Upload
wordcamp-sydney
View
197
Download
0
Embed Size (px)
Citation preview
Unscrambling an Omelette
How companies can use WordPress better
1
“Automattic's mission has always been very aligned with WordPress itself, which is to
democratise publishing. ”
- Matt Mullenweg
2
Fairfax have 40+ WordPress sites
today, more all the time
We needed a better way
3
Why WordPress, anyway ?Ease of training for authors - most used CMS in the world.
Lots of build partners available.
Fast and convenient for journalists - for example WordPress app for authors.
Fast to stand up, quick to skin, compared to “business” CMSes.
But …
Currently less supportable after go live and needs active dev support if it is not to “rot”.
4
WordPress site types and different challenges
Seasonal - eg once per year events like http://www.100womenofinfluence.com.au/
Actively developed eg clique - http://www.smh.com.au/national/clique/news-and-competitions
Actively used but not actively developed eg http://www.adcentre.com.au/
Agency
5
Keep WordPress Up to date, changing development partners
Code review, small isolated dev teams
Keep WordPress Up to date, occasional small updates
Sales teams, charging for customer, keep up to date
Strategy for scaled use of WordPress
6
Key questions any large user must ask
● When should I use WordPress ? When Not ?● What will it cost to host at the traffic levels I expect?● How do I make my site secure ?● Can updates be automated or at least made simple ?● Is my internal dev/ops team motivated to really run lots of WordPress?● Dev pipeline from test to prod.● How will my code get quality reviewed ?● What plugins are safe ?● Are core hacks allowed ?● CDN costs● Membership integration
7
What you need to do
8
● All your code and assets in (one) GIT and have a release automation strategy (eg bamboo)
● Train your devs on hosting deployment and local dev methods and make sure doco exists for partner devs
● Core comes from main repo (SVN/GIT) or hosting partner(s)● Maintain list of acceptable plugins and have process to vet new ones● Choose hosts, reexamine annually● Choose dev partners, use “panel” for all internal jobs staff can’t do● If possible get staff who are active community members or want to be● Develop one or more parent themes● Encapsulate any corporate special requirements (eg APIs, paywall, analytics) in
plugins if off the shelf plugins not suitable.● Contribute to the community
The WordPress Flow
9
Prototype
Gated by:● Business case● Revenue● Traffic “Weaponize”
Deploy to Enterprise Hosting
Pre-existing sites
Innovate
Fix Legacy Issues
Choosing a dev Partner
10
● Blended Development model - works to empower your internal dev/ops team (fishing rods, not fish)
● Do core committers work for the company ? Well known Plugins ?● Active community members ?● Do they have great local tech/PM “front men” AND well vetted offshore for
scalability● What do the top Hosting companies say ?● Sites like yours● Lead times
What you need to do to host it yourself
11
● So you have internal dev/ops, and are going to cloud self host (eg AWS)○ Consider using a framework that is “like” the ones the better hosts use
■ Eg Bedrock from roots.io https://roots.io/bedrock-vs-regular-wordpress-install/○ Get WordPress into your git and automate the update of core - all sites use that
■ https://github.com/WordPress/WordPress ○ Get your authorised plugins into your git, ditto the updates○ All internal customisations = plugins or themes, in git.○ code quality checks
■ VIP rules https://vip.wordpress.com/documentation/vip/code-review-what-we-look-for/ and vip_scanner
■ Lint, eg https://en-au.wordpress.org/plugins/php-compatibility-checker/ from wp-engine
■ Check for use of deprecated functions https://codex.wordpress.org/Category:Deprecated_Functions
■ Even internal themes should follow theme review team guidelines https://make.wordpress.org/themes/
○ Plugins and tools to capture db from prod and pull to staging on every release candidate○ Security eg https://sucuri.net/
Choosing a hosting Partner
12
● What do the dev partners recommend ?● Integration with GIT easy (hint - (S)FTP is banned)● Ticketing system for problems and requests● Dev/staging/prod - included ?● Multisite vs many site● Geography (USA OK, Singapore not so much)● CDN included ?● How to core updates work (fully automatic, facilitated)● Code Quality control included ?● Plugin limitation acceptable (hint - probably should be)● Cost model for scaling steps (number of sites, traffic)● Security Model (hint - they should have one!)● Authentication for company users (eg against Microsoft AD)
Example - WordPress Hosting Tradeoffs
13
Option/ability
Auto Patch WP core
Dev Staging ?
Front End Scalability
Database Scalability
Level 1 Ops Support
Frontline Security
Plugin Vetting
Code Vetting
Core Hacks ?
Corporate Authentication ?
CDN HTTP(S)
AWS DIY Dependent on internal skills
At cost YES, Dependent on internal skills
YES, Dependent on internal skills
Internal Internal Dependent on internal skills
Dependent on internal skills YES YES At own cost
(cloudfront possible)
either
Pantheon No YES, included
YES, some WP configuration skill needed
YES, some WP configuration skill needed
Outsourced CDN and Outsourced
Review on initial deployment of each site
Dependent on internal skills YES,
though will impact easy updates
YES At own cost
either
WPEngine Yes Extra cost
Yes, some account management needed
Yes, some account management needed
Outsourced https://sucuri.net/
Yes Dependent on internal skills No YES At own
costeither
Automattic VIP
YES Staging at extra cost
YES YES Outsourced YES YES YES NO, Never
No Included HTTPS only
WordPress can be used well at scale
it just takes the right people
and the right ingredients
14
Thanks!
Jeremy KelaherHead Of ArchitectureFairfax Product Solutions
Join us :)
15