Your responsibility with WordPress on DoIT Web Hosting

WordPress is a PHP application with a MySQL database and not static files. We do not restrict your ability to choose plugins & themes, but we suggest plugins that are well established with high reviews and are in active support. It is the customer's responsibility to manage content and updates to WordPress. Failure to update WordPress and its components, could result in a vulnerable site that may be suspended or may be categorized as inappropriate use by our service's Web Hosting - Terms of Use policy. For more information see our Web Hosting - Guide for Using Open Source Packages.

The Web Hosting team does not have dedicated staff to assist with WordPress related troubleshooting. If you have never maintained a WordPress site before, we highly recommend the free central campus service called WiscWeb where all WordPress updates are handled for you and you just need to focus on creating and managing your content.

If you are unsure about your website hosting options, require development services, etc. please reach out to our Client Engagement group at the follow email: webplatform-solutions@doit.wisc.edu

WordPress administration

The Web Hosting service uses Plesk to manage all customer installs of WordPress. Plesk has specific tools to help manage WordPress, namely the Plesk WP Toolkit. You have the freedom to use this toolkit or manage WordPress more traditionally from the WordPress admin. The WP Toolkit provides a high level view of your WordPress site as a whole and offers many features not included in the WordPress admin.

Plesk offers a built-in WordPress Toolkit, which can be optionally used by customers to manage, secure and migrate WordPress content for their sites.

Plesk's WP Toolkit Documentation

WP Toolkit also provides options for Copying Data or Cloning:

Web Hosting - Clone/Copy of WordPress sites

Regarding the "Security" and "Security Measures" section:

• While this section of the WP Toolkit is intended to make your website more secure, in practice you need to assess each one of the suggested configurations individually. We have had many websites break as a direct result of applying all of them.
• There are little circled (i) information bubbles which further explain the idea behind each suggestion, and you need to cross-reference what they are trying to do with the suggestions in the official Wordpress Hardening Guide
• Example: Changing the location and file permissions on wp-config.php may seem like an obvious idea, but if you depend on a plugin that updates wp-config.php directly, it will break that functionality. Keep in mind that we provide an environment where each website is configured to be isolated from other customers.
• Always test these changes on your test site before applying to your production site. You have options in the WP Toolkit to not only apply the configuration changes, but also to revert them, and please remember to take backups before changing anything.
• Lastly, please keep in mind that the WP Toolkit is provided as a convenience to you as a way to assist in your responsibilities as outlined in the Division of Responsibilities section of our Terms of Use and echoed in our Wordpress Usage Guide

Securing WordPress

It is recommended that all WordPress sites turn on automatic updates for WordPress, themes, and plugins, this can be accomplished in the WordPress admin or via the Plesk WP Toolkit. This will greatly reduce the risk of your site becoming vulnerable to web based attacks. We also recommend some form of security plugin to help filter out bad traffic to the site. See the follow KB about the WordFence security plugin:  Web Hosting - Wordpress Security with WordFence. This plugin is used by many of our customers and is one we recommend.

Using WordPress with NetID (Shibboleth)

New WordPress sites are configured to support NetID, but do not have it enabled by default. You have the option of securing the entire site with NetID or specifically the WordPress Admin via plugin. If securing the entire site, you can request this setup when requesting an account or email Web Hosting Support. If using NetID for the WordPress admin, see the following KB:

Web Hosting - WordPress NetID Login via Shibboleth

WordPress Development

The Web Hosting staff does not design, develop, or troubleshoot our customer's sites. For assistance with content management and development of custom WordPress sites there are several options: 

1. Join the Wordpress collaboration groups on campus
2. DoIT Academic Technology provides Wordpress development for academic departments on campus. They are available for consultations.
3. Web Development Services