Service News

Goodbye, old site

The main site of our managed WordPress platform has not had a major redesign since September 2011, when we moved all sites from Movable Type to WordPress.

The new site uses a child theme of the Twenty Twenty theme by Automattic, with some minor Princeton customizations.

We used the full-width template for most pages and simple blocks like cover, columns, paragraphs, and headings.

Principal photography is by Michael Muzzie, who carried a backpack full of stuffed Wapuus (WordPress mascots) around the Princeton University campus on a beautiful October day in 2020.

Looking back, below are three screenshots from previous versions of this site. appearance from 2005-2010
How looked from 2005-2010 (Movable Type) appearance from 2010-11
How looked from 2010-2011 (Movable Type) appearance 2011-2023
How looked from 2011-2023 (WordPress)
Service News

Whither Gutenberg?

WordPress 5 was released on December 6, 2018. This major release includes the new block editor, aka Gutenberg, the most significant change to the WordPress editing experience since WYSIWYG was added.

On Thursday, December 20, we deployed WordPress 5.0 to our multisite network. However, we network activated the Classic Editor plugin. With this plugin active, the editing experience is unchanged from previous versions of WordPress. Site admins have the ability to override this plugin on an individual site under the Writing settings in the WordPress dashboard.

If the new block editor is enabled, the content on existing posts and pages is placed into a "Classic Block." A classic block can be left as-is, or it can easily be converted to the new Gutenberg blocks, where each paragraph, image, embed, etc. is a separate block.

We highly recommend watching the "WordPress 5 Essential Training" video course at before enabling the new block editor.

Also, be aware that the accessibility level of the new editor is currently unclear, and those who rely on keyboard navigation, rather than touch or a mouse, could experience difficulty trying to create content.

WordPress 5.0 comes with the new Gutenberg-optimized Twenty Nineteen theme. The new block editor should work with most existing themes, but some content, such as full-width images, might be constrained by the limitations of that theme. We will be adding more Gutenberg-ready themes in the coming months.

Warhol-style version of the Gutenberg logo

Service News

PHP 7.2

Our multisite WordPress network is now running PHP 7.2. This change was necessary because PHP 5.6 will no longer be supported after December 31, 2018.

Site performance should be improved after this update, as PHP 7 boasts remarkably optimized memory usage, and WordPress running under PHP 7 can run twice as many requests per second as the same platform running PHP 5.6.

Stuffed PHP elephant mascots, and orange one and a black one

Service News

To the cloud!

Today we finally finished migration of the OIT-managed WordPress server to the Pantheon cloud-hosting service. Page load times are noticeably improved. We hope that uptime for the service will also see significant improvement.

We apologize for the many issues with the service during the last few months.

Future enhancements include replacing the Authorizer plugin with a less obtrusive single-sign-on solution.

WordPress in the cloud


Service News

Single sign-on (CAS) replaces LDAP

All sites in the OIT-managed WordPress environment now use Princeton University's Central Authentication Service (CAS) for authorizing access to protected pages, including the WordPress admin dashboard. This replaces the LDAP-integrated WordPress login page.

Screenshot of old and new login pages
The old WordPress log-in page is on the left; the CAS log-in page is on the right.

Accessing /wp-admin or wp-login.php will automatically redirect to the CAS login page. After authentication through CAS with a Princeton netID and password, a logged-in user will be directed back to the original WordPress site. If a netID uses Duo two-factor authentication, Duo will work the same here as with any other CAS-enabled site.

One feature that is not available with the new CAS solution is the ability to bulk add authorized users to a site. We hope to find or write a plugin that will re-enable this feature.

Enabling CAS was one of the last milestones before migrating all of the sites in our managed WordPress environment to a cloud hosting provider.

Service News

WordPress 4.7 deployed, Twenty Seventeen coming

This morning we deployed WordPress 4.7 to the OIT-managed WordPress environment.

One of the main new features of the new version is a brand new default theme, Twenty Seventeen. This theme is not yet activated across our network because I want to first create a child theme that includes the option to add the Princeton University branding to the footer. I will get this theme deployed by the end of next week.

One of the main new features is that the Custom CSS feature is now available in the WordPress Customizer, allowing live previews of CSS design changes. This builds off of the custom CSS feature that is part of the Jetpack plugin suite.

WordPress 4.7 “Vaughan”

Service News

WordPress 4.5.2 deployed

Two security vulnerabilities in earlier versions of WordPress necessitated that we move to version 4.5.2.

New features of WordPress 4.5.x include an inline link editor, live responsive previews in the Customizer, custom site logos in themes that support this new feature, and a few under the hood improvements.

Service News

WordPress 4.3 is live

I have deployed WordPress 4.3 across the sites in our WordPress network.

New features include formatting shortcuts in the editor, an option to edit the menus in the customizer, and a customizer option to add a browser and app icon to your site.

The “enforce strong password” feature does not really apply to our environment, as we manage our passwords in the Princeton University directory service (LDAP) instead of locally within WordPress.

WordPress 4.3: A Great Thing Made Even Better from LinkedIn Learning Solutions


Service News

Oh, the humanity!

Update: It appears that the whitelist is not preventing the arithmetic CAPTCHA. I will contact Jetpack support for more information.

Those of you logging into the admin area of sites on our WordPress network may have been repeatedly asked to “prove your humanity.” This is a feature of the Jetpack plugin suite that helps protect against brute force login attempts.

“Human” users would have to solve an arithmetic problem and enter the answer in a tiny box. This tiny box was easy to miss, so multiple failed attempts to log in would add up, and the username trying to log in would be temporarily locked out.

I have added all Princeton University IP addresses to the whitelist settings for the Jetpack Protect feature, so in the future, you should only encounter this test of your humanity when logging in from an outside network.

Service News

WordPress 4.2.1 is deployed

Normally we wait for the breaks in between semesters to deploy feature updates to WordPress core. However, a cross-site scripting (XSS) vulnerability was discovered recently in the WordPress commenting system. A patch was quickly released for the latest feature release (4.2), but not for the release that we were running (4.1.2).

All site networks protected by the Akismet anti-spam plugin (as this one is) should have been protected against this vulnerablity; however, we decided to play it safe and upgrade to WordPress 4.2.1.

The new features for this release are minor. They include support for 4-byte Unicode characters like Han characters and emoji. 🐯🎉🎈 The “Press This” bookmarklet tool was enhanced. Tumblr and Kickstarter were added to the list of supported oEmbed services. You can now switch themes right in the appearance Customizer. Also, the WordPress admin interface has a tweaked default color scheme — consistent cool grays replace the neutral and warm grays.

You can see a full rundown of the new features in this video from WordPress.TV.