CNM WordPress

From CNM Wiki
Jump to: navigation, search

CNM WordPress (formerly known as CNM Pageware; hereinafter, the Soft) is a CNM stable app built with WordPress.

Development of the Soft occurs under the WordPress for CNM Cloud project.


Product specification

The Product specifications are:

Database system

It deploys MariaDB as its database management system. MariaDB maintains full compatibility with MySQL, retaining the same APIs, commands, and replacements. MariaDB has several optimizations that improve performance over MySQL. MariaDB often gives slightly better results due to its superior engine and efficient SQL query optimizer. Because you don't need to make any code or configuration changes during the transition, MariaDB acts as a replacement for MySQL. MariaDB implements high availability and scalability based on the Galeria cluster solution from Finnish provider Codership.
MariaDB has become a standalone database management system through continuous development and has gained a significant advantage over MySQL which WordPress usually uses as a database management system.
The databases are connected on the Admin Terminal. You can learn more about databases on the CNM MariaDB, CNM PostgreSQL. You can manage and configure the WordPress data not only with the database system but also with the database files, which are also located in the Admin Terminal.
Databases cannot be administered by a CNM WordPress administrator. They must be administered by a system administrator who has access to the CNM Campus Farm. The CNM WordPress administrator only administers the content on websites.

Hosting

Server for CNM WordPress websites is hosted by Contabo. We don't use a separate server for CNM WordPress, CNM WordPress is on the server along with all the applications on CNM Campus Farm.

Software instances

Software instances that power core, hands-on training, and experiential systems and applications. This software tends to be titled in the "CNM/Opplet COTS-name" format.

Security

Security is an important topic because any software becomes a target for hackers. WordPress is the most popular CMS and also has open source code, which is why sites built on WordPress, more often produce a variety of attacks, which include a number of ways to gain unauthorized access to the files of WordPress:
  1. One of the ways we've noticed on our CNM WordPress is through hackers in the form of bots that come into the chat room.
  2. The other way is when hackers know that there is an admin and there is a certain directory structure and they try to come in as an admin and infiltrate some program of their own. So the use of standard addresses and paths makes it easier for hackers. They also target plugins as the most vulnerable point.
As hackers gain experience in finding new ways to exploit vulnerabilities, so WordPress developers and experts are getting better at creating sites that are harder to hack. Not wanting the security of our sites to be circumvented and hackers to gain access to data we follow a list of must-have requirements, we:
  • restrict access to the wp-config, ht-access files in the database so that they cannot be edited;
  • are constantly updating plugins because the biggest security hole in WordPress is plugins and themes;
  • have as few themes as possible, 2 at most;
  • only install themes and plugins from reliable sources;
  • change the prefix in the database;
  • do not use the standard login - admin;
  • do not use the standard user;
  • disable user registration directly on our site.
But we still had problems:
  1. The first problem was with bots, but that was before we switched the registration to Opplet. And we have banned unregistered users from posting comments now.
Other things that are used for security are described at SOP.

Malware protection

Previously, Opplet developers struggled with the viruses, so an effective anti-virus strategy must be found -- what was the solution? The cause of the viruses was not found. There is an assumption that the viruses were not on CNM WordPress but on the CNM Campus Farm. The problem with viruses was solved after switching to a new system.

Standing operating procedures

Standing operating procedure

Monitoring process

Monitoring is done in Nagios Snapshots are made by hand, not on CNM WordPress. Read more: CNM Nagios.

Backup

Usually the main backup is done on the farm, not on CNM WordPress. So you can read more about backup on CNM Campus Farm.
To backup a WordPress site for free, you will first need to install the UpdraftPlus plugin. To do so, open your WordPress dashboard, and select Plugins > Add Plugins from the menu bar:
Plug.png
  • Then type UpdraftPlus into the Search Bar. Select the UpdraftPlus WordPress Backup Plugin and click Install Now > Activate.
  • To set up UpdraftPlus, select Settings > UpdraftPlus Backups from your WordPress menu.
  • This will open the UpdraftPlus Backup/Restore page, where you can customize the UpdraftPlus settings to suit your backup needs. Let’s take a look at what you can do…

Backup manually

  • In the main dashboard, UpdraftPlus lets you manually backup your WordPress website at any time. To do so, simply click on the Backup Now button.
  • You can either download the manual backup to your local server or have UpdraftPlus automatically upload it to a remote storage location.

Configure scheduled backups

To save yourself the trouble of remembering to manually backup, UpdraftPlus lets you create your own automatic backup schedule. To set up regularly scheduled WordPress backups, select the Settings tab on the UpdraftPlus Backup/Restore page.
Backup.png
Here you can choose how often to backup your database and files. Options include:
  • Every 4, 8 or 12 hours;
  • Daily;
  • Weekly, fortnightly, or monthly.
Your selection will depend on how often you update your site.

Snapshot

We take snapshots of the entire database it's made by hand. Separately, CNM WordPress snapshots are not taken. More about snapshots: CNM MariaDB, CNM Nagios.

Versions and patch

Updates.png
Each minor update fixes bugs, crashes or security vulnerabilities found in the previous version. While most updates contain security improvements, many updates are performance-oriented, which may be more subtle.
It's not hard to update the version of WordPress, you should:
  • open your WordPress dashboard;
  • click the Updates on the left sidebar. Here you see will the current version and the option to update it.
Before updating, please back up your database and files. For help with updates, visit the Updating WordPress documentation page.
After updating the version you should check the plugins as they may not work correctly after the update.

Plugins

Plugins.png
  • You should check each plugins after the updated version of CNM WordPress;
  • You can set up auto-updates;

Active Directory Integration for Intranet Sites

After installing or updating the plugin, you need to check whether the registration passes or not.

System recovery

If restoring a site with a pre-existing UpdraftPlus installation, go to Settings->UpdraftPlus Backups and click the ‘Restore’ button. This will open the ‘Existing Backups’ tab. There you will see a record of your backup. In the Existing Backups tab click the ‘Restore’ button for the backup set that you want to restore (under the ‘Actions’ column). A pop-up will appear with a list of options to restore:
Restore.png

Hands-on assignments

Hands-on assignments that CNM learners can use to get accustomed to the software while using its hands-on training systems and applications.

Presentations

CNM WordPress was presented at a series of events called CNMCyber Guided Tours:

User group

User group at CNM Social; the group may organize software-related events and produce newsletters.
CNM WordPress (hereinafter, the App) is the CNM app that is configured to power CNM Page, PageHandsOn, or PageNext service of CNMCyber. The App is based on commercial off-the-shelf (COTS) content management software (CMS), WordPress. The App is a part of Opplet.

Architecture

The App is an instance of WordPress that is run on the CNM Farms.

Technical requirements

To run WordPress is recommended your host supports:
  1. PHP version 7.4 or greater;
  2. MySQL version 5.7 or greater OR MariaDB version 10.3 or greater;
  3. Nginx or Apache with mod_rewrite module;
  4. HTTPS support.
Hosting is more secure when WordPress is run using your account’s username instead of the server’s default shared username. Ask your host what steps they take to ensure the security of your account.

Instances

See also

Related lectures

Related lectios

Lectios that provide CNM learners with knowledge about the deployed software.