Do You Support WordPress? Are There Any Drawbacks To Using It?
As of early 2015, I’ve made WordPress available, alongside mojoPortal, to be used for content management needs within Student Affairs. As most already know, WordPress offers a ton of options as it relates to plugins and themes, making it an excellent choice for use for your site. There are a few considerations before deciding to use it, especially if you are already using mojoPortal:
- There is no migration path to getting your data out of mojoPortal. All of your content would have to be moved manually, and we would have to find alternate plugins (eg, if you were using the form wizard or event calendar plugin in mojoPortal). In short, you would be building a site again from scratch.
- If you have any custom plugins that I built for you (the majority of my sites do not) then those would definitely impact my ability to deploy a site, since they would likely need to be rewritten in PHP, or otherwise ported into the new site (eg, using iframes).
- If your site was designed on/after 2012 or so, I have a tool at my disposal that makes converting the skin for use in WordPress fairly painless (eg, taking minutes to do instead of days). If you are wanting to switch to WordPress and are willing to use your same skin, then this will definitely expedite the process (allowing me to release your site much sooner than if I had to design something new).
Due to its popularity, WordPress is a top target for hackers, even though the core is very secure (it’s typically the plugins/themes that are added to WordPress which may make it insecure). This said, there are numerous ways that WordPress can be hardened. Here are the typical, minimal precautions I take before releasing a site at CSU:
- You will not be able be able to access the log in page (/wp-login.php) of WordPress unless you are on-campus or using a VPN connection. Please see http://www.acns.colostate.edu/Help/SSL-VPN for more information on how to connect using VPN.
- I typically create a different access point to the login page. Eg, for a normal WordPress installation, the login page would be http://yourdomain.colostate.edu/wp-login.php. I very likely will change this to be something else, and you will need to contact me in order to get the login url.
- You will be locked out of your account after a predefined number of failed login attempts.
- Registration of new accounts will either be disabled entirely or require manual approval
Please contact me directly if you wish to learn about other precautions I take to secure WordPress installations.
I purposely disable the installation of all themes/plugins, as I want to review each one to ensure that adding a new plugin or theme won’t compromise the site’s security or performance. If you have a theme/plugin you would like installed on your site, please just let me know.
I do have a number of themes at my disposal to deploy for your site if you want to have some examples to look at to give you ideas.