This document relates to the Service "kundenspezifisches Blog Hosting" (see SLA here) and defines tasks and responsibilities for WordPress based blogs hosted by ETH IT Services.

Overview: Updates and Maintenance responsibilities

responsibility:ETHZ IT Servicescustomer
WordPress Core(star)
Plugins (preinstalled)(star)
Plugins (custom)
(star)
Themes (preinstalled)(star)
Themes (custom)
(star)
custom code
(star)


Details: Updates  and Maintenance

to ensure latest security and feature updates for WordPress Core, we set the following two variables to have auto updates.

htdocs/wp-config.php
htdocs/wp-config.php:
define('FS_METHOD', 'direct');
define( 'WP_AUTO_UPDATE_CORE', true );


Please do not interfere with auto updates in any way - they will either be enforced and/or your page will be potentially taken offline.

ETH IT Services installs and maintains the following plugins:

please do not disable or interfere with these Plugins.

All Other Plugins (installed by customer) must be updated and maintained by the customer. We recommend enabling auto updates. ETH IT Services reserves the right to update outdated Plugins without further notice.


Go to your dashboard > Plugins > Enable auto-updates

You can get an overview of outdated components in WPMU Defender Pro Dashboard.

ETH IT Services installs and maintains the default WordPress themes ("Twenty Twenty", "Twenty Twenty-One", "Twenty Twenty-Two")

All customer-specific themes must be updated by the customer.

ETH IT Services reserves the right to update outdated themes without further notice.


SSH Access

your blog is accessible by SSH key authentication. Publickeys are stored in .ssh/authorized_keys. We highly recommend using comment fields in your publickey to associate keys to specific users. The authorized_keys files is owned and managed by the customer.


User Registration

if you decide to configuire anonymous user registration, you are fully responsible to implement additional verification methods (captcha, 2FA, ..). Public Anonymous user registration will cause your site being part of spam/botnets and therefore be taken offline.