[hackerspaces] WordPress websites - what features/plugins and configurations do your spaces use?

Russell Fair rfair404 at gmail.com
Sun Nov 1 20:20:14 CET 2015


I'm intentionally leaving the security aspects out of this reply, that's
another conversation entirely.

Bob, I'd be interested to see the code that you used to integrate your
pi's, RFID and WordPress. we've talked about doing something similar. is
the code open source?

as for the server being slow that (much like the security convo) is a
pretty long winded one. one thing to consider is using a CDN for delivery
of the static assets such as js, css, jpg and png etc. Most of the
"slowness" you'll encounter is due to "front end" stuff like uncompressed
and unminimized static files. "back end" database optimizations etc are not
usually a big help (most cases).

Be sure to enable gzip compression on the server and utilize both disk and
memory based caching in w3total cache.

We use Varnish http accelerator in front of our http server (apache). this
helps as does utilizing the object cache that is built into WordPress. Most
shared hosts like dreamhost, bluehost etc. DO NOT support these features so
moving to a new host might help solve some of those issues.



On Sun, Nov 1, 2015 at 11:48 AM, Bob Baddeley <
hackerspace-discuss at bobbaddeley.com> wrote:

> Our space (http://Sector67.org) has a few features that we've built
> ourselves that work really well, in addition to some regular plugins. We've
> had to pay for some of them:
>
> WooCommerce, WooCommerce Subscriptions, WooEvents Pro, WooCommerce Account
> Funds, and Event Calendar & Ticketing.
> This combination lets us have a store to sell kits and raw materials, but
> it also lets us do classes, special events, and take payment for
> everything, including monthly membership. Allowing people to manage their
> membership level online, take care of their automatic monthly payments, use
> their credit card or paypal (or check/cash if they want), and have reports
> and account balances has taken a lot of the load off money management at
> the space. Anyone who is a member can create an event/class, schedule
> space, and take payments.
>
> WP-Members and Members and Nave Menu Roles - allows us to assign members
> limited permissions on the site, and changes what's available based on
> different member levels. For example, only members can see the page that
> contains the webcams throughout the space.
>
> We also got a wiki plugin, which we use for documentation on the tools in
> the space; how to use them, where they are, tips for settings for various
> common tasks, etc.
>
> Then it gets cool. We built another plugin on top of all these that
> manages 'machines' in the space and their usage. We have RFID keys for door
> access, and Raspberry Pi's at the doors. When an RFID is swiped, the pi
> makes a web service request to our plugin to check the membership and
> permission level of that user and allows them access. We have some caching
> in place in case the web goes down, but essentially we have a web interface
> that controls who has access to what physical things. We've also tied this
> system in to our laser cutter, where we not only enable/disable the laser
> based on whether the person has been trained, but we track the length of
> the job and charge against their account funds for how many seconds of
> laser time (since the laser tube is a consumable). We have a scale next to
> our 3D printer area with a pi that lets you pay for plastic parts using
> account funds as well.
>
> Our biggest problem with this is that our web site is kinda slow, and
> though we're using a plugin called W3 Total Cache to cache chunks and
> reduce processor time, we're on Dreamhost, so...
>
> As awesome as this setup is, though, like any hackerspace it's pretty
> cobbled together, and we don't have an installation script for the plugin
> we wrote. Plus it was a few hundred dollars for all the plugins we bought.
> Still, for the features and convenience it affords, it was a good
> investment. And being able to have an automated system for charging for
> filament and laser time ensures that people pay for consumables and the
> space isn't hurting from abuse.
>
>
>
>
> On 11/01/2015 09:51 AM, charlie wallace wrote:
>
>> can't have been to that many then.
>>
>> saying that no language is secure or the coders are at fault, doesn't
>> mean one particular software package or PHP isn't even less secure or
>> the best choice. Pretty much every time a site we run used wordpress
>> has been owned, there are so many exploits for it and like windows
>> there are a lot of people trying to break into it because its so
>> popular.. they did improve it a lot, but its the attack vector of
>> choice. I can show you more secure languages, and less secure
>> languages, but that is not a useful metric for this usage case, how
>> secure something else has zero to do with wordpress/php.
>>
>> sure you can do all of these things that take time and money to make
>> it less of an attack vector, run what you like.
>>
>>
>>
>> On Sun, Nov 1, 2015 at 1:57 AM, Jurgen Gaeremyn <jurgen at gaeremyn.be>
>> wrote:
>>
>>> Heya,
>>>
>>> Didn't know hackerspaces also kept trolls...
>>>
>>> PHP and WordPress are known to be unsafe because many people can use it,
>>> but
>>> many don't have the needed skillset or/and discipline to maintain code.
>>> Please point me to a language that is inherently safe, and I will bow to
>>> your superiority.
>>>
>>> As for the question on topic... Not that familiar with WordPress, but
>>> apart
>>> from a blog per user, a calendar is always nice... Maybe add a honeypot
>>> to
>>> see how many script-kiddies tried to perform an xml-rpc attack on your
>>> site.
>>> ;-)
>>>
>>> charlie wallace <charlie at finitemonkeys.com> schreef op 1 november 2015
>>> 02:56:05 CET:
>>>
>>>> Good security and wordpress/php in the same sentence . It is Halloween
>>>> after all
>>>>
>>>> On Oct 31, 2015 5:35 PM, "Shirley Hicks" <shirley at velochicdesign.com>
>>>> wrote:
>>>>
>>>>>
>>>>> On Oct 31, 2015, at 7:08 PM, Matt Joyce <matt at nycresistor.com> wrote:
>>>>>
>>>>> The remote exploits are awesome. Much love to xml-rpc.
>>>>>
>>>>>
>>>>> Answer to that is good security, CDNs and regular updates. Boxes
>>>>> ticked.
>>>>> — Shirley
>>>>>
>>>>>
>>>>> On October 31, 2015 8:01:23 PM EDT, Shirley Hicks
>>>>> <shirley at velochicdesign.com> wrote:
>>>>>
>>>>>> Learning more WordPress, working on the Birmingham Red Mountain Makers
>>>>>> site to take our site up to the next level of usefulness.
>>>>>> What types of functionality have you all found most useful or fun
>>>>>> within
>>>>>> wordpress websites?
>>>>>> If it’s useful for all, I’ll compile answers and stats.
>>>>>>
>>>>>> — Shirley Hicks
>>>>>> Red Mountain Makers.
>>>>>> ________________________________
>>>>>>
>>>>>> Discuss mailing list
>>>>>> Discuss at lists.hackerspaces.org
>>>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>>>>
>>>>>
>>>>> --
>>>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Discuss mailing list
>>>>> Discuss at lists.hackerspaces.org
>>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>>>
>>>>> ________________________________
>>>>
>>>> Discuss mailing list
>>>> Discuss at lists.hackerspaces.org
>>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>>
>>>
>>> --
>>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>>>
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at lists.hackerspaces.org
>>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>>
>>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.hackerspaces.org
>> http://lists.hackerspaces.org/mailman/listinfo/discuss
>>
>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.hackerspaces.org
> http://lists.hackerspaces.org/mailman/listinfo/discuss
>



-- 
Thanks,

Russell Fair
770.401.9039
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hackerspaces.org/pipermail/discuss/attachments/20151101/2a32cb35/attachment-0001.html>


More information about the Discuss mailing list