Question Current Upgrade plan

Given the contribution levels available at this time (assuming everything currently committed clears), this is the list of improvements I currently am looking at:

1. VM service upgrade. 2 CPU to 4 CPU, 10 Gb memory to 26 Gb memory, 70 Gb storage on SSD to 250 Gb storage on SSD. This will greatly accelerate load times (and make the possibility of more effective search engines and larger tabled page loads that currently fail due to timeouts).


2. 3 yr foundation software updates - Recent / fresh installed versions of Debian 9, PHP 7, Apache, etc (while I've been updating Joomla, I have not wrangled with these foundation bits... the PHP upgrade alone should greatly improve response / performance of the site.

3. Fresh install of Joomla and only extensions we are actively using. I did some trial and error along the way that we later disabled because it didn't serve the purpose it was installed for... but uninstalls don't always leave things the way they were originally... and there's some junk and glitches floating around as a result of it.

4. Rebuild in the security/user tier system that better reflects our operation (the current set up is a kludged together result of 'learning in motion')

5. Ad-free and simplified navigation through the site, both desktop AND mobile layouts.

6. Completion of the tag system and implementation of the "New to the WU" site layout.


That's the current plan / list. Obviously, its a pretty significant amount of work... a few things (the server specific ones) will be implemented almost immediately... because I can do those without too much concern of interrupting site use. The site restructure will be worked on using a parallel instance of the server so that (hopefully) when its ready, all I'll need to do is migrate the stories, forums, and user info from the DB and we'll be good.

If anyone has any thoughts on this plan... let me know before I get too far in. While I've got a bit of this under my belt now from the past couple years; I'm the first to admit I'm not an expert... in site admin or Joomla stuff. Just remember, that simple is necessary... because if we get too complex and I have to leave the project (or aliens kidnap me) or something, the result has to be workable by people who don't even have my level of experience. So custom code that needs updated regularly and such... not a good setting for that.

*nods* that's a part of number 2... updating the Apache server and setting it up to run encrypted. I'm also experimenting with two-factor authentication... so you can use an app on your smart phone to keep your account secure.

Ametros wrote: Generally, TFA (Two-Factor Authentication) is deployed as an optional security feature. A number of communities I know have it as a requirement for the likes of moderators and higher so as to avoid shenanigans, but I highly doubt this will be an issue for you or others.

*nod* it'll be optional. May or may not be a requirement for authors (including WhatIF authors)... depending on how I set up the security layers.

Arcanist Lupus wrote: Wow. I knew that losing the ads would cause a major performance boost, but wow.

Ya... crazy, isn't it?

cprime wrote: Something else to consider with regards to SSL would be subscribing to Cloudflare as a web application firewall. Among the features of cloudflare are protections against denial of service attacks and other types of shenanigans. The entry level pricing looks fairly reasonable, but I don't know what sort of bandwidth you're pushing.

I'll look into it... it may serve double duty, going with their $20 / mo PRO level package would get us both WAF and a dedicated SSL certificate... and we could pay upwards of $100 a year keeping a certificate up to date. So, that's a pretty good use of money to get all the protection on top of it.