Appendix 1: The WordPress CMS platform
WordPress has extensive, regularly maintained guidance available at https://codex.wordpress.org/
We have selected sections of this guidance that we feel are particularly relevant for this report.
WordPress say that the platform “is limited only by your imagination.” It is the basis of the websites of most government departments and many universities.
WordPress is a dynamic, open-source content-management system which is used to power millions of websites, web applications, and blogs. It currently powers more than 24% of the top 10 million websites on the Internet. It is the most widely-used CMS software in the world, with an estimated 60% market share of all sites using a CMS. WordPress’ usability, extensibility, and mature development community make it a popular and secure choice for websites of all sizes.
Since its inception in 2003, WordPress has undergone continual hardening so that its core software can address and mitigate common security threats, including the top 10 list identified by The Open Web Application Security Project (OWASP) as common security vulnerabilities.
The WordPress Security Team, in collaboration with the WordPress Core Leadership Team and backed by the WordPress global community, works to identify and resolve security issues in the core software available for distribution and installation at WordPress.org, as well as recommending and documenting security best practices for third-party plugin and theme authors.
Site developers and administrators should pay particular attention to the correct use of core APIs and underlying server configuration, which have been the source of common vulnerabilities, as well as ensuring all users employ strong passwords to access WordPress.
WordPress is a free and open-source content management system (CMS).
WordPress is licensed under the General Public License (GPLv2 or later) which provides four core freedoms, and can be considered as the WordPress “bill of rights”:
- The freedom to run the program, for any purpose.
- The freedom to study how the program works, and change it to make it do what you wish.
- The freedom to redistribute.
- The freedom to distribute copies of your modified versions to others.
WordPress combines simplicity for users and publishers with under-the-hood complexity for developers. This makes it flexible while still being easy-to-use.
The following is a list of some of the features that come as standard with WordPress. However, there are thousands of plugins that extend what WordPress does, so the actual functionality is almost limitless. Users/developers are also free to change the WordPress code, extend it or modify in any way, or use it for commercial projects without any licensing fees. That is the beauty of free software, free refers not only to price but also the freedom to have complete control over it.
- Simplicity: Simplicity makes it possible for users to get online and start publishing, quickly. WordPress is built for that purpose.
- Flexibility: With WordPress, you can create any type of website required: a personal blog or website, a photoblog, a business website, a professional portfolio, a government website, a magazine or news website, an online community, even a network of websites (via Multi-site). Users can make websites beautiful with style themes, and extend functionality with plugins and can even build their very own application.
- Publish with Ease: If users have ever created a document, then they should find creating content within WordPress easy. Posts and Pages can be created with formatting being easy, media can be inserted/embedded, and with the click of a button content is live and on the web.
- Publishing Tools: WordPress makes it easy to manage content – creating drafts, scheduling publication, looking at post revisions, making content public or private, and securing posts and pages with a password.
- User Management: Not everyone requires the same access to a website. Administrators manage the site, editors work with content, authors and contributors write that content, and subscribers have a profile that they can manage. This allows for a variety of contributors to a website at different levels, with others simply being part of a community.
- Media Management: They say a picture says a thousand words, which is why it’s important to be able to quickly and easily upload images and media to WordPress. Media can be dragged and dropped into the uploader, Alt text, captions, and titles can be added, and images can be massed into galleries.
- Full Standards Compliance: Every piece of WordPress-generated code is in full compliance with the standards set by the W3C. This means that websites will work in today’s browser, while maintaining forward compatibility with the next generation of browser.
- Easy Theme System: WordPress comes bundled with two default themes, but if these aren’t suitable there’s a theme directory with thousands of themes from which to create a beautiful website; some themes are available free of charge and some are premium themes/frameworks which are costed, albeit at a fairly low level. There is also capacity to develop and upload personalised themes with the click of a button. Themes can be changed easily, without loss of content and with minimal downtime.
- Extend with Plugins: WordPress comes packed full of features for every user, plus, there’s a plugin directory with thousands of plugins available – again some free of charge and some costed. Add complex galleries, social networking, forums, social media widgets, spam protection, calendars, fine-tune controls for search engine optimisation, add forms – the list continues.
- Built-in Comments: A blog is home on many websites and the comment tool provides a space for users/followers to engage with the site content. WordPress’s comment tools provide everything needed for a framework for discussion and for that discussion to be moderated before being displayed.
- Search Engine Optimized: If SEO is important for a website, then WordPress is optimised for search engines right out of the box. For more fine-grained SEO control, there are also plenty of SEO plugins to take care of that.
- Multilingual: WordPress is available in more than 70 languages, with options to build in one language and provide read access in other languages.
- Easy Installation and Upgrades: WordPress has always been easy to install and upgrade. Users can opt for a manual installation, creating a database and uploading WordPress via FTP and then running the installer. For those not familiar with FTP, plenty of web hosts offer one-click WordPress installers that automate the process.
- Importers: WordPress comes with importers from other platforms e.g. Blogger, LiveJournal, Movable Type, TypePad, Tumblr, and also from other WordPress instances.
- Owning Data: Hosted WordPress services are available and if ownership of data is not critical, then these hosted services are fine. However, stand-alone installations are very common and these allow users to have full control/ownership of both the data and the installation.
- Freedom: WordPress is licensed under the GPL which was created to protect freedoms. Users are able to use WordPress in any way they choose: install it, use it, modify it, distribute it. Software freedom is the foundation that WordPress is built on.
- Community: As the most popular open-source CMS on the web, WordPress has a vibrant and supportive community. Questions can be raised on the support forums and in most cases help will be provided. There are also a variety of opportunities and formats via which users can learn more about WordPress. Community is at the heart of WordPress.
- Contribute Users can help to build WordPress, answer questions on the support forums, write documentation, translate WordPress, speak at training events, and write about WordPress etc.
Functionality for Developers
WordPress allows developers to take it in whatever direction they wish due to the following functions:
- Plugin System: The WordPress APIs make it possible to create plugins to extend WordPress. WordPress’s extensibility lies in the thousands of hooks at a developer’s disposal. Once a plugin is created it can be added to a repository for others to use.
- Theme System: WordPress themes can be created for personal use, for clients, customers, and for other WordPress users. The WordPress API provides the extensibility to create themes as simple or as complex as needed. Themes can also be made available via a repository.
- Application Framework: If developers want to build an application, WordPress can help with that too. Under-the-hood WordPress provides a lot of the features that apps will need, things like: translations, user management, HTTP requests, databases, URL routing and much more.
- Custom Content Types: WordPress comes with default content types, but additional flexibility can be added with a few lines of code to create custom post types, taxonomies, and metadata.
- The Latest Libraries: WordPress comes with the latest script libraries available – these include jQuery, Plupload, Underscore.js and Backbone.js.
In addition to standard core facilities for single sites, WordPress also provides Multi-site functionality which allows users to create a network of sites on a single WordPress installation.
Multi-site Network Features and benefits include:
- Running a network of multiple WordPress websites from a single WordPress installation
- Set up a network structured via subdomains like http://john.example.com or sub-directories like http://www.example.com/john/
- Allowing multi-level access for different types of users within the network
- Enabling Super Admin access to install themes and plugins and make them available to all other sites on the network. This enables plugins and themes to be easily deployed across the network and restricts what structural elements can be changed within individual sites
- Quick access for Super Admin to many user sites, thus making management of the sites easier
- Users requiring supervisory access can be associated with many sites from a single sign-on account
- Upgrades to core WordPress, plugins and themes need only be applied once across the whole network.
If using WordPress, an institution will need at least some knowledge of it to install the software. While an institution may not have a designated WordPress expert, due to its ubiquity, it is very likely that existing members of staff will already be familiar with installing WordPress and its hosting requirements. The following information will be useful for this designated member of staff:
To run WordPress, they recommend your host supports:
WordPress recommends Apache or Nginx as the most robust and featureful server for running WordPress, but any server that supports PHP and MySQL will do. That said, WordPress says they can’t test every possible environment and option for hosting platforms that can support WordPress, if in-house hosting is not available/desired.
Appendix 2: MKDO – who they are and what they do
With a combination of over 30 years of web development experience, the company comprises a core team of 3 experienced developers, supported by a collaborative network of associates (other businesses and freelancers), who are hired to assist with individual projects as and when required.
MKDO Core Team
Kimb Jones (Managing Director): Kimb is known as a key member of the UK WordPress community and has spoken at over 11 WordPress conferences in the UK and abroad since 2009. He has a history of working on large WordPress projects within the NHS and with charities. He leads MKDO in the areas of client relations and design.
Matt Watson (Technical Lead): Matt leads all of the important MKDO developments such as: custom plugin development, system integrations and consultancy with clients and partners. He has worked on a range of large local-government WordPress developments.
Dave Green (Senior Development Manager): Dave specialises in cutting-edge, front-end development and brings several years of WooCommerce experience on board. He indulges in his passions of making a faster, responsive and more accessible web, through creating time-saving workflow systems.
The main goal of any MKDO project is to deliver a customised and flexible WordPress solution that powers a high-quality website or application, and outputs many different variations of data and content. They build for devices of all sizes and shapes with a keen eye on performance and accessibility.
Other projects delivered by them include:
Discover Dearne (http://discoverdearne.org.uk/): Developed for the Dearne Valley Landscape Partnership
FreeSpeechDebate (http://freespeechdebate.com/en/): Developed for The Oxford University-funded FreeSpeechDebate project
For further information about MKDO see https://www.MKDO.net/