Skip to main content

Service Level

Centralised WordPress

The following information applies strictly to WordPress websites created after the May 2025 release. If you own a WordPress website from before the official WordPress Service was made available, you remain responsible for all maintenance. You are further strongly recommended to start thinking about how you can best migrate to the centralised offering.

WordPress at CERN is managed centrally.

All upgrades, including those to WordPress directly as well as those to the CERN WordPress theme and any supported plugins, are provided centrally without the possibility of fixing a given website to a specific WordPress version. When interventions are not expected to be transparent, e.g. downtime is expected or they introduce a service change, they will be announced timely at the Service Status Board via an OTG.

We are also investigating other channels, e.g. Mattermost, to ensure greater awareness.

On the central WordPress Service, the following rules apply:

  • Only the plugins and the CERN WordPress Theme included centrally in Service may be used;
  • No plugins enabled by the service can be disabled: in particular, the authentication and authorization is configured by the service, and uses the CERN SSO and Authorization Service, as well as role configuration via the Application Portal; and
  • Any deviation from this requires an explicit approval by the Web Governance Board.

Disclaimer on Customisation

The Web Governance Board has decided that the new WordPress service does not allow for customisation.

This decision came after a thorough analysis of the Drupal ecosystem and the goals for the new WordPress system. Ultimately, it was identified that the resource requirements per website are directly correlated with the amount of customisation. Indeed, approximately 53% of CERN websites in Drupal feature(d) customisations, many of which extensive and poorly documented. We were thus dealing with an inherently complex and challenging ecosystem further strained by the weight of extensive CERN-specific customisation, increasing maintenance and necessary support work.

Moving forward, it is the Web Governance Board desire that the new infrastructure provides an easier upgrade experience, with less technical knowledge required for end users to ensure compatibility with the interventions. This ultimately will allow for better maintenance of websites in the long run, and well as a cohesive approach to CERN's digital identity and reputation. It is important to accentuate that this approach does not forbid customisation: should a desired use-case not be possible in the central offering, website owners are encouraged to flag this such that a solution can be found.

In some instances, the solution will be to extend what is already present in the distribution, e.g. extending an existing Gutenberg block; tweaking an integration; or allowing additional configuration when importing or exporting feeds. In other instances, the solution will be to extend the central distribution with a third-party plugin. The addition of a third-party plugin is subject to thorough evaluation by the Web Presence Committee, ensuring compliance with not only Computer Security requirements and recommendations, but also elements such as data privacy, accessibility, license(s), and similar. It is, moreover, required that the requested feature(s) benefit more than just a single website.

Everything will be managed centrally, and transparently for end users.

Thus, no customisations (theme, plugins, integrations) are allowed on the central infrastructure, apart from well justified use-cases who plan to actively develop their sites. For those, as mentioned above, an explicit exception must be sought from the Web Governance Board (see https://governance.web.cern.ch/) before initiating development. The website owner(s) must further accept that it will be their sole responsibility to ensure compatibility or fix any issues that might arise.

The following rules apply to websites who have received an explicit exception:

  • customisations must be integrated and managed centrally for better transparency;
  • customisation must to be managed and versioned via a custom theme hosted on the CERN Gitlab;
  • both the Infrastructure and Web Teams must be granted full access to all repositories;
  • commitment of human power to maintain codebase of customisations through out the lifetime of the website;
  • commitment of human power to coordinate and ensure timely updates and upgrades;
  • customisations remain the sole responsibility of website owners for the lifetime of the website;
  • website owners will need to be available to react and respond to any security incidents; and
    • accepting that website can be put offline at any moment if failing to comply.

A website is a living and breathing project that, much like a car, requires continuous support and maintenance. It is important to accentuate that any customisation will require continous support and thus resources. We highly discourage anyone from developing a customised WordPress website and invite you to contact us before proceeding in this direction.