Installing WordPress blogs on a private server for educational purposes

I think you should consider the maintenance overhead of giving each student an individual installation.

Thanks, Andrew. The member of staff who’d be responsible is happy with that. What concerns me at this point in time is whether there is a technical possibility for an individual student to compromise the server as a whole, e.g. by installing a bad plugin, and if so what steps should be taken to minimise that possibility.

The students in question are studying subjects such as media and journalism, so while we’ll be requiring them to get to grips with HTML and CSS, they won’t all be particularly ‘technical’.

Adding HTML code to a page or post can be done within the default WordPress page/post editor and there will be no need for any student to do anything at all with any plugin or anything else that could break the site or server. Adding/editing CSS would be a different matter, and that actually goes beyond the job description of any Journalist since that gets into the technical matters of site display rather than a site’s actual content and the formatting of its content. But if someone might insist each student should have a unique site and/or learn CSS basics, then engage a webmaster to set up a private, multisite incubator similar to wordpress.com where the possibilities of breaking something are virtually non-existent:
https://en.support.wordpress.com/com-vs-org/
https://www.google.com/search?q=wordpress.com+www.remarpro.com+differences

Please, everybody: I asked about “any specific technical and security issues to take into account” in setting up “individual WordPress install[s] within a folder on a completely private server accessible only to students and staff with the right permissions”.

That was what I wanted to know. Maybe I shouldn’t have provided any context.

I asked about “any specific technical and security issues to take into account” in setting up “individual WordPress install[s] within a folder on a completely private server accessible only to students and staff with the right permissions”.

I believe that goes beyond the scope of these forums by getting into things handled by hosts at server level and that most of us only ever occasionally bump into from here on the outside.

Thanks for the pointer. Where would you suggest I put this question, then? I suspect it may be considered too broad for StackOverflow.

I really have no idea, but you might find some insights or help at one of more links here:
https://www.google.com/search?q=webmaster+server+forum

Thanks. It’s a specific question about security issues that could be caused by WordPress, though, so this ought to be the place to find someone who can answer it. I’ll try posting again without the context above, to indicate that this is a technical question, and if that fails I’ll see if an administrator will take pity on me and move this into the WP-Advanced forum.

You don’t need to post again.

…a specific question about security issues that could be caused by WordPress…

That kind of question has come up before, and there is nothing that can be done here. WordPress comes from a community of volunteers who do their very best to address the needs and desires of the overall community of WordPress *users*, and while not being in any way obligated to develop WordPress in all the same kinds of ways demanded of other entities providing *commercial* platforms.

Disclaimer: Those are just my own words here where someone else might say one thing or another a bit differently, yet WordPress does work well for its users and can be made as secure as its users might individually wish to make it…and that is all I have to say about that! (FG)

Also this is not an advanced topic. ??

That kind of question has come up before, and there is nothing that can be done here.

I haven’t asked anyone to do anything about anything. I just asked for advice on what the problems might be.

…not being in any way obligated to develop WordPress in all the same kinds of ways demanded of other entities providing *commercial* platforms.

This has nothing to do with commercial platforms. I want to install the non-commercial version of WordPress on a server belonging to a not-for-profit educational institution. I want to do it myself, together with another member of staff who has agreed to help.

Also this is not an advanced topic. ??

I’m delighted to hear that. The reason I suggested moving it to the WP-Advanced forum is that one of the comments above stated that my question “goes beyond the scope of these forums by getting into things handled by hosts at server level”. Now that you have confirmed that this is not the case, Jan, I am starting to feel hopeful that somebody – perhaps you – might answer the question that I asked. In case that question has been forgotten, I’ll post it again here:

Are there “any specific technical and security issues to take into account” in setting up “individual WordPress install[s] within a folder on a completely private server accessible only to students and staff with the right permissions”?

Any “specific question about security issues that could be caused by WordPress” would be beyond the scope of these forums even if such an allegation could actually be proved…and that is the kind of question that has come up before. But whenever an end user might be facing some kind of server-security-related challenge made by his or her host (such as when I once discovered a certain plugin could enable me to see certain things my particular host did not ever expect me to be able to see), the volunteer developers surely do make their best efforts to address the needs or desires of end users.

So a “specific question about security issues” would be beyond the scope of this forum, but “some kind of server-security-related challenge” would be fine? I’m not sure what the distinction is there.

Your mention of an “allegation” that would need to be “proved” suggests that what you think I am doing is suggesting that there is something wrong with WordPress. This is not the case, so I will try once more to explain myself.

I am planning to set up a number of individual WordPress installs on a private server at my university. Only certain people will have access to that server. I can’t find any documentation relating to setting up WordPress in this way. I would like to know whether there is anything I should be doing in order to minimise the chances that a student will in some way compromise the security of the server by e.g. installing a dodgy plugin.

If anyone can answer this query, I will be really grateful.

So a “specific question about security issues” would be beyond the scope of this forum, but “some kind of server-security-related challenge” would be fine? I’m not sure what the distinction is there.

Doing something at server level as a host in order to prevent any kind of real or potential intrusion or harm by a given WordPress user or any other server client and then any of us here trying to help a fellow WordPress user possibly being challenged by his or her host about one thing or another is the difference. Your desire to know more about server settings while hosting WordPress for clients (students, in this case) is clearly understood, but that is beyond the scope of these forums for WordPress *user* support. For example: Maybe one of your students might one day come here asking what he or she might be able to do in order to avoid being disallowed access at your server because of something related to his or her own self-hosted WordPress installation there…and then we would certainly try to help that end user.