WSE IT Policy

Whiting IT has created an IT policy for the Whiting School of Engineering.  This document contains an unusual mix of information — it largely exists to record policies related to compliance with security issues.

Note that your individual department or local IT admin might have created a policy that supersedes something written here.  You should still check with someone local before taking action based on something here.

WSE-IT-Departmental-Policies

A critical component of the overall IT policy is the standards we use for web publishing.  More than 150 sites are hosted on our platforms!  Our aim is to provide our community with a publishing platform that is secure, flexible, and highly available. The shared web infrastructure is particularly sensitive to security concerns and is publically visible, so it is more tightly controlled than many other parts of IT.  Our guidelines follow:

  • Your site comes with certain administrative WordPress user ids which belong to the WSE IT group. We use these accounts to maintain and support your site. These accounts should not be removed or disabled without first checking with the WSE IT group. Disabling or removing those accounts makes it harder for us to support you.
  • As part of hosting your site, certain plugins are enabled and configured (e.g. caching, authentication, and others). Changing, disabling, or removing any of these plugins should be discussed with the WSE IT group before any such action is taken. If you’re not sure what a plugin does, please ask.
  • Your site normally comes with one or more means of updating the plugins and/or themes automatically. This helps us to keep the sites up to date and hopefully more secure. If you wish to disable any of the automatic update functionality for your site you must discuss this with the WSE IT group.
  • You are welcome to use plugins and themes with your site other than what we provide at site creation. However, anything you add to your site must not have any known security vulnerabilities, and they must be able to be kept up to date.  Be careful where you source your plugins — the official WordPress repository is your best bet, or straight from a commercial vendor.  Third-party repositories of free plugins should not be trusted.  Ask us if you have a question about a plugin BEFORE you install.
  • If you purchase any commercial versions of plugins or themes, this purchased software must include support and maintenance that allows the software to be automatically updated. Otherwise, we may need to remove out of date software from your site.
  • Any plugins or themes that you use with the site must be capable of working with the latest versions of WordPress and PHP.
  • If you wish to edit the code for a plugin, you should inform the WSE IT group of any such planned changes. This allows us to keep a record of the change(s), so that we can then update the plugin in the future (as needed) without breaking your site.
  • If you wish to edit the code for a theme, you should do so via a child theme. A parent theme should preferably never be edited directly. Please see https://codex.wordpress.org/Child_Themes for more information on child themes.
  • While you are welcome to edit your site, please note that any changes that “break” the site may result in an outage (unavailability) of the site. We may not be able to immediately restore the site to service.
  • If you wish to download a copy of your site to your local computer, to work on changes there without risking an outage of the production site, we can assist you with any questions regarding this process.
  • All websites hosted by WSE IT are subject to these guidelines plus various IT@JH policies and guidelines.  In particular, please refer to the Johns Hopkins Acceptable Usage Policy, available at http://www.it.johnshopkins.edu/policies/itpolicies.html, and to the Web Application Security Guidelines at http://www.it.johnshopkins.edu/restricted/standards/WebAppSecurityTableAPPROVED071015.docx.