[hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Bob Baddeley hackerspace-discuss at bobbaddeley.com
Sun Nov 1 17:48:00 CET 2015 

Our space (http://Sector67.org) has a few features that we've built 
ourselves that work really well, in addition to some regular plugins. 
We've had to pay for some of them:

WooCommerce, WooCommerce Subscriptions, WooEvents Pro, WooCommerce 
Account Funds, and Event Calendar & Ticketing.
This combination lets us have a store to sell kits and raw materials, 
but it also lets us do classes, special events, and take payment for 
everything, including monthly membership. Allowing people to manage 
their membership level online, take care of their automatic monthly 
payments, use their credit card or paypal (or check/cash if they want), 
and have reports and account balances has taken a lot of the load off 
money management at the space. Anyone who is a member can create an 
event/class, schedule space, and take payments.

WP-Members and Members and Nave Menu Roles - allows us to assign members 
limited permissions on the site, and changes what's available based on 
different member levels. For example, only members can see the page that 
contains the webcams throughout the space.

We also got a wiki plugin, which we use for documentation on the tools 
in the space; how to use them, where they are, tips for settings for 
various common tasks, etc.

Then it gets cool. We built another plugin on top of all these that 
manages 'machines' in the space and their usage. We have RFID keys for 
door access, and Raspberry Pi's at the doors. When an RFID is swiped, 
the pi makes a web service request to our plugin to check the membership 
and permission level of that user and allows them access. We have some 
caching in place in case the web goes down, but essentially we have a 
web interface that controls who has access to what physical things. 
We've also tied this system in to our laser cutter, where we not only 
enable/disable the laser based on whether the person has been trained, 
but we track the length of the job and charge against their account 
funds for how many seconds of laser time (since the laser tube is a 
consumable). We have a scale next to our 3D printer area with a pi that 
lets you pay for plastic parts using account funds as well.

Our biggest problem with this is that our web site is kinda slow, and 
though we're using a plugin called W3 Total Cache to cache chunks and 
reduce processor time, we're on Dreamhost, so...

As awesome as this setup is, though, like any hackerspace it's pretty 
cobbled together, and we don't have an installation script for the 
plugin we wrote. Plus it was a few hundred dollars for all the plugins 
we bought. Still, for the features and convenience it affords, it was a 
good investment. And being able to have an automated system for charging 
for filament and laser time ensures that people pay for consumables and 
the space isn't hurting from abuse.



On 11/01/2015 09:51 AM, charlie wallace wrote:
> can't have been to that many then.
>
> saying that no language is secure or the coders are at fault, doesn't
> mean one particular software package or PHP isn't even less secure or
> the best choice. Pretty much every time a site we run used wordpress
> has been owned, there are so many exploits for it and like windows
> there are a lot of people trying to break into it because its so
> popular.. they did improve it a lot, but its the attack vector of
> choice. I can show you more secure languages, and less secure
> languages, but that is not a useful metric for this usage case, how
> secure something else has zero to do with wordpress/php.
>
> sure you can do all of these things that take time and money to make
> it less of an attack vector, run what you like.
>
>
>
> On Sun, Nov 1, 2015 at 1:57 AM, Jurgen Gaeremyn <jurgen at gaeremyn.be> wrote:
>> Heya,
>>
>> Didn't know hackerspaces also kept trolls...
>>
>> PHP and WordPress are known to be unsafe because many people can use it, but
>> many don't have the needed skillset or/and discipline to maintain code.
>> Please point me to a language that is inherently safe, and I will bow to
>> your superiority.
>>
>> As for the question on topic... Not that familiar with WordPress, but apart
>> from a blog per user, a calendar is always nice... Maybe add a honeypot to
>> see how many script-kiddies tried to perform an xml-rpc attack on your site.
>> ;-)
>>
>> charlie wallace <charlie at finitemonkeys.com> schreef op 1 november 2015
>> 02:56:05 CET:
>>> Good security and wordpress/php in the same sentence . It is Halloween
>>> after all
>>>
>>> On Oct 31, 2015 5:35 PM, "Shirley Hicks" <shirley at velochicdesign.com>
>>> wrote:
>>>>
>>>> On Oct 31, 2015, at 7:08 PM, Matt Joyce <matt at nycresistor.com> wrote:
>>>>
>>>> The remote exploits are awesome. Much love to xml-rpc.
>>>>
>>>>
>>>> Answer to that is good security, CDNs and regular updates. Boxes ticked.
>>>> — Shirley
>>>>
>>>>
>>>> On October 31, 2015 8:01:23 PM EDT, Shirley Hicks
>>>> <shirley at velochicdesign.com> wrote:
>>>>> Learning more WordPress, working on the Birmingham Red Mountain Makers
>>>>> site to take our site up to the next level of usefulness.
>>>>> What types of functionality have you all found most useful or fun within
>>>>> wordpress websites?
>>>>> If it’s useful for all, I’ll compile answers and stats.
>>>>>
>>>>> — Shirley Hicks
>>>>> Red Mountain Makers.
>>>>> ________________________________
>>>>>
>>>>> Discuss mailing list
>>>>> Discuss at lists.hackerspaces.org
>>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>>
>>>> --
>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Discuss mailing list
>>>> Discuss at lists.hackerspaces.org
>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>>
>>> ________________________________
>>>
>>> Discuss mailing list
>>> Discuss at lists.hackerspaces.org
>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.hackerspaces.org
>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.hackerspaces.org
> http://lists.hackerspaces.org/mailman/listinfo/discuss

More information about the Discuss mailing list