Security measures to prepare for the 2020 U.S. election season

As we look to the upcoming 2020 U.S. elections, political parties are conducting more virtual events than ever, and media outlets are experiencing major surges in traffic.

In an environment of increasing cybersecurity attacks across the digital landscape, we want to highlight the best-in-class security measures which empower WordPress VIP customers to operate safely and securely throughout the election season and beyond.

This post shares our best practices alongside steps customers can take in the shared responsibility of protecting application security.

Click here to download the checklist: Security best practices for site contributors 

Enterprise-grade protections

With WordPress VIP, customers get built-in security on multiple levels using best practices based on years of experience protecting WordPress at scale. Best-in-class security protection is baked into the platform down to the metal and this is no different during the election season.

All of our origin data centers maintain SSAE 18 SOC 1, SSAE SOC 2 certifications. In addition, the VIP Cloud Hosting Service, under which we act as a data processor, is certified under the EU-U.S. Privacy Shield Framework and the Swiss–U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce.

We are also the only enterprise WordPress platform that has earned the Federal Risk and Authorization Management Program (FedRAMP) “In Progress” status. Global brands in high-risk industries like finance, health, defense, tech, and government choose WordPress VIP to power their applications after conducting extensive security audits and compliance checks.

Visit our security page to learn about the individual components of our security best practices, including network security, data security, vulnerability management, and more.

Security during election season

WordPress VIP has a proven track record of providing a secure and stable platform throughout the election season. During election week in 2016, WordPress VIP provided 100% uptime for customers with significant traffic spikes, including FiveThirtyEight, which received in a single day the amount of traffic we see in an entire week at some of the world’s most popular sites.

In the rare instance of a service disruption, we embrace a key tenet of the Automattic Creed: communication is oxygen.

WordPress VIP will always, as soon as reasonably practical, provide information on the nature of a disruption, the steps being taken to remedy the disruption, and the expected duration of the disruption. Here are a few places to bookmark to stay up-to-date with service statuses:

  • In the event of a disruption, Automattic will provide information and updates on the WordPress VIP Lobby and via Twitter @wpvipstatus.
  • If the WordPress VIP Lobby is unavailable, information and updates will be provided by email to the address we have on file for your account or via Twitter @wpvipstatus.
  • Following a service disruption, Automattic will post information on the cause and resolution of the issue to the WordPress VIP Lobby as soon as it is available.

Quelling potential threats

By its very nature, the open source WordPress platform maintains a strong security posture. Unlike closed and proprietary software, WordPress has an entire ecosystem of contributors actively monitoring for security threats. The WordPress security team, for example, is a global community of experienced developers and security researchers that proactively identifies and resolves vulnerabilities in the software.

As an added layer of protection, WordPress VIP has many active measures in place to combat potential enterprise security threats. These protections include:

  • WordPress VIP manages WordPress core updates automatically. Employees of Automattic, WordPress VIP’s parent company, compose about half of the WordPress security team, and its lead is WordPress VIP’s very own Jake Spurlock. Updating themes and plugins is still a customer responsibility, but we help guide customers with any concerns.
  • We automatically detect and mitigate brute force login attempts to both /wp-login.php and /xmlrpc.php at our edges as well as within WordPress via our platform and systems teams. Administrator-level users must use 2FA to access any site on our platform.
  • All of our web servers are run in read-only mode. This blocks access to the underlying file system which could be used to install a backdoor shell or other malicious files. What this means is that even if user credentials are brute-forced and 2FA is bypassed, an attacker is still unable to execute many common attacks.
  • We are committed to reacting quickly to “zero-day” events and working with you on a solution. Zero-day exploits are inherently challenging to defend against because they are novel. However, our proximity to WordPress core development grants us insight into security patches as soon as they are available.

Security is a shared responsibility

Holistic application security is a shared responsibility between WordPress VIP and our customers. That’s why we created a best practices checklist to help ensure your systems and processes play their part in safeguarding your applications, which you can download here:

Security is our number one priority, during election season and every other day of the year. We are deeply committed to safeguarding our customers’ sites and data. For more information on our enterprise-grade security protocols, visit wpvip.com/security or get in touch.

And don’t forget—perhaps the most important step U.S. citizens can take during this election season is to get out and vote!

What to expect at WordCamp for Publishers 2019

Alexis is one of the lead organizers of WordCamp for Publishers. VIP is proud to sponsor and participate annually in this great event.

Howdy! I’m a co-lead organizer for the third-ever WordCamp for Publishers taking place on August 7th to 9th in Columbus, Ohio. I’m incredibly honored to be leading one of my favorite WordCamps where we’re able to gather a talented group of folks together and dive into topics at the intersection of journalism, WordPress, and technology.

I’m happy to announce that we’ll also have 8 outstanding journalists and technologists joining us at the event thanks to our scholarship partnership with OpenNews.

WordCamp for Publishers is a community-organized event that brings together folks who use WordPress to manage publications, big or small.

Our goal is to empower participants by coaching them on best practices and encourage collaboration in building open source tools for publishers. Anyone who actively manages a publication with WordPress can benefit from attending our event.

Our schedule

The schedule is up now and includes speakers from national media organizations, smaller publications, and agencies that work with media companies. This year’s schedule features:

  • A hands-on workshop on security training in newsrooms
  • Two sessions on bringing Gutenberg to editorial teams
  • An in-depth guide to creating robust newsletters
  • Lightning presentations on Newspack, managing site networks, and paywalls

Not only do we have a fantastic set of speakers lined up this year, but we’ve placed an increased emphasis on mentorship. Our third and final day of the conference will be a Mentorship Day where we’ll group folks by topic and introduce speed mentorship rounds for attendees to connect with one another.

This is a great opportunity for attendees to lend their expertise and learn from other skilled folks attending the event. 

What you can expect

We’ll have a main track of talks and panels that are 45 minutes each as well as a separate track of 90 minute in-depth workshops centered around topics that aim to provide actionable takeaways for publishers to take home. There will also be openings for our popular unconference sessions which attendees can self-organize at the event based on interest.

For folks that prefer the hallway track, there will be plenty of opportunities to connect with people from top media organizations. Take a look at our sponsors and make sure to say hello and grab some swag!

Social activities

We always like to offer fun, low-key opportunities for socializing outside of the main conference day at WordCamp for Publishers. We’ve arranged several events this year, including an evening of fun and games at Two Dollar Radio Headquarters and an outing to a Columbus Clippers game. 

Get your ticket today!

We encourage everyone to check out the videos and participant recaps from the last WordCamp for Publishers in 2018 to get a sense of what’s to come. We hope to see you in Columbus in a few weeks, and if you haven’t gotten a ticket yet, you can still get one today!

Inclusivity and the Open Web: Notes from WordCamp for Publishers

The second annual WordCamp for Publishers went down last week in Chicago with the theme “Taking Back The Open Web.” This theme was sparked from questions explored in a 2016 post by Drupal founder Dries Buytaert:

Do we want the experiences of the next billion web users to be defined by open values of transparency and choice, or by the siloed and opaque convenience of the walled-garden giants dominating today?

As conference organizers, we challenged speakers to touch on whether an open web ever truly existed, what state it’s in now, the consequences of a closed web, and how publishers can protect and encourage an open web.

Overall, we saw common themes emerge around empowering publishers to innovate and evolve. There was a shared belief that ethical journalism depends on an open web, with inclusivity as a fundamental building block to creating responsibly for the future.

Each of these topics has raised significant discussion in the WordPress community, and we envisioned #WCPub as a platform to discuss the state of the publishing industry and future of WordPress in the open web together, with folks from all different backgrounds in the industry. Thankfully, our speakers and attendees were more than up to the task!

Those who weren’t able to attend in person could live stream the entire event.

Where Code Meets Community

John Eckman, CEO of 10up, was particularly drawn to the challenge of the event’s theme as it related to identity, inclusivity, and imagined communities. John explored the philosophical roots of the open source movement and how those ideas influenced modern-day open source ethics, software freedom, and netizen empowerment.

Austin Smith, CEO and co-founder of Alley, presented his research on the narrow path for local news. He argued in order to protect hyperlocal journalism, we’ll need to convince more readers to pay for the content they consume. We’ll also need to empower local publishers to innovate formats, ownership, and distribution.

Tyson Bird, projects designer at GateHouse Media, and David Parsons, senior software engineer at USA Today, spoke about their use of WordPress at scale to enable publishers to manage large media networks with a variety of markets and staff.

An Emphasis on Engagement

Caroline Porter, consultant for the Shorenstein Center on Media, Harry Backlund, co-founder and director of operations at City Bureau, and Sarah Schmalbach, resident at the Lenfest Institute, discussed the ethical collection of user data, experimenting with innovation around reader engagement, and two-way audience communication in a panel session moderated by Sherry Salko, director of the Amplify News Project.

Eric Ulken, a consultant, and Nick Johnson, founder of Pigeon Paywall, shared differing viewpoints on monetization strategies that ultimately focused on catering to users and their needs.

Open Sourcing in the Wild

There was a lot of excitement around Gutenberg, and Chris Van Patten, founder of Tomodomo, open sourced his team’s documentation project on best design practices using Gutenberg live during his presentation.

Chris wasn’t the only presenter to live open source a project during a talk. Russell Heimlich, lead developer at Spirited Media, open sourced his team’s image CDN project to much applause.

The Trust Project also announced their Trust Indicators plugin during the event.

Open Means Everyone

Sina Bahram, president of Prime Access Consulting, and Pattie Reaves, senior user experience developer at Alley, discussed the importance of developing with accessibility in mind.

Two lightning talks also addressed site accessibility concerns: one focusing on the particular needs of those with dyslexia, and another which offered a solution to accessibility through integration with Alexa.

Live Demos Galore

Jim Birch, senior Drupal engineer at Kanopi Studios, walked us through the value of correctly implementing metadata for content and showed off the tools for doing so.

Shayda Torabi, director of marketing at WebDevStudios, and Jodie Riccelli, director of client strategy at WebDevStudios, demoed a number of workflows with streamlined editorial experiences all contained entirely within WordPress.

Keanan Koppenhaver, CTO at Alpha Particle, showcased a few modern use cases of the REST API, from the Techcrunch redesign, a mobile news simulator, Amazon Echo integration, virtual reality, and more.

AMPlifying Performance

Barb Palser, global product partnerships at Google, argued we should look at site performance as a product, with a focus on quantifying the opportunity to increase user engagement.

Leo Postovoit and Ryan Kienstra of XWP went a step further and demonstrated how to improve performance “up to 85%” simply by integrating AMP.

On the flip side, Brian Boyer, VP of product and people at Spirited Media, delivered a passionate talk explaining his team’s decision to leave the AMP platform to focus on engaging readers in a different manner.

Off the Beaten Track

Attendees voted on Unconference session proposals to explore hyperspecific themes. The winning topics (“Gutenberg Therapy Session,” “Direct Revenue Discussion,” and “The Future of WordCamp for Publishers”) served as an opportunity for many to share their concerns about specific industry trends.

Workshops dealt with a variety of topics important to the community:

  • Paul Schreiber, lead developer for FiveThirtyEight and The Undefeated, led a security-focused session.
  • Joshua Wold, design strategist at XWP, dove into creative thinking through development problems by sketching.
  • Ernie Hsiung, CTO at WhereBy.Us, fostered a discussion about communication across stakeholder groups.

We held a series of lightning talks that ranged widely in topic: from determining whether WordPress was a product or community, to implementing transparency standards for news; from solving content reuse and syndication woes to finding smarter and more efficient ways to create responsive HTML emails and manage media at scale, and even a case study of the need to combine mobile and AMP themes.

A Look to the Future

Then — all too soon — it was over!

We wrapped up the event with a shout-out from NiemanLab naming us WordPress’s publishing summit and a trip to the ballfield to see the White Sox take on the Indians.

Many thanks to all the speakers, sponsors, organizers and volunteers who made this fantastic week possible. Hope to see everyone at next year’s WordCamp for Publishers!

The Dream Internship: Work at Automattic (Summer 2017 and Beyond)

Please find our latest post on the internship here.

Automattic — which runs WordPress.com, Akismet, VaultPress, and many other services — is hiring interns, specifically to work on the WordPress.com VIP team.

WordPress.com VIP provides hosting and support for high-profile, high-traffic WordPress sites, including Time.com, People.com, FiveThirtyEight.com, qz.com, internet.org, TheSun.co.uk, NYPost.com, and more.

The VIP team is continually looking for interns to work on client-facing development and support. These paid internships run 12 weeks and can be completed either full-time or part-time.

Where will you be working? Anywhere! Automattic is a distributed company. We’re happy if you work from wherever you’re happy — as long as you have a good internet connection.

What will you work on? The internship will focus on things such as working on improving VIP and community plugins, debugging client code, building tools to help clients better manage their sites, and making performance and security improvements to the WordPress.com VIP platform. Your work can also be tailored to fit your personal interests.

The VIP team is serious about increasing diversity in the tech industry. We encourage applications from women, people of color, people with disabilities, members of the LGBTQ community, and other communities traditionally underrepresented in this field.

Interested?

Apply via our current internship post, which can be found here.

 

Alexis Kulash is a former VIP Intern. During her internship, she worked on transitioning VIP sites to PHP 7 and prevented potential security and performance problems on some of the biggest sites in the world.

The Dream Internship: Work at Automattic (Spring 2017 and Beyond)

Please find our latest post on the internship here: https://wpvip.com/2017/10/06/the-dream-internship-work-at-automattic-winter-2018-and-beyond/

Our company Automattic — which runs WordPress.com, Akismet, VaultPress, and many other services — is hiring interns, specifically to work with us on the WordPress.com VIP team.

WordPress.com VIP provides hosting and support for high-profile, high-traffic WordPress sites, including Time.com, People.com, FiveThirtyEight.com, qz.com, internet.org, TheSun.co.uk, NYPost.com, and more.

We’re looking for interns to join us to work on platform development and testing or client-facing development and support. These paid internships run 12 weeks and we are flexible on the exact dates.

Where will you be working? Anywhere! We are a distributed company. We’re happy if you work from wherever you’re happy — as long as you have a good internet connection.

What will you work on?
We currently have one internship role available:

  • The support-focused internship will focus on things such as working on core WordPress.com features and development, debugging client code, and making performance and security improvements to the WordPress.com VIP platform. We’re hiring for the spring and summer for this role.

In either case, your work will be tailored to where your own personal interests lie.

Interested? Complete your application by filling in the form below. In the space provided, introduce yourself and why you’d like to be an intern with our team. Be clear about what you’ve done and what you’re interested in working on. Feel free to use as much space as you need in the form and be sure to give us more information by including links to your online profiles as appropriate.

We’re serious about increasing diversity in the tech industry. We encourage applications from women, people of color, people with disabilities, members of the LGBTQ community, and other communities traditionally underrepresented in this field.

Send in your internship application by December 15th for the spring support-focused internship or January 15th for the summer internships. If your application sounds interesting, we’ll schedule an interview (usually written / text chat, since we communicate a lot via text) as the next step. Good luck and thanks for your interest!

Alexis Kulash is a current VIP Intern. During her internship, she has worked on transitioning VIP sites to PHP 7 and prevented potential security and performance problems on some of the biggest sites in the world.

Ready to get started?

Drop us a note.

No matter where you are in the planning process, we’re happy to help, and we’re actual humans here on the other side of the form. 👋 We’re here to discuss your challenges and plans, evaluate your existing resources or a potential partner, or even make some initial recommendations. And, of course, we’re here to help any time you’re in the market for some robust WordPress awesomeness.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.