Hello everyone,
We recently installed a tutorial for the Wikidata Query Service https://wdqs-tutorial.toolforge.org/ (WDQS) on Toolforge. This is the first time Wikimedia Israel developed an instructional tool in English for the use of the whole Wikmedia community and beyond - as opposed to our other tools that were aimed for the Hebrew or Arabic speaking communities. As such, it is also the first time we are hosting a tool on Toolforge.
All our other tools (mostly Wordpress sites, like the one on Toolforge) are hosted in Israel at a commercial hosting service, and maintenance (Wordpress update and security) is done by a commercial company. However, I am not sure this company would provide maintenance for the WDQS tutorial given that access to Toolforge requires a Wikimedia developer account, a Wikitech account, SSH access - not the kind of things commercial services are keen to get into...
I was wondering if any of you have some on what we could do to ensure the WDQS tutorial is kept up-to-date and secure. I believe maintenance would take up to 2-3 hours per month - this is not a huge undertaking, but at our organization we do not have anyone in-house who is savvy enough to do it. Do you know or can suggest someone who knows how to maintain a Wordpress site AND is familiar with the Toolforge? Are you this someone?!? Or maybe you know someone that might know someone?
Any input regarding this issue would be much appreciated.
Cheers and stay safe,
Dr. Keren Shatzman Academic & Projects Coordinator
Hello Keren
Keeping the code of a Wordpress site up-to-date is not generally hard. However, in this case, and even more relevant given your query, I must ask: why use wordpress? This seems a static set of pages, so it could be stored as .html pages without the overhead of running wordpress... or the security issues that might happen if that was abused. No code = no security issues.* This could be developed as html pages (you are probably using raw html markup already), or if you fancy preparing that in wordpress, you could have a wordpress for editing the tutorial, and then have a process that statified its content before publishing on toolforge.
Best regards
* Or almost. I'm glossing over potential vulnerabilities on the web server, or vulnerable javascript that didn't properly sanitize input. But removing the web application means the system hundreds of times safer.
Hello Platonides, Thank you for replying, The reason we use Wordpress is that this is the solution that was recommended by the experts with whom we consulted. While the tutorial is largely static, we wanted to have the option of a CMS to update content, add topics or exercises, and even to be able to add the tutorial in additional languages. I wonder if you could elaborate more about "a process that statified its content before publishing on toolforge"? Bear in mind I don't have any technical/IT background.
Best, Keren
בתאריך יום א׳, 2 באוג׳ 2020 ב-4:50 מאת Platonides <platonides@gmail.com >:
Hello Keren
Keeping the code of a Wordpress site up-to-date is not generally hard. However, in this case, and even more relevant given your query, I must ask: why use wordpress? This seems a static set of pages, so it could be stored as .html pages without the overhead of running wordpress... or the security issues that might happen if that was abused. No code = no security issues.* This could be developed as html pages (you are probably using raw html markup already), or if you fancy preparing that in wordpress, you could have a wordpress for editing the tutorial, and then have a process that statified its content before publishing on toolforge.
Best regards
- Or almost. I'm glossing over potential vulnerabilities on the web
server, or vulnerable javascript that didn't properly sanitize input. But removing the web application means the system hundreds of times safer.
Wikimedia Cloud Services mailing list Cloud@lists.wikimedia.org (formerly labs-l@lists.wikimedia.org) https://lists.wikimedia.org/mailman/listinfo/cloud
Hi Keren,
you might want to take a look at these links:
https://wordpress.org/plugins/static-html-output-plugin/ https://wp2static.com/
That is a way to keep using Wordpress while avoiding the disadvantages of it. It also lists some of the (other) benefits of that approach.
Best,
Daniel