Fairfax Media have 40+ sites on WordPress, with more added every month.
As part of his new gig with Fairfax Media Jeremy has taken on the task of making this manageable, secure and cost effective, and he will share with you some ideas on approaches to the problem he has used in the past and new approaches that are just being rolled out now.
Unscrambling An Omelette - How Companies Can Use WordPress Better - Jeremy Kelaher
Unscrambling an Omelette
How companies can use WordPress better
“Automattic's mission has always been very
aligned with WordPress itself, which is to
- Matt Mullenweg
Fairfax have 40+
today, more all the
We needed a better way
Why WordPress, anyway ?
Ease of training for authors - most used CMS in the world.
Lots of build partners available.
Fast and convenient for journalists - for example WordPress app for
Fast to stand up, quick to skin, compared to “business” CMSes.
Currently less supportable after go live and needs active dev support if it is
not to “rot”.
WordPress site types and different
Seasonal - eg once per year events like
Actively developed eg clique -
Actively used but not actively developed eg
Keep WordPress Up to date,
changing development partners
Code review, small isolated dev
Keep WordPress Up to date,
occasional small updates
Sales teams, charging for
customer, keep up to date
Key questions any large user must ask
● When should I use WordPress ? When Not ?
● What will it cost to host at the traffic levels I expect?
● How do I make my site secure ?
● Can updates be automated or at least made simple ?
● Is my internal dev/ops team motivated to really run lots of WordPress?
● Dev pipeline from test to prod.
● How will my code get quality reviewed ?
● What plugins are safe ?
● Are core hacks allowed ?
● CDN costs
● Membership integration
What you need to do
● All your code and assets in (one) GIT and have a release automation strategy
● Train your devs on hosting deployment and local dev methods and make sure
doco exists for partner devs
● Core comes from main repo (SVN/GIT) or hosting partner(s)
● Maintain list of acceptable plugins and have process to vet new ones
● Choose hosts, reexamine annually
● Choose dev partners, use “panel” for all internal jobs staff can’t do
● If possible get staff who are active community members or want to be
● Develop one or more parent themes
● Encapsulate any corporate special requirements (eg APIs, paywall, analytics) in
plugins if off the shelf plugins not suitable.
● Contribute to the community
The WordPress Flow
● Business case
● Traffic “Weaponize”
Fix Legacy Issues
Choosing a dev Partner
● Blended Development model - works to empower your internal dev/ops team
(fishing rods, not fish)
● Do core committers work for the company ? Well known Plugins ?
● Active community members ?
● Do they have great local tech/PM “front men” AND well vetted offshore for
● What do the top Hosting companies say ?
● Sites like yours
● Lead times
What you need to do to host it yourself
● So you have internal dev/ops, and are going to cloud self host (eg AWS)
○ Consider using a framework that is “like” the ones the better hosts use
■ Eg Bedrock from roots.io https://roots.io/bedrock-vs-regular-wordpress-install/
○ Get WordPress into your git and automate the update of core - all sites use that
○ Get your authorised plugins into your git, ditto the updates
○ All internal customisations = plugins or themes, in git.
○ code quality checks
■ VIP rules
■ Lint, eg https://en-au.wordpress.org/plugins/php-compatibility-checker/ from
■ Check for use of deprecated functions
■ Even internal themes should follow theme review team guidelines
○ Plugins and tools to capture db from prod and pull to staging on every release candidate
○ Security eg https://sucuri.net/
Choosing a hosting Partner
● What do the dev partners recommend ?
● Integration with GIT easy (hint - (S)FTP is banned)
● Ticketing system for problems and requests
● Dev/staging/prod - included ?
● Multisite vs many site
● Geography (USA OK, Singapore not so much)
● CDN included ?
● How to core updates work (fully automatic, facilitated)
● Code Quality control included ?
● Plugin limitation acceptable (hint - probably should be)
● Cost model for scaling steps (number of sites, traffic)
● Security Model (hint - they should have one!)
● Authentication for company users (eg against Microsoft AD)
Example - WordPress Hosting Tradeoffs
Level 1 Ops
AWS DIY Dependent
At cost YES,
Internal Internal Dependent on
internal skills YES YES At own cost
Pantheon No YES,
Outsourced CDN and
internal skills YES,
YES At own
WPEngine Yes Extra
internal skills No YES At own
YES YES YES NO,
No Included HTTPS
WordPress can be
used well at scale
it just takes the right
and the right
Head Of Architecture
Fairfax Product Solutions
Join us :)