CERN Lite Plugins¶
The following plugins are automatically available in your WordPress website:
| Plugin name | Description | Activated by default |
|---|---|---|
| Connect Matomo | Adds Matomo Analytics tracking to WordPress for detailed visitor insights. | No |
| FluentForms and FluentSMTP | User-friendly form builder with SMTP integration for improved email deliverability. | No |
| Polylang | Enables multilingual support by allowing translation of posts, pages, media, and more. | No |
| Jetpack Boost | Optimizes WordPress site performance with one-click CSS, JavaScript, and image lazy-loading improvements. | ✔️ |
| CERN Lite | Adds necessary CERN Infrastructure dependencies. | ✔️ |
| CERN Roles | Maps OpenID Connect roles to WordPress roles. | ✔️ |
| OpenID Connect Generic | Provides SSO or opt-in authentication using OpenID Connect OAuth2 API. | ✔️ |
| Disable REST API | Disables the WordPress REST API to enhance security and limit unauthorized access. | ✔️ |
| FileBird Lite | Organizes media library files into folders for better management. | ✔️ |
As part of our efforts to maintain the security, performance, and stability of all WordPress sites, we have restricted the ability for individual users to install plugins at will. It is important to accentuate that this does not mean plugins and additional functionality cannot be added to WordPress: indeed, WordPress at CERN will be a living and breathing offering which will grow alongside the requirements of the Organization.
As such, if you believe a specific plugin would benefit both your website and the wider CERN community, we encourage you to submit it as a suggestion.
Why is Plugin Installation Restricted?¶
While we appreciate that plugins and third-party customisation can add valuable functionality on websites, this decision has been made by the Web Governance Board for, among others, the following reasons:
-
Security Concerns
Not all plugins are created equally. Some may contain vulnerabilities or malicious code that could compromise the security of your website and, by extension, the entire network.
This poses a concrete security risk, but also a broader reputational risk for the Organization.
-
Maintenance and Updates
Plugins require continuous maintenance to stay compatible with WordPress as well as to fix bugs or vulnerabilities. We have no interest in recreating the many challenges we faced with Drupal and site-specific customisation.
Centralised management allows us to test updates for you, programmatically verify their compatibility with not only your website, but all websites that utilise the plugin, reducing the risk of downtime or issues caused by untested updates.
-
Performance Impact
Poorly coded or resource-intensive plugins may negatively impact the performance of your website. This, in turn, leads to a poor experience for visitors and potentially malfunctioning components.
A malfunctioning website with poor performance and breaking components could pose a reputational risk to the Organization.
-
Consistency Across Sites
A key pillar for the Web Governance Board is to ensure a uniform and consistent web presence. Allowing unrestricted plugin installations can lead to inconsistencies in functionality and user experience across websites. By managing plugins centrally, we ensure that all sites adhere to organizational standards and best practices.
This applies to all elements from branding to accessibility. Official CERN websites are already required to comply with these guidelines, but a centralised WordPress offering removes the workload from the individual website owner, allowing them instead to focus on their content.
How can I make a suggestion for a plugin?¶
If you have specific requirements, please contact us:
-
Open a ticket via WordPress Support.
-
Chat with us in the WordPress Mattermost channel
Once your suggestion is submitted:
- We will review the plugin for security, compatibility, and overall value comparing it with other plugins availables on the market.
- If it meets our criteria and is deemed beneficial for the community, we will add it centrally to all websites.
- In any case we will notify you of our decision and provide any additional guidance if needed.
Thank you for your understanding and cooperation!