Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

USG Rock Eagle 2017 - PWP at 1000 Days

11 views

Published on

USG Rock Eagle 2017 - PWP at 1000 Days

Published in: Education
  • Be the first to comment

  • Be the first to like this

USG Rock Eagle 2017 - PWP at 1000 Days

  1. 1. WORDPRESS MULTISITE AT 1000 DAYS P R O F E S S I O N A L W E B P R E S E N C E 
 AT G E O R G I A T E C H
  2. 2. HELLO & WELCOME!
  3. 3. • Web Manager @ Georgia Tech’s College of Engineering ERIC SEMBRAT
  4. 4. @esembrat CONTACT ME!
  5. 5. webbeh.com CONTACT ME!
  6. 6. LET’S TALK WEBSITES
  7. 7. • Let’s talk about your campus web entities in 2017. • More and more campus entities are consuming web to market, communicate, and fund: • Research / Labs / Centers • Events / Conferences • Faculty / Staff / Graduate Students • Organizations / Groups / Initiatives • Experimental / Media WEB ON CAMPUSES
  8. 8. • Our work is increasingly turning to building more websites for a wider variety of use-cases. • Fortunately, the marketplace for website building scaffolding (content management systems) helps us stay afloat. WE HAVE TO DO MORE
  9. 9. • However, we must be aware of two potential issues that pop up as a product of proliferation of ease-of-use website tools: • Resource Repetition • Security MAINTAINABLES
  10. 10. • Building the same resource repeatedly without sharing sources. • Resources aren’t equal. • Resources aren’t visually cloned. • Resources aren’t identically structured. • Resource fracturing occurs. RESOURCE REPETITION
  11. 11. • All of this equals wasted time and resources. RESOURCE REPETITION
  12. 12. • Security is king. And it’s not just about data. • Two vectors as consequence of bypassing security: • Processing workload (DDOS, mail spam, etc) • Data theft (privacy information, student information) SECURITY
  13. 13. • Let’s talk about how websites at Georgia Tech progressed, and what led to the creation of PWP. TO GEORGIA TECH
  14. 14. WORDPRESS & PWP
  15. 15. • Professional Web Presence PWP
  16. 16. • Web at Georgia Tech is decentralized. • That is, any staff/faculty can request and receive virtualized hosting for any website. • Any virtualized hosting can install virtually any web platform or system for development. • As a consequence of this, websites can take many forms… GT WEB
  17. 17. • These are websites that are live and active as of… today. NOTE
  18. 18. • Each of these websites* is using a content management system to build and maintain their website. • Each has their own theme*. • Does anyone else see a problem with that? LET’S CONSIDER
  19. 19. • Each of these websites* is using a content management system to build and maintain their website. • Each has their own theme*. • Does anyone else see a problem with that? LET’S CONSIDER
  20. 20. • Each system needs to be maintained. • Not only the core content system, but every plugin and theme. • Custom code must be checked to ensure it is compatible with updates. FRIGHTENING
  21. 21. • Each system needs to be maintained. • Not only the core content system, but every plugin and theme. • Custom code must be checked to ensure it is compatible with updates. FRIGHTENING
  22. 22. • Each system needs to be maintained. • Not only the core content system, but every plugin and theme. • Custom code must be checked to ensure it is compatible with updates. FRIGHTENING
  23. 23. • Our fine folks in the Office of Information Technology could sniff each website to find out what system they are using. • A good way to gauge what systems, platforms people are using for websites. • What we found is… THE GOOD NEWS IS
  24. 24. THE GOOD NEWS IS
  25. 25. • We don’t have any centrally-maintained WordPress resources on campus. • No: • Theme • Login Help • Plugin Recommendations • Security Recommendations • Help BUT…
  26. 26. • Each of these websites* is using a content management system to build and maintain their website. • Each has their own theme*. • Does anyone else see a problem with that? LET’S CONSIDER
  27. 27. LET’S CONSIDER
  28. 28. • There’s got to be a better way. HMM…
  29. 29. • WordPress, like many CMSs, have the ability to create a multi-site installation. MULTISITE
  30. 30. MULTISITE WordPress Codebase Website Website Website Website Website Website Website Website Website Website Website Website Website Website Website Website
  31. 31. • WordPress Multiuser has a shared codebase of:
 • Plugins • Themes • WordPress Core • Configuration • Spread out between all websites under its umbrella. WORDPRESS MU
  32. 32. BUILDING PWP
  33. 33. • PWP came about from a discussion on WordPress security and existing needs for ‘plug-and-play’ webdev: • 1. Find a use-case for development. • 2. Test multiple products with heterogenous test group. • 3. Reflect and analyze on how each product was utilized. • 4. Select product and move forward. CONDENSED PWP DEV
  34. 34. • We tested:
 • Open Scholar • Drupal Multisite (Drupal Express) • WordPress Multiuser CONDENSED PWP DEV
  35. 35. • We chose WordPress, and thus PWP was born. • 1. Discover our original needs-assessment. • 2. Develop low-hanging fruit assets and plugins. • 3. Pass off first release as a ‘pilot phase’ to early on- boarders. • 4. Engage in active feedback to locate strengths, weaknesses, and needs. CONDENSED PWP DEV
  36. 36. • Finally, add in server-side development and configuration for ease-of-use: • 1. Locate configuration and plugins for new features. • 2. Test on development and for use-cases. • 3. Roll out and announce to end-users. SHORT DEV CYCLE
  37. 37. PWP AT 1000 DAYS
  38. 38. Websites Hosted, Archived by PWP BY THE NUMBERS 700
  39. 39. GT User Accounts on PWP BY THE NUMBERS 1404
  40. 40. Themes Available for Usage BY THE NUMBERS 28
  41. 41. Theme Georgia Tech Maintains BY THE NUMBERS 1
  42. 42. Plugins and Extenders BY THE NUMBERS 77
  43. 43. Plugins that Georgia Tech Maintains BY THE NUMBERS 7
  44. 44. Visitors to pwp.gatech.edu BY THE NUMBERS 33682
  45. 45. Attacks Blocked on PWP (last 30 days) BY THE NUMBERS 22510
  46. 46. Threat vectors identified and checked against BY THE NUMBERS 9883
  47. 47. Unique visitors visited our documentation BY THE NUMBERS 753
  48. 48. Unique visitors visited our documentation 
 on custom Georgia Tech domains BY THE NUMBERS 378
  49. 49. Non gatech.edu custom domains. BY THE NUMBERS 7
  50. 50. gatech.edu custom domains. BY THE NUMBERS 291
  51. 51. Staff Members Who Maintain PWP BY THE NUMBERS 1.5
  52. 52. • PWP is meant to be self-sufficient in that: • Additional features can be added through WordPress’ plugin directory as requested. • Georgia Tech theme is stable barring any campus branding changes. • Updates are applied as submitted by maintainers. • New Georgia Tech features are road-mapped for inclusion, but not critical to website success. PWP
  53. 53. • We used to run monthly training sessions and help-desks, but found: • In person help desks received < 1 person on average (3 hour windows). • Virtual help desks received < 1 person on average (3 hour windows). • Most support is better left to on-demand requests and suggestions through email. WHAT WE FOUND
  54. 54. • Custom domains ({blah}.gatech.edu) • Plugin requests • Theme requests HELP REQUESTS
  55. 55. • We ran school/college tours to introduce PWP and provide information for faculty and staff. • While some faculty and staff responded, on boarding successes were much greater with: • Incorporation of PWP into documentation and recommendations for campus. • Working directly with IT staff to migrate websites from old custom hosting to PWP. SCHOOL/COLLEGE
  56. 56. • Our largest concern thus far is separating ‘website storage’ from ‘secure storage’. • Just because you host a PDF on a PWP website (or any website with a world-facing interface) does not mean it is secure. • Do not ever assume security by obfuscation. LARGEST CONCERN
  57. 57. • For sensitive data and private documents, we strongly recommend an actual intranet or private repository in the cloud for sharing: • i.e. SharePoint, OneDrive LARGEST CONCERN
  58. 58. • We leverage multiple layers of security:
 • WordFence (automated checks, filters, active monitoring) • ASAP Updates • GT-Login Only (with two-factor) • Security hardening on .htaccess, wp-settings SECURITY
  59. 59. LOOKING AHEAD
  60. 60. • PWP currently operates in a ‘set it and forget it’ mode. • Current features and plugins are stable enough in most situations. • Security and updates are automatically applied as quickly as possible. • Users can self-enroll and create websites. • User accounts can be created for any GT account. SET IT & FORGET IT
  61. 61. • The last remaining steps are: • 1. Tackle SSL. • 2. On-board on campus custom applications. NEXT STEPS
  62. 62. QUESTIONS?

×