WordPress is a free and open source blogging tool and a content-management system (CMS) based on PHP and MySQL, which runs on a web hosting service. Features include a plug-in architecture and a template system. WordPress is used by more than 18.9% of the top 10 million websites as of August 2013. WordPress is the most popular blogging system in use on the Web, at more than 60 million websites [Source: Wikipedia]
WordPress is becoming much more than a blogging and content management platform. A combination of its very strong developer community, excellent documentation and solid core means it is increasingly being used as the framework for some very interesting projects. Within the education sector not only is it an excellent blogging platform but the ability to rapidly develop and evolve solutions is very powerful. As far back as 2006 I marvelled at the work Dumfries and Galloway College did turning WordPress into a campus e-Portfolio system. One of my own interests is how WordPress can be used for an open course platform (MOOC, if you prefer). The advantage in both of these examples is that you are not restricted by the VLE in both functionality and availability (depending on your license agreement institutions may be restricted to registered students).
One concern I’ve had is how do you scale the use of WordPress within an institutional context? How do you go from offering one course to multiple courses? This challenge isn’t specific to just my scenario but applicable more widely. How do you go from supporting one WordPress blog to multiple blogs?
Fortunately this is something University of Lincoln have been doing for a couple of years and Joss Winn, who has led this development, kindly took some timeout to explain how they’ve gone about host over 1,800 WordPress sites (and counting). Below is the audio from our conversation embedded in a YouTube clip (mainly to add machine captions to help you with navigation – to use this visit the video and click on the transcript button ) followed by my written up notes:
Flickr Tag Error: Call to display photo '9946955003' failed.
Error state follows:
- stat: fail
- code: 95
- message: SSL is required
*Multi User was a fork of the WordPress code that allowed multiple concurrent sites from the same installation. Since WordPress version 3.0 this has been added to the core code. The trend appears to be towards calling this mode Multisite.
From early on Joss and his team were keen to experiment with the social networking plugin BuddyPress. This feature isn’t overly used by staff and students but one of the primary advantages of using it is it allows activity from across created sites to be displayed on the main landing page.
Joss highlighted one of the big advantages of their configuration is that it is one of the few University systems where users can invite others (including external institutions, consultants, members of the public) to join and collaborate on sites. With this the owner can also assign them the level of permissions they want for their site from subscriber to administrator.
blogs.lincoln.ac.uk sits on a dedicated Red Hat server with 8Gb RAM (Joss mentioned that if you are starting out you’ll get away with 4Gb). The database (MySQL) is now hosted on a separate cluster, but initially it was on the same one. All 1,800 WordPress sites run off the same WordPress install making it easy for them to update the core software and plugins (Joss also noted that they have never had a problem with automatic upgrades).
Within a Multisite configuration the default is that all the sub-sites include the same plugins and themes. To allow more control over this Lincoln use the Multisite Plugin Manager to control which plugins are available on different sites. Initially Joss and his team freely added plugins on request and prior to this summer there were a selection of over 70 approved plugins. Recently a usage audit (there’s a plugin for that) pruned this down to 7 for all new sites phasing out the other plugins used in existing sites over time.
The current list of plugins to new sites is:
- Custom Header and Footer – makes it easy for users to make minor theme modifications
- FeedWordPress – RSS aggregator
- Jetpack by WordPress.com – Published by developers of WordPress it contains a number of optional feature enhancements (Post Joss has written for Lincoln staff about Jetpack)
- Link Manager – included because of removal of this feature from core
- Polldaddy – to create polls/surveys
- WP Latex* – used for scientific notation
- WPtouch* – for mobile friendly versions of themes
* Joss is reviewing both of these as functionality now exists in Jetpack
Whilst there is a limited selection staff can still make requests for additional plugins which are activated on a per site basis using the Multisite Plugin Manager. The usual caveat is that the plugin must be in the wordpress.org plugin directory although premium plugins bought by individuals are occasionally used.
Additional plugins/themes used for the administration of Multisites include (there are 35 they use in total):
- Multisite Plugin Manager – allows administration of the plugins installed by default and on a per site basis
- WPMU LDAP Authentication - enables Lincoln staff and students to login with University credentials and if required create new sites
- Akismet – used to prevent spam comments ($550/year)
- Multisite Analytics - site wide Google Analytics tracking (individual sites can also additionally specify their own tracking code)
- Domain Mapping – allows individual sites the ability to specify a different domain name
- More Privacy Options – adds three extra site defined visibility options: network users only, blog members only and admins only
- BuddyPress – primarily used to bring together activity from across the platform
- Farms 133 theme pack – curated set of themes from WPMU Dev (WPMU Dev has an annual member subscription of $588/year. This gives you access to a collection of premium themes/plugins as well as support)
Spam and ‘brute force’ attacks
Lincoln use the Akismet service (run by Automatic who also develop/own WordPress.com) to prevent spam comments. Joss explained previously they had used the free personal plan which permits non-commercial sites and blogs. There has been a bit of a grey area around this given the commercial nature of some University activity and they now subscribe to the Enterprise package which costs $550 a year.
Recently WordPress has become the target of brute force attacks. These hammer servers with multiple username and password combinations to gain access to sites. One reason for WordPress becoming the focus of these attacks is the relative ease in which they can be discovered (just search for ‘Powered by WordPress’). Apart from the potential security risk these attacks can act like denial of service and bring the server down. Lincoln hadn’t experienced any issues with these types of attacks.
WordPress provide guidance on hardening against brute force attacks. If Lincoln were to experience any problems because of the Multisite configuration it would be easy to apply these solutions
Initially Joss was using the Super Cache plugin but has recently switched to Alternative PHP Cache and MySQL caching. As this caused conflicts with Super Cache the plugin was removed.
Community guideline and acceptable use
Joss has experienced very little abuse on blogs.lincoln.ac.uk and from early on developed Community Guidelines. The University’s general IT usage guidelines are also highlighted to users
Apart from the staff (Joss has handled most of the Lincoln project plus doing other things) and server the other oncosts are $550/year for Akismet spam protection and $588/year for membership to wpmudev.org which specialises in multisite plugins and support (these costs work out as 60¢ a site per year)
Alternatives – Managed Hosting
When I asked Joss about Managed Hosting (Edublogs, WPEngine et al.) his main concern was not being able to run the LDAP authentication as a local application. He would also want to make sure he had the same level of control over things like plugin selection and deployment. For example Edublogs appears to have fixed list of plugins while services like WPEngine give you control over this.
So hosting your own multisite installation of WordPress is relatively possible even on a small budget. Given the flexibility of the platform there are opportunities to use it in other ways including establishing your own ‘cMOOC as a service’ empire. There is a growing list of institutions going down the WordPress Multisite route by either hosting internally or committing to a managed hosting solution. One of the big advantages of using WordPress for this, which we didn’t mention when I chatted with Joss, is that with the existing export tools it’s easy to export your site from the network onto wordpress.com or another WP host.
It would be interesting to hear your WordPress Multisite experiences. If you’ve used it does managed hosting work for you or has it thrown up problems? What is your institutional provision for WordPress training and support? As a multisite user are you experiencing problems with IT services imposing artificial barriers? Or more simply what current multisite plugin list?
Finally a big thank you for Joss taking time out to speak to me!