhere.
- While logged in, visit your profile at https://profiles.wordpress.org/me/profile/edit/.
- Click on the Account & Security tab.
- Click SVN credentials
- Click Generate Password
- Click Copy next to the newly generated password to copy it to your clipboard.
The password is randomly generated, and you are unable to specifically set it to one of your choosing.
Why do I need a SVN-specific password?
WordPress.org requires all SVN committers to have Two-Factor Authentication enabled on their account, but due to technical limitations this 2FA implementation cannot apply to our existing code repositories.
By using an industry standard high entropy generated password we can reduce the exposure of WordPress.org to compromised passwords due to password re-use and chance brute-force attacks.
Using the SVN-specific password, you’ll be ensuring the long-term security of your code, increasing trust in both your theme or plugin and WordPress as a whole.
FAQ
Are there any limits to how often I can generate a new password?
No. You may generate a new SVN password daily if you wish, all previous generated passwords are invalidated when you do so.
Do I need to use a SVN password?
Yes. All existing committers should migrate to using a SVN password.
Your existing account password will temporarily continue to work with SVN while we transition all accounts to this new system, this is to reduce the impact upon everyone.
We have not yet announced when we’ll cease to accept the account password with SVN, but all accounts will be required to make the switch.
We encourage you migrate at a time convenient to you, before we remove the account passwords from SVN entirely.
Can I switch back to my account password?
No. Once you’ve generated a SVN password, you are unable to opt-out.
Can I share my SVN password with my team?
No. Please ensure your password is only used by yourself, and any automated tools which you authorise to act on your behalf.
You are responsible for ensuring that your account is only used by you, and you alone.
You may have multiple committers on a plugin, please see the Plugins Handbook for details on adding additional committers.
Which repositories do I have access to?
WordPress.org operates many subversion repositories, the repositories you have access to will depend upon your role.
- Plugin Authors can commit to their plugins folder in
https://plugins.svn.wordpress.org/PLUGIN-SLUG/
- Theme Authors can commit to their themes folder in
https://themes.svn.wordpress.org/THEME-SLUG/
- WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. developers have commit access to the WordPress development repository, which is covered in the Core handbook.
For information on using SVN, please see the WordPress.org Plugin Developer Handbook.
I’m using a SVN password, but I’m getting Authentication Failed?
SVN usernames are case-sensitive, and may include spaces. Please check the displayed username carefully.
Historically WordPress.org allowed accounts to create a username which consisted of uppercase characters and spaces, this is no longer accepted but existing accounts cannot change their username.
If you’re sure your WordPress.org username and the SVN password in use are correct, please verify that you do indeed have commit to the resource you’re attempting to change.
For Plugins, you need to be listed as a Committer on the plugin. See the Plugins handbook for more details.
For Themes, only the theme author that’s used to upload to WordPress.org can commit to the theme.
For WordPress.org and WordPress Core, please note that access is limited to trusted individuals only. We encourage others to contribute through TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. or GitHub PRs. Please see Contributing to Core and the Becoming a contributor documentation.
How are SVN passwords stored?
SVN passwords are stored in the same format as WordPress uses for user passwords, and as such are salted and hashed based on the Portable PHP Password Hashing Framework.
Once generated WordPress.org no longer has access to the raw password.