-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
198 lines (191 loc) · 14.8 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
<title>IWMW 2019 - Putting all your eggs in one basket - Peter Edwards- University of Leeds</title>
<link rel="stylesheet" href="css/reset.css">
<link rel="stylesheet" href="css/reveal.css">
<link rel="stylesheet" href="css/theme/uol.css">
<!-- icons -->
<link rel="apple-touch-icon" sizes="180x180" href="img/icons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="img/icons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="img/icons/favicon-16x16.png">
<link rel="manifest" href="img/icons/site.webmanifest">
<link rel="mask-icon" href="img/icons/safari-pinned-tab.svg" color="#5bbad5">
<meta name="msapplication-TileColor" content="#00aba9">
<meta name="msapplication-config" content="img/icons/browserconfig.xml">
<meta name="theme-color" content="#ffffff">
<!-- Theme used for syntax highlighting of code -->
<link rel="stylesheet" href="lib/css/monokai.css">
<!-- Printing and PDF exports -->
<script>
var link = document.createElement( 'link' );
link.rel = 'stylesheet';
link.type = 'text/css';
link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';
document.getElementsByTagName( 'head' )[0].appendChild( link );
</script>
</head>
<body>
<div class="reveal">
<div class="slides">
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain">
<h2>Putting all your eggs in one basket</h2>
<p>Peter Edwards</p>
<p>Application Developer, University of Leeds</p>
<aside class="notes">
<p>Hi, I've been working at the University of Leeds since 2009 as an Application Developer, first in two of the Faculties at the University, and later as part of a central team. My background is in Libraries and the Arts Sector, and I've been a developer now for over 20 years.</p>
</aside>
</section>
<section>
<blockquote cite="http://herbison.com/herbison/broken_eggs_quixote.html">
“It is the part of a wise man to keep himself to-day for to-morrow, and not to venture all his eggs in one basket”
</blockquote>
<p><small>Don Quixote (Part I, Book III, Chapter 9) by Cervantes (P. Motteux, Ed.).</small></p>
<aside class="notes">
<p>This talk is about the impracticality of diversification when it comes to choosing a content management platform, and the benefits you can gain when you settle on one solution and use it for everything. Although focusing on a single solution isn't such a good idea when you are running a portfolio of investments and you need to spread risk, in this case putting all your eggs in one basket serves to mitigate risk.</p>
<p>I spent a good hour looking up this phrase - apparently it is from a "Franco-Cockney" translation which infused the original text with flippancy and facetiousness, and has been described as "worse than worthless" by other translators of the text.</p>
</aside>
</section>
<section>
<img src="img/cms-collage.png" alt="Collage of icons depicting different content management systems">
<aside class="notes">
<p>When I first came to the University of Leeds, the CMS landscape was very diverse. The University operated a UNIX web hosting service much like a commercial hosting service, where staff could request web space and do whatever they wished with it once they got it. This resulted in a profusion of different CMS systems, static sites and custom applications.</p>
<p>The systems depicted on this slide were all represented there, along with some I couldn't find logos for any more.</p>
</aside>
</section>
<section data-background-image="img/hacked-skull-crossbones-trans.png" data-background-size="contain">
<h3>The demise of the UNIX hosting service</h3>
<ul>
<li>In December 2016, one of the sites in the University's UNIX hosting service was hacked</li>
<li>The site was used to spread malicious code to the other 200+ sites in the service</li>
<li>When the sites were examined to determine the cause, a large number were found to be vulnerable</li>
</ul>
<aside class="notes">
<p>In December 2016, all the sites in the UNIX hosting service were compromised and malicious code was inserted into each site. Any files which were writable by the webserver user were targets, and malicious JavaScript and obfuscated PHP code was inserted into many of the files. Specific systems had their own attack vectors, such as the theme files in WordPress, the site cache in MODx, or the database in drupal, mediawiki and others.</p>
<p>All sites needed to be examined for signs of the compromise, and it quickly became apparent that the initial attack vector would have been impossible to determine, as there were so many possibilities to choose from.</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain">
<h3>The University of Leeds WordPress hosting service</h3>
<ul>
<li>Set up as a 6 month pilot in August 2016 with WP Engine acting as a hosting provider.</li>
<li>The purpose of the service was to provide hosting for research projects, conferences and research groups in a managed environment</li>
<li>The service rapidly expanded to include the 90 WordPress sites which were compromised in UNIX hosting</li>
</ul>
<aside class="notes">
<p>Initially, the service consisted of a single WordPress multisite installation containing 160+ sites which had been created in 2011 for the two Faculties in which I had been working. This installation had outgrown its hosting (in a Virtual Machine on campus) and the service needed to be formalised and expanded to include other Faculties.</p>
<p>The purpose of the service was to provide hosting for small to medium sized websites for research projects, conferences and research groups in a managed environment. However, half way through the pilot, the service was almost filled to capacity with sites moving from the compromised UNIX hosting service</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain">
<h3>Migrating sites to WordPress</h3>
<ul>
<li>Using the WP Engine automated migration tool</li>
<li>Using WordPress XML import/export tools</li>
<li>Using the source system to generate a WordPress export file</li>
<li>Import content from CSV files or other structured data source using custom scripts</li>
<li>Copy and paste</li>
</ul>
<aside class="notes">
<p>About half of WordPress sites were moved using an automated tool written by developers at WP Engine, but they had to be cleared of any infected files beforehand. Most of the remaining WordPress sites could be migrated using built-in import/export tools in WordPress.</p>
<p>Sites in other systems needed to be migrated to WordPress, so some migrations were carried out using the source system to generate a WordPress import file or CSV/JSON data which could then be imported into WordPress using custom scripts or plugins - this was only carried out for larger sites. The majority were migrated manually by copying and pasting content.</p>
<p>Since 2017, a large number of sites have been migrated to WordPress from Faculties whose when the main site was moved to the corporate CMS (Jadu). In 2018, over 120 sites were created in the service.</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain">
<h3>Using WordPress at scale</h3>
<aside class="notes">
<p>The main disadvantage in using WordPress for multiple sites is the frequency this system, and its supporting plugins and themes, are updated. When you reach over 20 sites in separate installations, the need for an automated updating system becomes important. ManageWP is probably the best of these (which remains free of charge) at present, but there are alternatives</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain">
<h3>WordPress multisite</h3>
<p>in WordPress core since 2010, version 3.0</p>
<ul>
<li>Multiple sites in a single installation</li>
<li>Control over Theme and Plugin availability</li>
<li>Low administrative overhead</li>
</ul>
<aside class="notes">
<p>For those of you not familiar with WordPress multisite, it enables you to set up multiple WordPress sites which utilise the same codebase and database. Users, Plugins and Themes are managed at a "Network" level, which makes it easy to control what software is available to users on sites within the Network.</p>
<p>We currently use WordPress multisite to host over 600 websites at the University of Leeds. These are spread across a few separate WordPress installations, so sites utilising the University's branded theme are all grouped together in an installation which only has this theme installed and the plugins which are known to work with it. Non-branded sites are placed in a different installation with a single theme (GeneratePress) installed along the plugins which are known to work with that theme. One installation is used to dump older WordPress sites developed by third parties and sites which require esoteric plugins, in order to separate them from the more simple sites.</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain">
<h3>Domain mapping</h3>
<p>in WordPress core since 2016, version 4.5</p>
<ul>
<li>Assign domain names to each site on a network</li>
<li>Results in sites which appear to be independent to the end user, but are centrally managed</li>
</ul>
<aside class="notes">
<p>Domain mapping allows you to assign different domain names to each of the sites in a multisite Network. All websites in the service at Leeds use their own domain names, and administrators and editors of these sites have the same experience as they would on a standalone installation of WordPress, with the exception that they cannot change the Theme, install Plugins or add users.</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain">
<h3>Caching and optimisation</h3>
<p>Enabled through plugins and server configuration</p>
<ul>
<li>Plugins will save WordPress output to files - using WordPress like a static site generator</li>
<li>Servers are configured to check the file based cache rather than generate content dynamically for each request</li>
</ul>
<aside class="notes">
<p>WP Engine provides caching and optimisation on their platform, but this can be set up quite easily using caching plugins and a little bit of server configuration.</p>
<p>WordPress is not an optimal system for websites, and all pages should ideally be cached as HTML files by an appropriate plugin. WP Engine go a few steps further than this, including loading databases into RAM, which has caused problems for us with the multisite installations.</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain" data-transition="concave-in fade-out">
<h3>Disadvantages...</h3>
<ul>
<li>Proliferation of independent sites (600+ with 50+ added per year)</li>
<li>Sites are uniform and perceived by users as being "boring"</li>
<li>Requires governance, monitoring and an archiving strategy</li>
</ul>
<aside class="notes">
<p>The disadvantages in using WordPress like this can also be turned around to be advantages (as you will see on the next slide).</p>
<p>The main disadvantage is that having a service which aids the proliferation of websites requires governance and monitoring, and contribution from Communications and Marketing to ensure that information is not being unnecessarily duplicated and maintains a high level of quality.</p>
</aside>
</section>
<section data-background-image="img/WordPress-logotype-wmark-white-trans.png" data-background-size="contain" data-transition="fade">
<h3>Advantages...</h3>
<ul>
<li>Ability to create sites in a standard supported format quickly with no coding required</li>
<li>Sites share a common design, so enhancements such as Accessibility features can be added to all sites simultaneously</li>
<li>Ability to implement governance, monitoring and archiving strategies</li>
</ul>
<aside class="notes">
<p>The ability to create sites in a standard design which follows the University brand is something which was sorely needed at the University of Leeds. There are still examples of websites hosted on campus which use the University logo from the 1980s and distinctly mid-1990s designs. Any new sites which utilise the leeds.ac.uk domain are now forced to apply the University branding.</p>
<p>The tools WP Engine provide on their platform to update code we produce are very powerful, and I can update the themes and plugins created by the Development team on multiple installations in a matter of minutes. We are hoping to automate this process further using Azure DevOps.</p>
<p>As all sites are within the same system, we also have access to data for them such as last updated dates, page and post counts, and the combined size of any uploaded files. We also use google analytics on all sites to monitor traffic and inform archiving strategies.</p>
</aside>
</section>
<section>
<p style="text-align:left">Peter Edwards<br>
Application Developer<br>
1.06 IT Fairbairn Site, University of Leeds<br>
0113 34 37959</p>
<p style="text-align:left"><a href="mailto:[email protected]">[email protected]</a></p>
<p style="text-align:left"><a href="https://peteredwards.github.io/iwmw2019/">https://peteredwards.github.io/iwmw2019/</a></p>
<p><img src="img/uol-logo.png" style="float:right;width:30%;height:auto"></p>
</section>
</div>
</div>
<script src="js/reveal.js"></script>
<script>
// More info about config & dependencies:
// - https://github.com/hakimel/reveal.js#configuration
// - https://github.com/hakimel/reveal.js#dependencies
Reveal.initialize({
transition: 'concave',
dependencies: [
{ src: 'plugin/markdown/marked.js' },
{ src: 'plugin/markdown/markdown.js' },
{ src: 'plugin/notes/notes.js', async: true },
{ src: 'plugin/highlight/highlight.js', async: true }
]
});
</script>
</body>
</html>