[hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Shirley Hicks
Learning more WordPress, working on the Birmingham Red Mountain Makers site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Matt Joyce
The remote exploits are awesome. Much love to xml-rpc.

On October 31, 2015 8:01:23 PM EDT, Shirley Hicks <[hidden email]> wrote:
Learning more WordPress, working on the Birmingham Red Mountain Makers site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.


Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Shirley Hicks

On Oct 31, 2015, at 7:08 PM, Matt Joyce <[hidden email]> wrote:

The remote exploits are awesome. Much love to xml-rpc.

Answer to that is good security, CDNs and regular updates. Boxes ticked.
— Shirley

On October 31, 2015 8:01:23 PM EDT, Shirley Hicks <[hidden email]> wrote:
Learning more WordPress, working on the Birmingham Red Mountain Makers site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.


Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

charlie wallace

Good security and wordpress/php in the same sentence . It is Halloween after all

On Oct 31, 2015 5:35 PM, "Shirley Hicks" <[hidden email]> wrote:

On Oct 31, 2015, at 7:08 PM, Matt Joyce <[hidden email]> wrote:

The remote exploits are awesome. Much love to xml-rpc.

Answer to that is good security, CDNs and regular updates. Boxes ticked.
— Shirley

On October 31, 2015 8:01:23 PM EDT, Shirley Hicks <[hidden email]> wrote:
Learning more WordPress, working on the Birmingham Red Mountain Makers site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.


Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Jurgen Gaeremyn
Heya,

Didn't know hackerspaces also kept trolls...

PHP and WordPress are known to be unsafe because many people can use it, but many don't have the needed skillset or/and discipline to maintain code. Please point me to a language that is inherently safe, and I will bow to your superiority.

As for the question on topic... Not that familiar with WordPress, but apart from a blog per user, a calendar is always nice... Maybe add a honeypot to see how many script-kiddies tried to perform an xml-rpc attack on your site. ;-)

charlie wallace <[hidden email]> schreef op 1 november 2015 02:56:05 CET:

Good security and wordpress/php in the same sentence . It is Halloween after all

On Oct 31, 2015 5:35 PM, "Shirley Hicks" <[hidden email]> wrote:

On Oct 31, 2015, at 7:08 PM, Matt Joyce <[hidden email]> wrote:

The remote exploits are awesome. Much love to xml-rpc.

Answer to that is good security, CDNs and regular updates. Boxes ticked.
— Shirley

On October 31, 2015 8:01:23 PM EDT, Shirley Hicks <[hidden email]> wrote:
Learning more WordPress, working on the Birmingham Red Mountain Makers site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.


Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss



Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Bill Shaw-2
In reply to this post by Shirley Hicks
We've found WordFence to be particularly helpful in keeping our site updated and secure.

Regards,
Bill Shaw
Tampa Hackerspace

On Sun, Nov 1, 2015 at 3:58 AM, <[hidden email]> wrote:
---------- Forwarded message ----------
From: Shirley Hicks <[hidden email]>
To: Hackerspaces General Discussion List <[hidden email]>
Cc: 
Date: Sat, 31 Oct 2015 19:01:23 -0500
Subject: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?
Learning more WordPress, working on the Birmingham Red Mountain Makers site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Russell Fair
I set up WordPress for two makerspaces here in Atlanta. Both decaturmakers.org and geekspacegwinnett.org run a similar WordPress installation. In fact all of the source, including WordPress, some plugins that we use etc. is available on github at:: https://github.com/DecaturMakers/DecaturMakers.org You're welcome to take a look at the plugins that we use. Note that not ALL of them are active. 

On a high level here are the plugins that we couldn't go without:
GravityForms - for creating contact forms, surveys, etc. It is a premium plugin, but worth every penny. 
Restrict Content Pro - also a premium plugin that creates a membership system that handles member's "accounts". It supports recurring payments through Stripe. It has taken some work to get it set up for our membership types, but worth it vs. using a third party tool. 

We also are using a plugin called "amr events calendar or lists with ical files" to keep our meetup and google calendars synced up. 

We keep Akismet, Limit Login Attempts, Wordfence, WP Super Cache, Google Analytics and WordPress SEO (by Yoast) active as well. 

On the security note: there are some valid security concerns associated with WordPress - but I would add that most of these concerns are not really with the core WordPress software rather with something "else" including the hosting environment, third party themes or plugins, or lack of good security procedures in general. 

Start by choosing a secure web hosting provider. I use LiquidWeb and have a managed VPS (here is my referral link in case this thread wasn't being trolled enough - http://www.liquidweb.com/?RID=rfair404 ) - I prefer it over their shared hosting offerings but those aren't bad either. Unless you have a qualified sysadmin willing to set up and secure your own server I would NOT suggest you go with a non-managed VPS, though Digital Ocean has an unbeatable price point. 

Keep ALL of your site code under version control. In the event that your site goes down, you will be sure that the site code is retrievable. 

Keep an off-site backup. I use "backupwordpress" plugin to send a nightly email backup of the database. Send it to an official within the organization or better yet, set up a dedicated address just for these.  

hope it helps! Feel free to contact me off list if you want additional information!



On Sun, Nov 1, 2015 at 5:43 AM, Bill Shaw <[hidden email]> wrote:
We've found WordFence to be particularly helpful in keeping our site updated and secure.

Regards,
Bill Shaw
Tampa Hackerspace

On Sun, Nov 1, 2015 at 3:58 AM, <[hidden email]> wrote:
---------- Forwarded message ----------
From: Shirley Hicks <[hidden email]>
To: Hackerspaces General Discussion List <[hidden email]>
Cc: 
Date: Sat, 31 Oct 2015 19:01:23 -0500
Subject: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?
Learning more WordPress, working on the Birmingham Red Mountain Makers site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.


_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss




--
Thanks,

Russell Fair
770.401.9039

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

charlie wallace
In reply to this post by Jurgen Gaeremyn
can't have been to that many then.

saying that no language is secure or the coders are at fault, doesn't
mean one particular software package or PHP isn't even less secure or
the best choice. Pretty much every time a site we run used wordpress
has been owned, there are so many exploits for it and like windows
there are a lot of people trying to break into it because its so
popular.. they did improve it a lot, but its the attack vector of
choice. I can show you more secure languages, and less secure
languages, but that is not a useful metric for this usage case, how
secure something else has zero to do with wordpress/php.

sure you can do all of these things that take time and money to make
it less of an attack vector, run what you like.



On Sun, Nov 1, 2015 at 1:57 AM, Jurgen Gaeremyn <[hidden email]> wrote:

> Heya,
>
> Didn't know hackerspaces also kept trolls...
>
> PHP and WordPress are known to be unsafe because many people can use it, but
> many don't have the needed skillset or/and discipline to maintain code.
> Please point me to a language that is inherently safe, and I will bow to
> your superiority.
>
> As for the question on topic... Not that familiar with WordPress, but apart
> from a blog per user, a calendar is always nice... Maybe add a honeypot to
> see how many script-kiddies tried to perform an xml-rpc attack on your site.
> ;-)
>
> charlie wallace <[hidden email]> schreef op 1 november 2015
> 02:56:05 CET:
>>
>> Good security and wordpress/php in the same sentence . It is Halloween
>> after all
>>
>> On Oct 31, 2015 5:35 PM, "Shirley Hicks" <[hidden email]>
>> wrote:
>>>
>>>
>>> On Oct 31, 2015, at 7:08 PM, Matt Joyce <[hidden email]> wrote:
>>>
>>> The remote exploits are awesome. Much love to xml-rpc.
>>>
>>>
>>> Answer to that is good security, CDNs and regular updates. Boxes ticked.
>>> — Shirley
>>>
>>>
>>> On October 31, 2015 8:01:23 PM EDT, Shirley Hicks
>>> <[hidden email]> wrote:
>>>>
>>>> Learning more WordPress, working on the Birmingham Red Mountain Makers
>>>> site to take our site up to the next level of usefulness.
>>>> What types of functionality have you all found most useful or fun within
>>>> wordpress websites?
>>>> If it’s useful for all, I’ll compile answers and stats.
>>>>
>>>> — Shirley Hicks
>>>> Red Mountain Makers.
>>>> ________________________________
>>>>
>>>> Discuss mailing list
>>>> [hidden email]
>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>
>>>
>>> --
>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>
>>>
>>>
>>> _______________________________________________
>>> Discuss mailing list
>>> [hidden email]
>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>
>> ________________________________
>>
>> Discuss mailing list
>> [hidden email]
>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> Discuss mailing list
> [hidden email]
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>
_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Bob Baddeley
Our space (http://Sector67.org) has a few features that we've built
ourselves that work really well, in addition to some regular plugins.
We've had to pay for some of them:

WooCommerce, WooCommerce Subscriptions, WooEvents Pro, WooCommerce
Account Funds, and Event Calendar & Ticketing.
This combination lets us have a store to sell kits and raw materials,
but it also lets us do classes, special events, and take payment for
everything, including monthly membership. Allowing people to manage
their membership level online, take care of their automatic monthly
payments, use their credit card or paypal (or check/cash if they want),
and have reports and account balances has taken a lot of the load off
money management at the space. Anyone who is a member can create an
event/class, schedule space, and take payments.

WP-Members and Members and Nave Menu Roles - allows us to assign members
limited permissions on the site, and changes what's available based on
different member levels. For example, only members can see the page that
contains the webcams throughout the space.

We also got a wiki plugin, which we use for documentation on the tools
in the space; how to use them, where they are, tips for settings for
various common tasks, etc.

Then it gets cool. We built another plugin on top of all these that
manages 'machines' in the space and their usage. We have RFID keys for
door access, and Raspberry Pi's at the doors. When an RFID is swiped,
the pi makes a web service request to our plugin to check the membership
and permission level of that user and allows them access. We have some
caching in place in case the web goes down, but essentially we have a
web interface that controls who has access to what physical things.
We've also tied this system in to our laser cutter, where we not only
enable/disable the laser based on whether the person has been trained,
but we track the length of the job and charge against their account
funds for how many seconds of laser time (since the laser tube is a
consumable). We have a scale next to our 3D printer area with a pi that
lets you pay for plastic parts using account funds as well.

Our biggest problem with this is that our web site is kinda slow, and
though we're using a plugin called W3 Total Cache to cache chunks and
reduce processor time, we're on Dreamhost, so...

As awesome as this setup is, though, like any hackerspace it's pretty
cobbled together, and we don't have an installation script for the
plugin we wrote. Plus it was a few hundred dollars for all the plugins
we bought. Still, for the features and convenience it affords, it was a
good investment. And being able to have an automated system for charging
for filament and laser time ensures that people pay for consumables and
the space isn't hurting from abuse.



On 11/01/2015 09:51 AM, charlie wallace wrote:

> can't have been to that many then.
>
> saying that no language is secure or the coders are at fault, doesn't
> mean one particular software package or PHP isn't even less secure or
> the best choice. Pretty much every time a site we run used wordpress
> has been owned, there are so many exploits for it and like windows
> there are a lot of people trying to break into it because its so
> popular.. they did improve it a lot, but its the attack vector of
> choice. I can show you more secure languages, and less secure
> languages, but that is not a useful metric for this usage case, how
> secure something else has zero to do with wordpress/php.
>
> sure you can do all of these things that take time and money to make
> it less of an attack vector, run what you like.
>
>
>
> On Sun, Nov 1, 2015 at 1:57 AM, Jurgen Gaeremyn <[hidden email]> wrote:
>> Heya,
>>
>> Didn't know hackerspaces also kept trolls...
>>
>> PHP and WordPress are known to be unsafe because many people can use it, but
>> many don't have the needed skillset or/and discipline to maintain code.
>> Please point me to a language that is inherently safe, and I will bow to
>> your superiority.
>>
>> As for the question on topic... Not that familiar with WordPress, but apart
>> from a blog per user, a calendar is always nice... Maybe add a honeypot to
>> see how many script-kiddies tried to perform an xml-rpc attack on your site.
>> ;-)
>>
>> charlie wallace <[hidden email]> schreef op 1 november 2015
>> 02:56:05 CET:
>>> Good security and wordpress/php in the same sentence . It is Halloween
>>> after all
>>>
>>> On Oct 31, 2015 5:35 PM, "Shirley Hicks" <[hidden email]>
>>> wrote:
>>>>
>>>> On Oct 31, 2015, at 7:08 PM, Matt Joyce <[hidden email]> wrote:
>>>>
>>>> The remote exploits are awesome. Much love to xml-rpc.
>>>>
>>>>
>>>> Answer to that is good security, CDNs and regular updates. Boxes ticked.
>>>> — Shirley
>>>>
>>>>
>>>> On October 31, 2015 8:01:23 PM EDT, Shirley Hicks
>>>> <[hidden email]> wrote:
>>>>> Learning more WordPress, working on the Birmingham Red Mountain Makers
>>>>> site to take our site up to the next level of usefulness.
>>>>> What types of functionality have you all found most useful or fun within
>>>>> wordpress websites?
>>>>> If it’s useful for all, I’ll compile answers and stats.
>>>>>
>>>>> — Shirley Hicks
>>>>> Red Mountain Makers.
>>>>> ________________________________
>>>>>
>>>>> Discuss mailing list
>>>>> [hidden email]
>>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>>
>>>> --
>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Discuss mailing list
>>>> [hidden email]
>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>>
>>> ________________________________
>>>
>>> Discuss mailing list
>>> [hidden email]
>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>> _______________________________________________
>> Discuss mailing list
>> [hidden email]
>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
> _______________________________________________
> Discuss mailing list
> [hidden email]
> http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Russell Fair
I'm intentionally leaving the security aspects out of this reply, that's another conversation entirely. 

Bob, I'd be interested to see the code that you used to integrate your pi's, RFID and WordPress. we've talked about doing something similar. is the code open source?

as for the server being slow that (much like the security convo) is a pretty long winded one. one thing to consider is using a CDN for delivery of the static assets such as js, css, jpg and png etc. Most of the "slowness" you'll encounter is due to "front end" stuff like uncompressed and unminimized static files. "back end" database optimizations etc are not usually a big help (most cases). 

Be sure to enable gzip compression on the server and utilize both disk and memory based caching in w3total cache. 

We use Varnish http accelerator in front of our http server (apache). this helps as does utilizing the object cache that is built into WordPress. Most shared hosts like dreamhost, bluehost etc. DO NOT support these features so moving to a new host might help solve some of those issues.



On Sun, Nov 1, 2015 at 11:48 AM, Bob Baddeley <[hidden email]> wrote:
Our space (http://Sector67.org) has a few features that we've built ourselves that work really well, in addition to some regular plugins. We've had to pay for some of them:

WooCommerce, WooCommerce Subscriptions, WooEvents Pro, WooCommerce Account Funds, and Event Calendar & Ticketing.
This combination lets us have a store to sell kits and raw materials, but it also lets us do classes, special events, and take payment for everything, including monthly membership. Allowing people to manage their membership level online, take care of their automatic monthly payments, use their credit card or paypal (or check/cash if they want), and have reports and account balances has taken a lot of the load off money management at the space. Anyone who is a member can create an event/class, schedule space, and take payments.

WP-Members and Members and Nave Menu Roles - allows us to assign members limited permissions on the site, and changes what's available based on different member levels. For example, only members can see the page that contains the webcams throughout the space.

We also got a wiki plugin, which we use for documentation on the tools in the space; how to use them, where they are, tips for settings for various common tasks, etc.

Then it gets cool. We built another plugin on top of all these that manages 'machines' in the space and their usage. We have RFID keys for door access, and Raspberry Pi's at the doors. When an RFID is swiped, the pi makes a web service request to our plugin to check the membership and permission level of that user and allows them access. We have some caching in place in case the web goes down, but essentially we have a web interface that controls who has access to what physical things. We've also tied this system in to our laser cutter, where we not only enable/disable the laser based on whether the person has been trained, but we track the length of the job and charge against their account funds for how many seconds of laser time (since the laser tube is a consumable). We have a scale next to our 3D printer area with a pi that lets you pay for plastic parts using account funds as well.

Our biggest problem with this is that our web site is kinda slow, and though we're using a plugin called W3 Total Cache to cache chunks and reduce processor time, we're on Dreamhost, so...

As awesome as this setup is, though, like any hackerspace it's pretty cobbled together, and we don't have an installation script for the plugin we wrote. Plus it was a few hundred dollars for all the plugins we bought. Still, for the features and convenience it affords, it was a good investment. And being able to have an automated system for charging for filament and laser time ensures that people pay for consumables and the space isn't hurting from abuse.




On 11/01/2015 09:51 AM, charlie wallace wrote:
can't have been to that many then.

saying that no language is secure or the coders are at fault, doesn't
mean one particular software package or PHP isn't even less secure or
the best choice. Pretty much every time a site we run used wordpress
has been owned, there are so many exploits for it and like windows
there are a lot of people trying to break into it because its so
popular.. they did improve it a lot, but its the attack vector of
choice. I can show you more secure languages, and less secure
languages, but that is not a useful metric for this usage case, how
secure something else has zero to do with wordpress/php.

sure you can do all of these things that take time and money to make
it less of an attack vector, run what you like.



On Sun, Nov 1, 2015 at 1:57 AM, Jurgen Gaeremyn <[hidden email]> wrote:
Heya,

Didn't know hackerspaces also kept trolls...

PHP and WordPress are known to be unsafe because many people can use it, but
many don't have the needed skillset or/and discipline to maintain code.
Please point me to a language that is inherently safe, and I will bow to
your superiority.

As for the question on topic... Not that familiar with WordPress, but apart
from a blog per user, a calendar is always nice... Maybe add a honeypot to
see how many script-kiddies tried to perform an xml-rpc attack on your site.
;-)

charlie wallace <[hidden email]> schreef op 1 november 2015
02:56:05 CET:
Good security and wordpress/php in the same sentence . It is Halloween
after all

On Oct 31, 2015 5:35 PM, "Shirley Hicks" <[hidden email]>
wrote:

On Oct 31, 2015, at 7:08 PM, Matt Joyce <[hidden email]> wrote:

The remote exploits are awesome. Much love to xml-rpc.


Answer to that is good security, CDNs and regular updates. Boxes ticked.
— Shirley


On October 31, 2015 8:01:23 PM EDT, Shirley Hicks
<[hidden email]> wrote:
Learning more WordPress, working on the Birmingham Red Mountain Makers
site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within
wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.
________________________________

Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.



_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

________________________________

Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss



--
Thanks,

Russell Fair
770.401.9039

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Rubin Abdi
No one uses the Noisebridge blog, it's too obnoxious for people to request accounts. The anon post form doesn't work half the time, it's out of the way.

My advice is that if showing off what's going on inside your hacker space is important, than you need to make it as easy as possible for folks to post to your blog.


On 1 November 2015 at 11:20, Russell Fair <[hidden email]> wrote:
I'm intentionally leaving the security aspects out of this reply, that's another conversation entirely. 

Bob, I'd be interested to see the code that you used to integrate your pi's, RFID and WordPress. we've talked about doing something similar. is the code open source?

as for the server being slow that (much like the security convo) is a pretty long winded one. one thing to consider is using a CDN for delivery of the static assets such as js, css, jpg and png etc. Most of the "slowness" you'll encounter is due to "front end" stuff like uncompressed and unminimized static files. "back end" database optimizations etc are not usually a big help (most cases). 

Be sure to enable gzip compression on the server and utilize both disk and memory based caching in w3total cache. 

We use Varnish http accelerator in front of our http server (apache). this helps as does utilizing the object cache that is built into WordPress. Most shared hosts like dreamhost, bluehost etc. DO NOT support these features so moving to a new host might help solve some of those issues.



On Sun, Nov 1, 2015 at 11:48 AM, Bob Baddeley <[hidden email]> wrote:
Our space (http://Sector67.org) has a few features that we've built ourselves that work really well, in addition to some regular plugins. We've had to pay for some of them:

WooCommerce, WooCommerce Subscriptions, WooEvents Pro, WooCommerce Account Funds, and Event Calendar & Ticketing.
This combination lets us have a store to sell kits and raw materials, but it also lets us do classes, special events, and take payment for everything, including monthly membership. Allowing people to manage their membership level online, take care of their automatic monthly payments, use their credit card or paypal (or check/cash if they want), and have reports and account balances has taken a lot of the load off money management at the space. Anyone who is a member can create an event/class, schedule space, and take payments.

WP-Members and Members and Nave Menu Roles - allows us to assign members limited permissions on the site, and changes what's available based on different member levels. For example, only members can see the page that contains the webcams throughout the space.

We also got a wiki plugin, which we use for documentation on the tools in the space; how to use them, where they are, tips for settings for various common tasks, etc.

Then it gets cool. We built another plugin on top of all these that manages 'machines' in the space and their usage. We have RFID keys for door access, and Raspberry Pi's at the doors. When an RFID is swiped, the pi makes a web service request to our plugin to check the membership and permission level of that user and allows them access. We have some caching in place in case the web goes down, but essentially we have a web interface that controls who has access to what physical things. We've also tied this system in to our laser cutter, where we not only enable/disable the laser based on whether the person has been trained, but we track the length of the job and charge against their account funds for how many seconds of laser time (since the laser tube is a consumable). We have a scale next to our 3D printer area with a pi that lets you pay for plastic parts using account funds as well.

Our biggest problem with this is that our web site is kinda slow, and though we're using a plugin called W3 Total Cache to cache chunks and reduce processor time, we're on Dreamhost, so...

As awesome as this setup is, though, like any hackerspace it's pretty cobbled together, and we don't have an installation script for the plugin we wrote. Plus it was a few hundred dollars for all the plugins we bought. Still, for the features and convenience it affords, it was a good investment. And being able to have an automated system for charging for filament and laser time ensures that people pay for consumables and the space isn't hurting from abuse.




On 11/01/2015 09:51 AM, charlie wallace wrote:
can't have been to that many then.

saying that no language is secure or the coders are at fault, doesn't
mean one particular software package or PHP isn't even less secure or
the best choice. Pretty much every time a site we run used wordpress
has been owned, there are so many exploits for it and like windows
there are a lot of people trying to break into it because its so
popular.. they did improve it a lot, but its the attack vector of
choice. I can show you more secure languages, and less secure
languages, but that is not a useful metric for this usage case, how
secure something else has zero to do with wordpress/php.

sure you can do all of these things that take time and money to make
it less of an attack vector, run what you like.



On Sun, Nov 1, 2015 at 1:57 AM, Jurgen Gaeremyn <[hidden email]> wrote:
Heya,

Didn't know hackerspaces also kept trolls...

PHP and WordPress are known to be unsafe because many people can use it, but
many don't have the needed skillset or/and discipline to maintain code.
Please point me to a language that is inherently safe, and I will bow to
your superiority.

As for the question on topic... Not that familiar with WordPress, but apart
from a blog per user, a calendar is always nice... Maybe add a honeypot to
see how many script-kiddies tried to perform an xml-rpc attack on your site.
;-)

charlie wallace <[hidden email]> schreef op 1 november 2015
02:56:05 CET:
Good security and wordpress/php in the same sentence . It is Halloween
after all

On Oct 31, 2015 5:35 PM, "Shirley Hicks" <[hidden email]>
wrote:

On Oct 31, 2015, at 7:08 PM, Matt Joyce <[hidden email]> wrote:

The remote exploits are awesome. Much love to xml-rpc.


Answer to that is good security, CDNs and regular updates. Boxes ticked.
— Shirley


On October 31, 2015 8:01:23 PM EDT, Shirley Hicks
<[hidden email]> wrote:
Learning more WordPress, working on the Birmingham Red Mountain Makers
site to take our site up to the next level of usefulness.
What types of functionality have you all found most useful or fun within
wordpress websites?
If it’s useful for all, I’ll compile answers and stats.

— Shirley Hicks
Red Mountain Makers.
________________________________

Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.



_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

________________________________

Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss



--
Thanks,

Russell Fair
<a href="tel:770.401.9039" value="+17704019039" target="_blank">770.401.9039

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss




--

_______________________________________________
Discuss mailing list
[hidden email]
http://lists.hackerspaces.org/mailman/listinfo/discuss
Loading...