CMS Airship


Indistinguishable from line-noise.


Cryptographically Secure Pseudorandom Number Generator

How to Contribute to Airship, Even If You're Not a Security Expert

If you believe in our mission to make online publishing safer for everyone, you may have considered contributing to CMS Airship already. Whether you share our desire to see data breaches become less frequent or you seek some open source work to put on your resume to improve your employment prospects, there are a myriad of ways to get involved. We greatly welcome anything you feel you can contribute.

CMS Airship on Github

What follows are some things we'd specifically ask for if given a choice.

Security Analysis

Although Paragon Initiative Enterprises specializes in PHP security and cryptography, we are mere mortals. Consequently, anyone who knows even a little bit about computer security might be able to find any hypothetical mistakes we made. We'd love to have more peer review on two fronts:

  1. If we made mistakes, we'd like to learn from them so we can not repeat them.
  2. If we haven't, we'd appreciate any confirmed negative findings from security researchers who have time to look through the code.

We have a bug bounty program, but the rules of engagement are different than what you might expect from a company that says, "We have a bug bounty program." Please read the program description carefully; you might enjoy it.

User Interface - Actionable Feedback

Although we've been iterating our front-end design to be more aesthetically pleasing based on the feedback we've received from the community, we haven't had a lot of actionable feedback.

Our goal is to provide a secure foundation upon which you can sculpt your digital masterpieces. Providing a digital masterpiece of our own wasn't an early design decision, and it shows.

From one Reddit user:

The UI is lacking.

You're probably programmers and think that you can convince regular people to use some software just because of its security features, but people will judge it by its looks—the only thing that they're educated to understand—and usability (mainly looks, though).

WordPress looks better, at the moment, and is what everyone's using. You have to improve the look&feel if you want to change that.

Sure, WordPress might look better today, but we could look better if we knew how to get there.

If you don't like the way something is, please tell us what to do better. You won't annoy us by telling us how to improve, I promise. (But just saying, "This sucks," and leaving it at that doesn't really help.)

Small file sizes (and thus faster download times) and not leaking visitors' IP addresses to third-party service providers in the default template are definitely goals of ours.

User Experience

Even if Airship currently doesn't look pretty by other developers' standards, I like to think everything is laid out in a logical and sane manner with minimal end user confusion. However, I'm not a neophyte to computers, so my opinion about UX is probably totally irrelevant.

  • What's difficult or confusing to use?
  • Did we accidentally leave any dark patterns in that degrade security?

This probably only scratches the surface of UX questions to ask. Feel free to ask your own.

End User Testing

Setup Airship, test it out, and tell us what breaks. This is especially beneficial if you're using a weird configuration.

Thanks to Niklas Keller and Brad Kennedy, if you're a Docker user, you can easily spin up an Airship instance via docker-compose.

If you have any other ideas to making it easy to get started with Airship, we'd love to hear them too.

Custom Development

Once you've gotten slightly familiar with Airship, why not try to create an extension?


If you're a technical writer, any CMS Airship documentation help would be greatly appreciated.

Source Code Improvements

A great deal of care was taken in making Airship easy to read and, more importantly, easy to reason about. We make use of scalar type declarations (with strict typing enabled) where possible.

Don't be afraid to tear something open to suggest a change. We welcome it. Don't worry about our code-style (which is basically a fork of PSR-2 since there's nothing in the style guide to handle return type declarations) too much; that's our problem.


If we don't have 100% gettext utilization, we're certainly very close to 100%. The plumbing is in place, we just need to make use of it.

If you can help translate CMS Airship into your native tongue, please do so.

Beginner Tutorials and Podcasts

This was the topic for one of our earliest issues on Github. Do something cool with Airship? Write about it so others can share the experience. Show it off on a podcast. Whatever floats your... boat.


Regardless of which path you take, if you decide to contribute to CMS Airship in any way (big or small), thank you.

About the Author

Friends of CSPR.NG

Multiple Authors

People with access to this Author profile:

  • Scott Arciszewski
  • Taylor Hornby

Leave a Comment