Difference between revisions of "Educaship WordPress"
(48 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
− | [[ | + | [[Educaship WordPress]] (formerly known as [[CNM Pageware]]; hereinafter, the ''Soft'') is a [[CNM stable app]] built with [[WordPress]]. |
− | |||
− | |||
Development of the ''Soft'' occurs under the [[WordPress for CNM Cloud]] project. | Development of the ''Soft'' occurs under the [[WordPress for CNM Cloud]] project. | ||
Line 10: | Line 8: | ||
===Database system=== | ===Database system=== | ||
− | : It deploys [[MariaDB]] as its database management system. MariaDB maintains full compatibility with MySQL, retaining the same APIs, commands, and replacements. MariaDB has several optimizations that improve performance over MySQL. MariaDB often gives slightly better results due to its superior engine and efficient SQL query optimizer. Because you don't need to make any code or configuration changes during the transition, MariaDB acts as a replacement for MySQL. MariaDB implements high availability and scalability based on the Galeria cluster solution from Finnish provider Codership. | + | <gallery mode="packed" heights="300px" style="float:right; clear:right; margin-right:1em; margin-left:0"> |
− | : MariaDB has become a standalone database management system through continuous development and has gained a significant advantage over MySQL. | + | Terminal.png |
+ | Database_wp.png | ||
+ | </gallery> | ||
+ | : It deploys [[MariaDB]] as its database management system. [[MariaDB]] maintains full compatibility with [[MySQL]], retaining the same APIs, commands, and replacements. MariaDB has several optimizations that improve performance over MySQL. MariaDB often gives slightly better results due to its superior engine and efficient SQL query optimizer. Because you don't need to make any code or configuration changes during the transition, MariaDB acts as a replacement for MySQL. MariaDB implements high availability and scalability based on the Galeria cluster solution from Finnish provider Codership. | ||
+ | |||
+ | : MariaDB has become a standalone database management system through continuous development and has gained a significant advantage over MySQL which WordPress usually uses as a database management system. | ||
+ | |||
+ | :The databases are connected on the Admin Terminal. You can learn more about databases on the [[Educaship MariaDB]], [[Educaship PostgreSQL]]. You can manage and configure the WordPress data not only with the database system but also with the database files, which are also located in the Admin Terminal. | ||
+ | |||
+ | :Databases cannot be administered by a [[Educaship WordPress]] administrator. They must be administered by a system administrator who has access to the [[CNM Campus Farm]]. The [[Educaship WordPress]] administrator only administers the content on websites. | ||
+ | |||
+ | ===Hosting=== | ||
+ | :Server for Educaship WordPress websites is hosted by [[Contabo]]. We don't use a separate server for Educaship WordPress, Educaship WordPress is on the server along with all the applications on [[CNM Campus Farm]]. | ||
===Software instances=== | ===Software instances=== | ||
− | : Software instances that power core, hands-on training, and experiential systems and applications. This software | + | : Software instances that power core, hands-on training, and experiential systems and applications. This software tends to be titled in the "CNM/Opplet COTS-name" format. |
− | :* [[ | + | * CNM core WordPress: |
− | + | * [[HOTCOE app|HOTCOE]] WordPress: | |
− | + | * [[Inplz app|Inplz]] WordPress: | |
+ | ** [[iDosvid.com]] | ||
+ | ** [[CNM Page]] | ||
+ | ** [[Bskol.com]] | ||
+ | ** [[WorldOpp.com]] | ||
+ | ** https://vebka.theeconomicgroup.com | ||
+ | ** https://vsemka.com | ||
+ | ** https://scheje.com | ||
+ | ** https://theeconomicgroup.com | ||
+ | ** https://worldopp.com | ||
+ | ** https://educaship.com | ||
+ | ** https://page.cnmcyber.com | ||
+ | ** https://wordpress.bskol.com | ||
+ | ** https://page.employableu.com | ||
===Security=== | ===Security=== | ||
− | : | + | :Security is an important topic because any software becomes a target for hackers. WordPress is the most popular [[CMS]] and also has open source code, which is why sites built on WordPress, more often produce a variety of attacks, which include a number of '''ways to gain unauthorized access to the files''' of WordPress: |
+ | # One of the ways we've noticed on our [[Educaship WordPress]] is through hackers in the form of bots that come into the chat room. | ||
+ | # The other way is when hackers know that there is an admin and there is a certain directory structure and they try to come in as an admin and infiltrate some program of their own. So the use of standard addresses and paths makes it easier for hackers. They also target plugins as the most vulnerable point. | ||
+ | |||
+ | :As hackers gain experience in finding new ways to exploit vulnerabilities, so WordPress developers and experts are getting better at creating sites that are harder to hack. Not wanting the security of our sites to be circumvented and hackers to gain access to data we follow a '''list of must-have requirements''', we: | ||
+ | :* restrict access to the wp-config, ht-access files in the database so that they cannot be edited; | ||
+ | :* are constantly updating plugins because the biggest security hole in WordPress is plugins and themes; | ||
+ | :* have as few themes as possible, 2 at most; | ||
+ | :* only install themes and plugins from reliable sources; | ||
+ | :* change the prefix in the database; | ||
+ | :* do not use the standard login - admin; | ||
+ | :* do not use the standard user; | ||
+ | :* disable user registration directly on our site. | ||
+ | :But we still had problems: | ||
+ | #The first problem was with bots, but that was before we switched the registration to [[Opplet]]. And we have banned unregistered users from posting comments now. | ||
+ | : Other things that are used for security are described at [[Educaship WordPress#Standing operating procedures|SOP]]. | ||
====Malware protection==== | ====Malware protection==== | ||
− | : Previously, [[ | + | : Previously, [[Opplet]] developers struggled with the viruses, so an effective anti-virus strategy must be found -- what was the solution? The cause of the viruses was not found. There is an assumption that the viruses were not on [[Educaship WordPress]] but on the [[CNM Campus Farm]]. The problem with viruses was solved after switching to a new system. |
==Standing operating procedures== | ==Standing operating procedures== | ||
: [[Standing operating procedure]] | : [[Standing operating procedure]] | ||
+ | |||
+ | ===Monitoring process=== | ||
+ | : Monitoring is done in [[Nagios]] Snapshots are made by hand, not on [[Educaship WordPress]]. Read more: [[Educaship Nagios]]. | ||
+ | |||
+ | ===Backup=== | ||
+ | :Usually the main backup is done on the farm, not on [[Educaship WordPress]]. So you can read more about backup on [[CNM Campus Farm]]. | ||
+ | :To backup a WordPress site for free, you will first need to install the UpdraftPlus plugin. To do so, open your WordPress dashboard, and select Plugins > Add Plugins from the menu bar: | ||
+ | : [[File:Plug.png]] | ||
+ | * Then type UpdraftPlus into the Search Bar. Select the UpdraftPlus WordPress Backup Plugin and click Install Now > Activate. | ||
+ | * To set up UpdraftPlus, select Settings > UpdraftPlus Backups from your WordPress menu. | ||
+ | * This will open the UpdraftPlus Backup/Restore page, where you can customize the UpdraftPlus settings to suit your backup needs. Let’s take a look at what you can do… | ||
+ | |||
+ | ====Backup manually==== | ||
+ | * In the main dashboard, UpdraftPlus lets you manually backup your WordPress website at any time. To do so, simply click on the Backup Now button. | ||
+ | * You can either download the manual backup to your local server or have UpdraftPlus automatically upload it to a remote storage location. | ||
+ | |||
+ | ====Configure scheduled backups==== | ||
+ | : To save yourself the trouble of remembering to manually backup, UpdraftPlus lets you create your own automatic backup schedule. To set up regularly scheduled WordPress backups, select the Settings tab on the UpdraftPlus Backup/Restore page. | ||
+ | [[File:Backup.png|frameless|700px|right]] | ||
+ | : Here you can choose how often to backup your database and files. Options include: | ||
+ | *Every 4, 8 or 12 hours; | ||
+ | *Daily; | ||
+ | *Weekly, fortnightly, or monthly. | ||
+ | :Your selection will depend on how often you update your site. | ||
+ | |||
+ | ===Snapshot=== | ||
+ | : We take snapshots of the entire database it's made by hand. Separately, [[Educaship WordPress]] snapshots are not taken. More about snapshots: [[Educaship MariaDB]], [[Educaship Nagios]]. | ||
+ | |||
+ | ===Versions and patch=== | ||
+ | [[File:Updates.png|150px|right]] | ||
+ | : Each minor update fixes bugs, crashes or security vulnerabilities found in the previous version. While most updates contain security improvements, many updates are performance-oriented, which may be more subtle. | ||
+ | : It's not hard to update the version of WordPress, you should: | ||
+ | * open your WordPress dashboard; | ||
+ | * click the Updates on the left sidebar. Here you see will the current version and the option to update it. | ||
+ | :Before updating, please back up your database and files. For help with updates, visit the Updating WordPress documentation page. | ||
+ | :After updating the version you should check the plugins as they may not work correctly after the update. | ||
+ | |||
+ | ===Plugins=== | ||
+ | [[File:Plugins.png|700px|right]] | ||
+ | * You should check each plugins after the updated version of CNM WordPress; | ||
+ | * You can set up auto-updates; | ||
+ | |||
+ | ====Active Directory Integration for Intranet Sites==== | ||
+ | :After installing or updating the plugin, you need to check whether the registration passes or not. | ||
+ | |||
+ | ===System recovery=== | ||
+ | :If restoring a site with a pre-existing UpdraftPlus installation, go to Settings->UpdraftPlus Backups and click the ‘Restore’ button. This will open the ‘Existing Backups’ tab. There you will see a record of your backup. In the Existing Backups tab click the ‘Restore’ button for the backup set that you want to restore (under the ‘Actions’ column). A pop-up will appear with a list of options to restore: | ||
+ | :[[File:restore.png|750px]] | ||
==Hands-on assignments== | ==Hands-on assignments== | ||
Line 32: | Line 118: | ||
==Presentations== | ==Presentations== | ||
− | : | + | : CNM WordPress was presented at a series of events called [[CNMCyber Guided Tours]]: |
+ | * [[Guided Tour of CNM WordPress of 2023-3-15]] | ||
+ | * [[Guided Tour of CNM WordPress 2023-3-22]] | ||
==User group== | ==User group== | ||
: User group at CNM Social; the group may organize software-related events and produce newsletters. | : User group at CNM Social; the group may organize software-related events and produce newsletters. | ||
− | : [[ | + | : [[Educaship WordPress]] (hereinafter, the ''App'') is the [[CNM app]] that is configured to power [[CNM Page]], [[PageHandsOn]], or [[PageNext]] [[CNMCyber service|service]] of [[CNMCyber]]. The ''App'' is based on [[commercial off-the-shelf]] ([[COTS]]) [[content management software]] ([[content management software|CMS]]), [[WordPress]]. The ''App'' is a part of [[Opplet]]. |
==Architecture== | ==Architecture== | ||
Line 43: | Line 131: | ||
==Technical requirements== | ==Technical requirements== | ||
− | : | + | : To run WordPress is recommended your host supports: |
+ | #PHP version 7.4 or greater; | ||
+ | #MySQL version 5.7 or greater OR MariaDB version 10.3 or greater; | ||
+ | #Nginx or Apache with mod_rewrite module; | ||
+ | #HTTPS support. | ||
+ | : Hosting is more secure when WordPress is run using your account’s username instead of the server’s default shared username. Ask your host what steps they take to ensure the security of your account. | ||
− | + | ==Instances== | |
+ | * https://vsemka.com/ | ||
+ | * https://vebka.theeconomicgroup.com/ | ||
+ | * https://theeconomicgroup.com/ | ||
+ | * https://worldopp.com/ | ||
+ | * https://scheje.com/ | ||
==See also== | ==See also== | ||
===Related lectures=== | ===Related lectures=== | ||
− | :*[[What CNM Page Be]]. | + | :*[[What CNM Page Be]]. |
==Related lectios== | ==Related lectios== |
Latest revision as of 06:21, 15 April 2024
Educaship WordPress (formerly known as CNM Pageware; hereinafter, the Soft) is a CNM stable app built with WordPress.
Development of the Soft occurs under the WordPress for CNM Cloud project.
Contents
Product specification
- The Product specifications are:
Database system
- It deploys MariaDB as its database management system. MariaDB maintains full compatibility with MySQL, retaining the same APIs, commands, and replacements. MariaDB has several optimizations that improve performance over MySQL. MariaDB often gives slightly better results due to its superior engine and efficient SQL query optimizer. Because you don't need to make any code or configuration changes during the transition, MariaDB acts as a replacement for MySQL. MariaDB implements high availability and scalability based on the Galeria cluster solution from Finnish provider Codership.
- MariaDB has become a standalone database management system through continuous development and has gained a significant advantage over MySQL which WordPress usually uses as a database management system.
- The databases are connected on the Admin Terminal. You can learn more about databases on the Educaship MariaDB, Educaship PostgreSQL. You can manage and configure the WordPress data not only with the database system but also with the database files, which are also located in the Admin Terminal.
- Databases cannot be administered by a Educaship WordPress administrator. They must be administered by a system administrator who has access to the CNM Campus Farm. The Educaship WordPress administrator only administers the content on websites.
Hosting
- Server for Educaship WordPress websites is hosted by Contabo. We don't use a separate server for Educaship WordPress, Educaship WordPress is on the server along with all the applications on CNM Campus Farm.
Software instances
- Software instances that power core, hands-on training, and experiential systems and applications. This software tends to be titled in the "CNM/Opplet COTS-name" format.
Security
- Security is an important topic because any software becomes a target for hackers. WordPress is the most popular CMS and also has open source code, which is why sites built on WordPress, more often produce a variety of attacks, which include a number of ways to gain unauthorized access to the files of WordPress:
- One of the ways we've noticed on our Educaship WordPress is through hackers in the form of bots that come into the chat room.
- The other way is when hackers know that there is an admin and there is a certain directory structure and they try to come in as an admin and infiltrate some program of their own. So the use of standard addresses and paths makes it easier for hackers. They also target plugins as the most vulnerable point.
- As hackers gain experience in finding new ways to exploit vulnerabilities, so WordPress developers and experts are getting better at creating sites that are harder to hack. Not wanting the security of our sites to be circumvented and hackers to gain access to data we follow a list of must-have requirements, we:
- restrict access to the wp-config, ht-access files in the database so that they cannot be edited;
- are constantly updating plugins because the biggest security hole in WordPress is plugins and themes;
- have as few themes as possible, 2 at most;
- only install themes and plugins from reliable sources;
- change the prefix in the database;
- do not use the standard login - admin;
- do not use the standard user;
- disable user registration directly on our site.
- But we still had problems:
- The first problem was with bots, but that was before we switched the registration to Opplet. And we have banned unregistered users from posting comments now.
- Other things that are used for security are described at SOP.
Malware protection
- Previously, Opplet developers struggled with the viruses, so an effective anti-virus strategy must be found -- what was the solution? The cause of the viruses was not found. There is an assumption that the viruses were not on Educaship WordPress but on the CNM Campus Farm. The problem with viruses was solved after switching to a new system.
Standing operating procedures
Monitoring process
- Monitoring is done in Nagios Snapshots are made by hand, not on Educaship WordPress. Read more: Educaship Nagios.
Backup
- Usually the main backup is done on the farm, not on Educaship WordPress. So you can read more about backup on CNM Campus Farm.
- To backup a WordPress site for free, you will first need to install the UpdraftPlus plugin. To do so, open your WordPress dashboard, and select Plugins > Add Plugins from the menu bar:
- Then type UpdraftPlus into the Search Bar. Select the UpdraftPlus WordPress Backup Plugin and click Install Now > Activate.
- To set up UpdraftPlus, select Settings > UpdraftPlus Backups from your WordPress menu.
- This will open the UpdraftPlus Backup/Restore page, where you can customize the UpdraftPlus settings to suit your backup needs. Let’s take a look at what you can do…
Backup manually
- In the main dashboard, UpdraftPlus lets you manually backup your WordPress website at any time. To do so, simply click on the Backup Now button.
- You can either download the manual backup to your local server or have UpdraftPlus automatically upload it to a remote storage location.
Configure scheduled backups
- To save yourself the trouble of remembering to manually backup, UpdraftPlus lets you create your own automatic backup schedule. To set up regularly scheduled WordPress backups, select the Settings tab on the UpdraftPlus Backup/Restore page.
- Here you can choose how often to backup your database and files. Options include:
- Every 4, 8 or 12 hours;
- Daily;
- Weekly, fortnightly, or monthly.
- Your selection will depend on how often you update your site.
Snapshot
- We take snapshots of the entire database it's made by hand. Separately, Educaship WordPress snapshots are not taken. More about snapshots: Educaship MariaDB, Educaship Nagios.
Versions and patch
- Each minor update fixes bugs, crashes or security vulnerabilities found in the previous version. While most updates contain security improvements, many updates are performance-oriented, which may be more subtle.
- It's not hard to update the version of WordPress, you should:
- open your WordPress dashboard;
- click the Updates on the left sidebar. Here you see will the current version and the option to update it.
- Before updating, please back up your database and files. For help with updates, visit the Updating WordPress documentation page.
- After updating the version you should check the plugins as they may not work correctly after the update.
Plugins
- You should check each plugins after the updated version of CNM WordPress;
- You can set up auto-updates;
Active Directory Integration for Intranet Sites
- After installing or updating the plugin, you need to check whether the registration passes or not.
System recovery
- If restoring a site with a pre-existing UpdraftPlus installation, go to Settings->UpdraftPlus Backups and click the ‘Restore’ button. This will open the ‘Existing Backups’ tab. There you will see a record of your backup. In the Existing Backups tab click the ‘Restore’ button for the backup set that you want to restore (under the ‘Actions’ column). A pop-up will appear with a list of options to restore:
Hands-on assignments
- Hands-on assignments that CNM learners can use to get accustomed to the software while using its hands-on training systems and applications.
Presentations
- CNM WordPress was presented at a series of events called CNMCyber Guided Tours:
User group
- User group at CNM Social; the group may organize software-related events and produce newsletters.
- Educaship WordPress (hereinafter, the App) is the CNM app that is configured to power CNM Page, PageHandsOn, or PageNext service of CNMCyber. The App is based on commercial off-the-shelf (COTS) content management software (CMS), WordPress. The App is a part of Opplet.
Architecture
Technical requirements
- To run WordPress is recommended your host supports:
- PHP version 7.4 or greater;
- MySQL version 5.7 or greater OR MariaDB version 10.3 or greater;
- Nginx or Apache with mod_rewrite module;
- HTTPS support.
- Hosting is more secure when WordPress is run using your account’s username instead of the server’s default shared username. Ask your host what steps they take to ensure the security of your account.
Instances
- https://vsemka.com/
- https://vebka.theeconomicgroup.com/
- https://theeconomicgroup.com/
- https://worldopp.com/
- https://scheje.com/
See also
Related lectures
Related lectios
Lectios that provide CNM learners with knowledge about the deployed software.