Center for Inclusive Design & Innovation is a Georgia Tech entity operated by the College of Design that provides accessibility support to the entire University System of Georgia. However, its services are also made available to entities outside of the university system on a subscription basis.

They can help with any accessibility compliance concerns you or your faculty might have.

Using CIDI

Each campus department/unit that wants to use CIDI services has to become a 'member' of CIDI.

The person to talk with is Doug Neal (doug.neal@design.gatech.edu), who can help a department/unit get enrolled as a CIDI member.

Registration Point of Contacts

Per CIDI's request:

[CIDI recommends] that each school create an account to manage the budget manipulations in order to receive payment for services that we render. Then the school can let [Doug Neal] know who needs access to order when the membership application in completed.

Registration Process

To register, follow the directions below:

• Open a web browser and navigate to the CIDI Membership page.
• Fill out the Become a Member form, choose your membership type ( Georgia Board of Regents Post - Secondary) and select Next to view the agreement.
• Select the check boxes at the bottom, (print for your records) and electronically sign the membership agreement when you submit.
• CIDI will contact you with login credentials to the ordering system.

Captioning and Transcription Questions

Please see the CIDI captioning and transcription for information about captioning and transcription services.

The 1194.22(m).1 section relates to applet, plugin, or application boilerplate text present before file uploads of specific types. 

This includes content such as Adobe PDFs, Microsoft PowerPoint, etc.

Footer Link

Websites can meet this requirement by placing a link in the footer of the page linking to a single page highlighting the accessible readers for files on the website.

For a link to the accessible documents disclosure, please see the Accessibility Disclosures for Attached Document Files.

File Types

Appropriate text for declaring accessible readers for file types:

Adobe PDF

Consider using text prior to the PDF link, such as the following:

• File downloads below contain PDF files. Please note that some more-recent browsers have the ability to download and view PDFs. To download and view PDF files, please download a PDF reader such as Adobe Acrobat Reader. 

Microsoft PowerPoint

• File downloads below contain Microsoft PowerPoint files, which require an application to open. Please note that Microsoft PowerPoint is a paid product, however, free alternatives such as Apache OpenOffice exist to view the file.

Some document files attached to Georgia Tech website pages may be in a format that requires an additional browser extension or a special application on your computer or device to be able to open them.  The following disclosures describe how to utilize the most commonly found types of files in use at Georgia Tech:

Adobe PDF

Some more-recent web browsers have the ability to download and view PDFs.  If your browser does not have this support, you will need a PDF reader on your computer or device such as Adobe Acrobat Reader.

Microsoft Word, Excel, and PowerPoint Files

These document files are produced by the Microsoft Office application.  If you have Microsoft Office installed on your computer, then your web browser should be able to open these files automatically.  If you do not have Microsoft Office, there are other alternatives including the Apple office applications (Pages, Numbers, and Keynote) found on most Macintosh computers, or the free Apache OpenOffice or LibreOffice.

This one hour presentation was provided via Adobe Connect and incorporates a demo of JAWS screen reader accessing a Word document (Demo 1 which begins at timestamp 8:11).

For those who may be new to Adobe Connect:

• Closed captioning is provided in the Captioning Pod
• Adobe Connect Accessibility Features
• The Events Index (visually located on left side of Adobe Connect screen) contains a list of topics covered during the webinar
  • Each topic can be expanded to access direct hyperlinks to that specific section

Courtesy of AccessGA.

Checklists

The checklists from HHS.gov are available via the USG Accessibility Tutorial, under Training, Intermediate/Advanced and Creating New Content.

Please see the Web Accessibility Group (WAG) presentation from June 2017 on accessible documents.

Presenter

There's a recording of the meeting as well as a link to the presenter's slides. The presenter's website has more resources, including information on a book about Accessible PDFs that the presenter wrote.

Due to the unusual circumstances of this year and last, many conferences are being made online only.  Known updates have been posted below, but always check a conference's website for the latest details.

January

• N/A

February

• February 17, 2021 : DevNexus (Atlanta, GA) [Online]
• February 18 - 20, 2021 : Florida DrupalCamp (Orlando, FL) [Online]

March

• March 10 - 11, 2021 : AxeCon (Digital Accessibility) [Online]
• March 24 - 27, 2021 : MidCamp (Chicago, IL) [Online]

April

• April 7 - 10, 2022 : CreativeSouth (Columbus, GA) [Postponed to 2022]
• April 12 - 16, 2021: DrupalCon North America [Online]
• April 19 - 21, 2021 : An Event Apart, Spring Summit [Online]
• April 28 - 30, 2021 : IAC: The Information Architecture Conference [Online]
• April 28, 2021 : Georgia Tech OneIT Spring Symposium [Online Event]

May

• N/A

June

• N/A

July

• TBD : WPCampus (New Orleans, LA) [In Person]
• TBD : Drupal Camp Asheville [Format TBD]
• July 14 - 17, 2021 :  DrupalCon Global [Online]

August

• N/A

September

• TBD : DrupalCamp Atlanta [Format TBD]

October

• TBD : Connect.Tech (Smyrna, GA) [Format TBD]
• TBD : BADCamp (Berkeley, CA) [Format TBD]
• October 3 - 6, 2021 : HighEdWeb (Buffalo, NY) [In-Person]
• October 17 - 19, 2021 : All Things Open (Raleigh, NC) [In-Person]
• October 21, 2021 : Atlanta Tech Summit (Atlanta, GA) [In-Person] [Also has monthly meetings]
• October 26 - 29, 2021 : EDUCAUSE (Philadelpha, PA) [In-Person and Online]

November

• November 2, 2021: Georgia Tech OneIT Fall Symposium [Format TBD]
• TBD : DrupalCamp Chattanooga [Format TBD]

December

• N/A

Other

• Monthly Online Seminars : eduWeb [Online]

To Be Determined

• TBD : SunshinePHP Developer Conference (Miami, FL)
• TBD : WordCamp Atlanta (there's also other WordCamps around the world)
• TBD : php[tek] (Nashville, TN)
• TBD : Higher Ed WEBSITES
• TBD : interactUSG (TBD, GA) (Formerly the Georgia Summit and Rock Eagle IT Conferences)
• TBD : hax-camp : Web components all the things (Durham, NC)
• TBD : php[world] (Washington DC)

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences List (compiled by Build A Module)
• Drupal Camp and Conference Map and List

Due to the unusual circumstances of the current era, many conferences are still online only, though some are returning with in-person or hybrid formats. Known updates have been posted below, but always check a conference's website for the latest details.

January

• N/A

February

• February 18 - 20, 2022 : Florida DrupalCamp (Orlando, FL) [In-Person]

March

• March 15 - 17, 2022 : AxeCon (Digital Accessibility) [Online]
• March 16 - 19, 2022 : MidCamp (Chicago, IL) [In-Person and Online]

April

• April 7 - 9, 2022 : CreativeSouth (Columbus, GA) [In-Person]
• April 12 - 14, 2022 : DevNexus (Atlanta, GA) [In-Person]
• April 18 - 20, 2022 : An Event Apart (Seattle, WA) [In-Person; On-Demand Afterward for 6 months]
• April 25 - 28, 2022 : DrupalCon North America (Portland, OR) [In-Person]
• April 19 - 23, 2022 : IAC: The Information Architecture Conference [Online]

May

• May 5 - 6, 2022 : Stanford WebCamp (Stanford, CA) [Online and In Person]
• May 16, 2022 : Georgia Tech OneIT Spring Symposium [Format TBD]

June

• N/A

July

• July 8-9, 2022 : Drupal Camp Asheville [In Person]

August

• N/A

September

• September 16-17, 2022 : DrupalCamp Atlanta [In Person]

October

• October 9 - 12, 2022 : HighEdWeb (Little Rock, AR) [In-Person and Online]
• October 25 - 28, 2022 : EDUCAUSE (Denver, CO) [In-Person and Online]
• October 30 - November 2, 2022 : All Things Open (TBD) [Format TBD]

November

• TBD: Georgia Tech OneIT Fall Symposium [Format TBD]
• November 5, 2022 : DrupalCamp Chattanooga [In-Person]
• November 7 - 9, 2022 : Connect.Tech (Smyrna, GA) [Format TBD]

December

• N/A

Returning Next Year

• May 16 - 18, 2023 : php[tek] (Chicago, IL)
• July 12 - 14, 2023 : WPCampus (New Orleans, LA) [In Person]
• September 13 - 15 2023 : interactUSG (Savannah, GA) (Formerly the Georgia Summit and Rock Eagle IT Conferences)

Other

• Monthly Online Seminars : eduWeb [Online]
• Monthly Meetings: Atlanta Tech Summit (Atlanta, GA)

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences List (compiled by Build A Module)
• Drupal Camp and Conference Map and List

Due to the unusual circumstances of this year, many conferences from March onward are being canceled or made online only.  Known updates have been posted below, but always check a conference's website for the latest details.

January

• N/A

February

• February 6 - 8, 2020 : SunshinePHP Developer Conference (Miami, FL)
• February 21 - 23, 2020 : Florida DrupalCamp (Orlando, FL)
• February 13, 2020 : Atlanta Tech Summit (Atlanta, GA)
• February 19 - 21, 2019 : DevNexus (Atlanta, GA)

March

• March 18 - 21, 2020 : MidCamp (Chicago, IL) [Online Event]

• April 2 - 4, 2020 : CreativeSouth (Columbus, GA) [Postponed to April 8 - 10, 2021]
• April 13 - 15, 2020 : An Event Apart, Washington, DC [Canceled]
• April 14 - 18, 2020 : IAC: The Information Architecture Conference (New Orleans, LA) [Online Event]
• April 18 - 19, 2020 : WordCamp Atlanta [Canceled] (there's also other WordCamps around the world)
• April 29, 2020 : Georgia Tech OneIT Symposium [Online Event]

May

• May 18 - 23, 2020 : DrupalCon (Minnieapolis, MN) [Postponed; Date/Format TBD]
• May 18 - 21, 2020 : php[tek] 2020 (Nashville, TN) [Canceled]

June

• June 3, 2020 : Higher Ed WEBSITES (Online Event)
• June 29 - July 1, 2020 : An Event Apart, Boston, MA

July

• July 10 - 12, 2020 : Drupal Camp Asheville [Online Event]

August

• August 3 - 5, 2020 : eduWeb (Salt Lake City, UT)

September

• September 10 - 12, 2020 : DrupalCamp Atlanta

October

• October 5 - 7, 2020 : An Event Apart, Orlando, FL 
• October 14 - 16, 2020 : Connect.Tech (Smyrna, GA)
• October 14 - 17, 2020 : BADCamp (Berkeley, CA)
• October 17 - 21, 2020 : HighEdWeb (Little Rock, AR) [Online Event]
• October 18 - 20, 2020 : All Things Open (Raleigh, NC)
• October 26 - 29, 2020 : EDUCAUSE (Boston, MA)

November

• November 7, 2020 : DrupalCamp Chattanooga

December

• N/A

Other

• TBD : interactUSG (TBD, GA) (Formerly the Georgia Summit and Rock Eagle IT Conferences)
• TBD : hax-camp : Web components all the things (Durham, NC)
• TBD : php[world] (Washington DC)

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences List (compiled by Build A Module)
• Drupal Camp and Conference Map and List

This page details upcoming web development related conferences for the upcoming 2019 calendar year.

The 2020 Conferences Page is now available.

January

• N/A

February

• February 7 - 9, 2019 : SunshinePHP Developer Conference (Miami, FL)
• February 15 - 17, 2019 : Florida DrupalCamp (Orlando, FL)
• February 15, 2019 : Atlanta Tech Summit (Atlanta, GA)

March

• March 6 - 9, 2019 : DevNexus (Atlanta, GA)
• Marcy 13 - 17, 2019: IA Conferene (Orlando, FL)
• March 20 - 23, 2019 : MidCamp (Chicago, IL)
• March 29, 2019 : USG Web Tech Day (Online)

April

• April 8 - 12, 2019 : DrupalCon (Seattle, WA)
• April 11 - 13, 2019 : CreativeSouth (Columbus, GA)
• April 24, 2019: Georgia Tech OneIT Symposium (Georgia Tech Global Learning Center)

May

• May 3 - 5, 2019 : WordCamp Atlanta (there's also other WordCamps around the world)
• May 6 - 8, 2019 : An Event Apart, Boston
• May 21 - 23, 2019 : php[tek] 2018 (Atlanta, GA)

June

• June 5, 2019 : Higher Ed WEBSITES (Online Event)
• June 8, 2019 : DrupalCamp Chattanooga

July

• July 12 - 14, 2019 : Drupal Camp Asheville
• July 29 - 31, 2019 : An Event Apart, Washington D.C.
• July 29 - 31, 2019 : eduWeb (Philadelphia, PA)

August

• August 26 - 28, 2019 : An Event Apart, Chicago

September

• September 12 - 14, 2019 : DrupalCamp Atlanta
• September 18 - 20, 2019 : interactUSG (Savannah, GA) (Formerly the Georgia Summit and Rock Eagle IT Conferences)

October

• October 2 - 5, 2019 : BadCamp (Drupal Camp @ Berkeley, CA)
• October 7 - 8, 2019: hax-camp : Web components all the things (Durham, NC)
• October 13 - 16, 2019 : HighEdWeb (Milwaukee, WI)
• October 13 - 15, 2019 : All Things Open (Raleigh, NC)
• October 14 - 17, 2019 : EDUCAUSE (Chicago, IL)
• October 16 - 18, 2019 : Connect.Tech (Smyrna, GA)
• October 23 - 24, 2019 : php[world] (Washington DC)

November

• N/A

December

• N/A

Other

• TBD : MiniCamp (Drupal Online Event)

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences List (compiled by Build A Module)
• Drupal Camp and Conference Map and List

This page details upcoming web development related conferences for the upcoming 2018 calendar year.

The 2019 calendar year page is now available!

January

• N/A

February

• February 8 - 10, 2018 : SunshinePHP Developer Conference (Miami, FL)
• February 16 - 18, 2018 : Florida DrupalCamp (Orlando, FL)
• February 16, 2018 : Atlanta Tech Summit (Atlanta, GA)
• February 21 - 23, 2018 : DevNexus (Atlanta, GA)

March

• April 13 - 15, 2018 : WordCamp Atlanta (there's also other WordCamps around the world)
• March 8 - 11, 2018 : MidCamp (Chicago, IL)

April

• April 9 - 13, 2018 : DrupalCon (Nashville, TN)
• April 12 - 15, 2018 : CreativeSouth (Columbus, GA)
• April 28, 2018 : USG Web Tech Day (Macon, GA)

May

• May 29 - June 1, 2018 : php[tek] 2018 (Atlanta, GA)

June

• June 7, 2018 : MiniCamp (Drupal Online Event)
• June 13, 2018 : Higher Ed WEBSITES (Online Event)
• June 16, 2018 : DrupalCamp Chattanooga
• June 25 - 27, 2018 : An Event Apart, Boston

July

• July 30 - August 1, 2018 : An Event Apart Washington D.C.

August

• August 26 - 29, 2018 : An Event Apart Chicago

September

• September 12 - 14, 2018 : interactUSG (Athens, GA) (Formerly the Georgia Summit and Rock Eagle IT Conferences)

October

• October 8 - 10, 2018 : edUI conference (Charlottesville, VA)
• October 8 - 10, 2018 : An Event Apart Orlando
• October 17 - 19, 2018 : Connect.Tech (Smyrna, GA)
• October 21 - 22, 2018: All Things Open (Raleigh, NC)
• October 21 - 24, 2018 : HighEdWeb (Sacramento, CA)
• October 24 - 27, 2018 : BadCamp (Drupal Camp @ UCA, Berkeley, CA)
• October 30 - November 2, 2018 : EDUCAUSE (Denver, CO)

November

• November 8 - 10, 2018 : DrupalCamp Atlanta
• November 12 - 15, 2018 : php[world] (Washington DC, 15% EDU discount, Super early bird ends August 31)

December

• N/A

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences (compiled by Build A Module)

This page details upcoming web development related conferences for the 2017 calendar year.

We also have a page for the 2018 calendar year.

January

• January 30 - February 1, 2017 : An Event Apart St. Louis

February

• February 2 - 4, 2017 : SunshinePHP Developer Conference (Miami, FL)
• February 17 - 19, 2017 : Florida DrupalCamp (Orlando, FL)
• February 22 - 14, 2017 : DevNexus (Atlanta, GA)

March

• March 18 - 19, 2017 : WordCamp Atlanta (there's also other WordCamps around the world)
• March 30 - April 2, 2017 : MidCamp (Chicago, IL)

April

• April 6 - 9, 2017 : CreativeSouth (Columbus, GA)
• April 21, 2017 : USG Web Tech Day (Macon, GA)
• April 24 - 28, 2017 : DrupalCon (Baltimore, MD)

May

• May 4, 2017 : Atlanta Tech Summit (Atlanta, GA)
• May 24 - 28, 2017 : php[tek] 2017 (Atlanta, GA)

June

• N/A

July

• July 10 - 12, 2017 : An Event Apart Washington D.C.

August

• N/A

September

• September 20 - 22, 2017 : ConnectJS
• September 25 - 27, 2017 : edUI conference (Charlottesville, VA)
• September 27 - 29, 2017 : University System of Georgia Annual Georgia Summit

October

• October 24 - 27, 2017 : University System of Georgia Annual Computing Conference (Rock Eagle) (Eatonton, GA)
• October 31 - November 3, 2017 : EDUCAUSE (Philladelphia, PA)

November

• November 3 - 4, 2017 : DrupalCamp Atlanta
• November 4, 2017 : DrupalCamp Chattanooga

December

• N/A

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences (compiled by Build A Module)

This page details upcoming web development related conferences for the 2016 calendar year.

We also have a page for the 2017 calendar year.

January

• N/A

February

• February 15-17, 2016: DevNexus (Atlanta, GA)

March

• March 5-6, 2016: Florida DrupalCamp 2015 (Orlando, FL)
• March 14-16, 2016: An Event Apart Nashville
• March 16-17, 2016: Great Wide Open (Atlanta, GA)
• March 17-20, 2016: MidCamp (Chicago, Il)
• March 18-20, 2016: WordCamp Atlanta

April

• April 6-7, 2016: EDUCAUSE Connect (Miami, FL)
• April 7, 2016: WebVisions (New York, NY)
• April 7-9, 2016: CreativeSouth (Columbus, GA)
• April 15, 2016: Atlanta Tech Summit (Atlanta, GA)
• April 21, 2016: USG Web Tech Day 2016 (Macon, GA)

May

• May 9-13, 2016: DrupalCon (New Orleans, LA)
• May 18-20, 2016: WebVisions (Portland, OR)
• May 23-27, 2016: php[tek] 2016 (St. Louis, MO)

June

• N/A

July

• July 7-9, 2016: WebVisions (Barcelona)

August

• N/A

September

• September 14-16, 2016: University System of Georgia Annual Georgia Summit
• Sept. 21-23, 2016: WebVisions (Chicago, IL)

October

• October 12-14, 2016: University System of Georgia Annual Computing Conference (Rock Eagle) (Eatonton, GA)
• October 21-22, 2016: DrupalCamp Atlanta
• October 20-22, 2016: ConnectJS
• October 24-26, 2016: edUI conference (Charlottesville, VA)
• October 25-28, 2016: EDUCAUSE (Anaheim, CA)
• Oct. 26, 2016: WebVisions (Berlin)
• Oct. 29, 2016: WebVisions (London)

November

• November 5, 2016: DrupalCamp Chattanooga

December

• N/A

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences (compiled by Build A Module)

This page details upcoming conferences for the 2015 calendar year.

January

• N/A

February

• February 16-18, 2015: An Event Apart Atlanta
• February 28, 2015: AlterConf (Atlanta, GA)

March

• March 10-12, 2015: DevNexus (Atlanta, GA)
• March 19-22, 2015: MidCamp (Chicago, Il)
• March 28, 2015: DrupalCamp New Orleans
• March 27-29, 2015: WordCamp Atlanta
• March 30-April 1, 2015: Symfony2 Bootcamp (Atlanta, GA)

April

• April 2, 2015: AWSome Day (Atlanta, GA)
• April 4, 2015: CampSass (Atlanta, GA)
• April 9-11, 2015: CreativeSouth (Columbus, GA)
• April 11-12, 2015: Florida DrupalCamp 2015 (Orlando, FL)
• April 14-15, 2015: POSSCON (Columbia, SC) 
• April 22-24, 2015: EDUCAUSE Connect (San Antonio, TX)

May

• May 11-15, 2015: DrupalCon Los Angeles
• May 18, 2014: Atlanta Tech Summit (Atlanta, GA)
• Mar 18-22, 2015: php[tek] 2015 (Chicago, IL)

June

• N/A

July

• N/A

August

• N/A

September

• September (?) 2015: DrupalCamp Chattanooga
• Sep 16-18, 2015: University System of Georgia Annual Georgia Summit

October

• Oct 16-17, 2015: DrupalCamp Atlanta
• Oct 16-17, 2015: ConnectJS
• Oct 21-23, 2015: University System of Georgia Annual Computing Conference (Rock Eagle)
• Oct 27-30, 2015: EDUCAUSE (Indianapolis, IN)

November

• Nov 9-11, 2015: edUI conference (Charlottesville, VA)

December

• N/A

TBD

• Great Wide Open (Atlanta, GA - at the Georgia Tech Hotel & Conference Center)

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences (compiled by Build A Module)

Due to the unusual circumstances of the current era, many conferences are still online only, though some are returning with in-person or hybrid formats. Known updates have been posted below, but always check a conference's website for the latest details.

January

• N/A

February

• February 17 - 19, 2023 : Florida DrupalCamp (Orlando, FL) [In-Person]

March

• March 1, 2023 : Georgia Tech OneIT Spring Symposium [Hybrid]
• March 15 - 16, 2023 : AxeCon (Digital Accessibility) [Online]
• March 26 - 28, 2023 : MidCamp (Chicago, IL) [In-Person and Online?]
• March 30 - April 1, 2023 : CreativeSouth (Columbus, GA) [In-Person]
• March 28 - April 1, 2023 : IAC: The Information Architecture Conference [In Person]

April

• April 4 - 6, 2023 : DevNexus (Atlanta, GA) [In-Person]

May

• May 11 - 12, 2023 : Stanford WebCamp (Stanford, CA) [Online and In Person]
• May 16 - 18, 2023 : php[tek] (Chicago, IL)

June

• June 5 - 8, 2023 : DrupalCon North America (Pittsburgh, PA) [In-Person]

July

• July 8-10, 2023 : Drupal Camp Asheville [In Person]
• July 12 - 14, 2023 : WPCampus (New Orleans, LA) [In Person]
• July 25, 2023 : Higher Ed Web Accessibility Summit [Online]

August

• August 5, 2023 : Open Camp / DrupalCamp Chattanooga [In-Person] - Postponed to November 2024

September

• September 13 - 15 2023 : interactUSG (Savannah, GA) (Formerly the Georgia Summit and Rock Eagle IT Conferences)
• TBD : DrupalCamp Atlanta [In Person]

October

• October 8 - 11, 2023 : HighEdWeb (Buffalo, NY) [In-Person and Online]
• October 9 - 12, 2023 : EDUCAUSE (Chcago IL) [In-Person and Online]
• October 15 - 17, 2023 : All Things Open (Raleigh, NC) [Format TBD]
• October 24 - 26, 2023 : Connect.Tech (Atlanta, GA) [In-Person]

November

• TBD : Georgia Tech OneIT Fall Symposium [Format TBD]

December

• N/A

Other

• Monthly Online Seminars : eduWeb [Online]
• Monthly Meetings: Atlanta Tech Summit (Atlanta, GA)

Exhaustive Campus/Conference Lists

• Drupal Camps and Conferences List (compiled by Build A Module)
• Drupal Camp and Conference Map and List

This page details all topics of guides for getting started with WordPress.

Getting Started Sub-Topics

This page details all topics of guides for pages and posts.

Pages and Posts Sub-Topics

This section contains information and guides for WordPress themes and theme customization options.

Appearance and Themes Sub-Topics

We have training resources both on- and off-campus available for WordPress usage and best-practices.

WordPress Training Sub-Topics

Anyone who is running their own instances of WordPress that they fully administer themselves (this doesn't include people maintaining sites on Sites @ Georgia Tech), should make sure they are running a comprehensive security plugin like WordFence to monitor and protect their WordPress instance from cyber attacks. WordPress sites are popular attack vectors, especially ones that rank well in the major search engines.

Minimal Security Settings

If you have a valid reason for not running a comprehensive security plugin, it is recommended that your website has Limit Login Attempts Reloaded to prevent brute force login attacks. 

Please note that WordFence limits login attempts as well, so you don't need a separate plugin for that if you're running WordFence.

User Login

To strengthen user logins on campus, CAS/Single Sign-On based authentication for user logins is strongly recommended. Please see the drupal.gatech.edu article on CAS for Drupal 7 for recommended settings and server information.

If you cannot enable CAS/Single Sign-On, consider adding a two-factor authentication (2FA) plugin to your site. WordFence supports 2FA but only in their paid premium version.

Please note that you should not run both CAS authentication and 2FA, as that will result in a three-factor authentication for all of your faculty/staff users. 

Menus and navigation can be edited through the WordPress Appearance dashboard section.

Menus and Navigation Sub-Topics

WordPress allows you to add users and provide them with preset roles for editing, posting, and administration.

User Roles and Access Sub-Topics

Example code of how to retrieve a person's gtaccount (gburdell1) using command line.

Start command

For each of the examples given below, the command will start with this line:

ldapsearch -x -LLL -h whitepages.gatech.edu -b "dc=whitepages,dc=gatech,dc=edu" 

For example, 

ldapsearch -x -LLL -h whitepages.gatech.edu -b "dc=whitepages,dc=gatech,dc=edu" mail=george.p.burdell@gatech.edu

Use email to find gtaccount

mail=george.p.burdell@gatech.edu

Use unique given or first name

givenName=Adelle

Use unique family/last or surname

sn=Vuchatu

Use part of full name

cn="*Frank,A*"

OR

cn="*Adelle*"

Other ldap variables

Whitepages also lets you narrow your search using other values, such as:

• building: William C Wardlaw Center
• telephoneNumber: 404-385-4275
• displayName OR cn: Burdell,George P
• title: Web Developer Sr [job title]
• objectClass: luPerson
• primaryUid OR uid: gburdell1
• postalAddress: 0181 [campus mail code]
• ou: Institute Communications [department]

Qualtrics allows for a form to be locked to only Georgia Tech user access through single-sign on (SSO).

To enable this, follow the directions below.

Enable Georgia Tech Login

1. Navigate to Qualtrics and edit a survey.
2. Under Survey Flow, select 'Add a New Element Here' and select Authenticator.
   • Authentication type: SSO
   • Check 'Capture respondent identifying info'.
     • Configure "Embedded data set" to 'userid' and "Field from SSO" to 'username'.
   • SSO type: CAS
     • Hostname: sso.gatech.edu
     • Port: 443
     • URI: cas
3. Click "Apply" in lower right corner.

Click Test CAS Connection to test the configuration values.

After adding the SSO configuration, move the 'Display Form' block to the success branch on successful authentication, so that the form only displays after SSO.

Using Data from Shibboleth/SAML Attributes

As part of the configuration for Qualtrics SSO, selected attributes are released about the authenticated user when authenticated via Shibboleth/SAML. These can be automatically included as "Embedded Data" in survey responses, and also used to populate text in answers to questions or in instructional text. As of October 2021, the following attributes are released to Qualtrics: mail, uid, givenName, displayName, eduPersonPrincipalName, sn, cn. Additional information on these attributes can be found on IAM's documentation site.

To use any of these attributes in a survey, follow these steps:

1. Navigate to Qualtrics and edit a survey.
2. Under Survey Flow, select 'Add a New Element Here' and select Authenticator.
   • Authentication type: SSO
   • Check 'Capture respondent identifying info'.
     • "Embedded Data to Set..." is an internal identifier used within your survey and can be set to anything
     • "Field from SSO" is the SAML attribute name as provided from GT SSO (see list above)
   • SSO type: Shibboleth
   • Example: Collecting displayName (e.g. George P Burdell) and mail (user's primary email address as set in Passport, e.g. george.burdell@gatech.edu)
   • 
3. Click Apply to save changes
4. To use these attributes in your survey, go back to the Builder tab and select one of your questions.
5. Example: Populating name as a default answer to a text field
   • In the Edit Question dialog on the left of the page, click Default choices.
   • A modal should appear. Click the blue dropdown icon and select Embedded Data Field.
   • Another dropdown should appear. Any attributes you configured in the authenticator should appear in the list. Select the one you wish to use for this field, then click Insert.
   • Click Save to save the default value.
   • After publishing the survey, that field will be automatically pre-filled with the user's display name.
   • 

Configure Survey Actions

Next, configure the survey access permissions.

1. Navigate to Qualtrics and edit a survey.
2. Click Survey Options.
3. Select how you would like access to the survey:
   • Open Access: Any Georgia Tech user account can access and complete the survey if they have the submission URL.
   • By Invitation Only: Only invited Georgia Tech user accounts can submit a survey response.
4. Click Save to save changes.

You can find a repo of a static HTML/CSS template for creating a Georgia Tech website available on the Georgia Tech GitHub page.

Access

The static Georgia Tech theme template is kept in the ICWebTeam GitHub account:

• https://github.gatech.edu/ICWebTeam/gt-static

You must have an active Georgia Tech user account (GTAccount) in order to view this repository.

Details

The markup and styling associated with this repository is ported from the Georgia Tech Drupal theme. This template serves as a starter-kit to help one follow Georgia Tech Website Brand Requirements when building a static Georgia Tech website or website in a content-management system other than Drupal.

Contact

If you have any questions about this repository, please contact webteam@gatech.edu. For technical issues, please post an issue to the repo.

What is Central Authentication Service (CAS)?

From Wikipedia (Central Authentication Service):

The Central Authentication Service (CAS) is a single sign-on protocol for the web.[1] Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user's security credentials, such as a password. The name CAS also refers to a software package[1] that implements this protocol.

Georgia Tech implements the CAS service to allow campus members to easily log into campus websites using their GT Account Username and associated password.  However, for a website to utilize CAS, it must be set up correctly, which usually means adding a module, plugin, or library, and configuring it to work with Georgia Tech's CAS servers.

• Setting up CAS for Drupal 7 and 8 - Georgia Tech Drupal Article
• Setting up CAS for WordPress
• Setting up CAS for a stand-alone PHP application
• Setting up CAS for a static website on OIT Web Hosting - OIT FAQ Article

CAS Sub-Topics

With changes to web browsers (Chrome in particular) coming soon that will mark non-SSL (http://) websites as Not secure, now is the time to consider upgrading your site to SSL encryption.  The first part is getting an SSL certificate and adding it to your hosting account.  However, you also have to check through and adjust your site for optimal results.

In most cases, switching to SSL will not outright break a site, but its not impossible in some cases:

• Chrome and possibly some other browsers will not show a non-SSL page in an IFRAME of an SSL page.  Unlike other types of security issues, Chrome will not let the user bypass or ignore the issue on non-SSL page in an IFRAME, so the user will be completely blocked from getting to the IFRAMEd content.

• Custom code might break if it dissects page URLs and doesn't treat "http://" and "https://" as the same site, or has been coded to only work with http:// URLs.

The more common issue is a page being flagged as having mixed content, which means that something included on an SSL encrypted page (an image, a video embed, a CSS file, a JavaScript file, etc.) is being loaded from a non-encrypted site.  A lot of times, this is due to a local resource having been added to the page with a fully qualified URL (e.g. http://foobar.gatech.edu/styles.css) instead of using a relative URL (e.g. /styles.css).  Updating those URLs will fix the problem, though finding them can be a challenge.  Getting comfortable with your favorite browser's development inspector can help a lot, as many have a Network feature to let you see all of the files being loaded by the page and which ones were SSL encrypted and which ones were not.

There are other places you should check to optimize your site:

• Menu bars often have fully qualified links added to them, so check for ones that can either be shortened to a relative link or updated from "http://" to "https://"

• Redirects in .htaccess files are sometimes entered as fully qualified links.  Once again, they should be made relative or updated from "http://" to "https://".  If your content management system has its own redirection system (e.g. the Drupal 7/8 Redirect module), you may need to check its tables for URLs that need to be updated in the same way.

Certain applications may need a little assistance:

• WordPress has two settings on the General settings page:  WordPress Address (URL) and Site Address (URL).  Both need to be updated to begin with "https://"

In most cases, you'll not only want to clean up the links and settings of your site, but also redirect all of your non-SSL traffic to your SSL site, and content systems don't typically handle this for you.  To cover all of your bases, it's good to add the following to your site's .htaccess file, ahead of any other Rewrite Engine rules:

RewriteEngine on
# This forces the visitor to the non-www.* address *before* forcing them to SSL
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
# This checks to make sure the connection is not already HTTPS
RewriteCond %{HTTPS} !=on
# This rule will redirect users from their original location, to the same location but using HTTPS.
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

One final tip: if you control any other websites that link to the site you're upgrading, you should go into them and update those links from "http://" to "https://", and also make sure they're using the version of your site's domain name that matches your SSL certificate (in most cases, this will be a version without "www." at the beginning.)

SSL encryption (technically Transport Layer Security, but still commonly referenced as SSL, the acronym for its now deprecated predecessor) is a protocol for encrypting communications between a web browser and a web server. Encrypted connections (denoted by a web URL starting with 'https://') are not easily monitored by third parties unlike unencrypted connections (denoted by a web URL starting with 'http://'), where all content can be easily viewed by anyone with access to some part of the connection path. SSL works through a system of public-key cryptography, and is intended to not only keep communications private, but to also help ensure that you are actually communicating with the right server and not a hacker's rogue server that is merely impersonating a legitimate server.

By default, SSL is provided and available on OIT Webhosting, and can be enabled other types of on-campus web hosting where you or your information technology support staff have low-level management access to the web server.

SSL Certificates

In order to enable SSL encryption for a website, you need to have an SSL certificate that securely identifies that your server is the genuine server for your website's domain name. There are many possibilities for obtaining an SSL certificate – too many to list here.

Presently, Georgia Tech is a member of InCommon, a collective of universities which have pooled resources. This means campus units can get SSL certificates for free. Usually one person in a department, college and/or school has the ability to request and issue certificates. Ask your information technology support staff for assistance if you need a certificate for a web site.

InCommon Certificate Caveats

• Georgia Tech's InCommon account can issue certificates for sub domains of Georgia Tech (addresses that end in .gatech.edu) as well as non-Georgia Tech domains. If you need a certificate for a non-Georgia Tech domain, you will need to contact the InCommon admins who will assist with granting authority to sign the non-Georgia Tech domain, and provide instructions on verifying the ownership of the non-Georgia Tech domain. This is usually accomplished by uploading a unique key file to your site's docroot for verification.
• If your site is on OIT Web Hosting, you may not need a certificate, as web hosting has a 'wildcard' / multi-site certificate that covers a lot of common Georgia Tech sub domains, and they are often willing to add additional Georgia Tech sub domains if you ask. Please see the OIT FAQ Article on SSL Certificates and Web Hosting for more information.
• As of now OIT Web Hosting only allows creation of 2048 bit certificates. Most security standards now call for a minimum of 4096 bit SSL certificates.

Other Types of SSL Certificates

Before InCommon, there were several options for SSL certificates. You may stumble across them:

• Paid SSL certificates - Issued by GoDaddy, Thawte, Comodo and others.
• Self signed certificates - Generated and signed on the server that hosts them.  These are fine for development, but should never be used in production, as users will get a certificate error message in their browser when accessing a site with a self-signed certificate.
• Georgia Tech Signed certificates - For many years, Georgia Tech had its own root certificate.  It's no longer used, but may still be on systems.  If you find this, you should remove it, as the root certificate has expired, as have any certificates signed by that root certificate.

Implementing SSL Encryption

• Enabling and Using SSL Encryption on OIT Web Hosting

Patch, Patch, Patch

The most important security practice for web application software is to keep up with your software patches.  The more commonly used the application, the greater a chance that someone out there is looking for insecure installations to hack.

Systems like Drupal and WordPress are so popular that you need to be prepared to deploy security patches for them just as soon as they come out.  If your hosting server is running Installatron, you can configure it to automatically install many of these updates.  If you don't have Installatron, you can still configure WordPress to automatically install new updates on its own.  Drupal, unfortunately, requires manual intervention if you don't have an outside tool like Installatron, but modules can usually be updated from within the application.  Drupal core updates have to be installed from the command line or from a web hosting file manager control panel.

Non-security patches can be important, too, but should be tested more thoroughly before deployment since they could break things.  (Security patches could break things, too, but sometimes it may be better to break a small feature of your site temporarily than to leave it susceptible to a known vulnerability.)

Lock Down Site Access

Securing the back doors to your site is pointless if you leave the front door wide open.  Make sure you have configured your web application properly so that only the proper authorized people can access it.  

• Consider user roles carefully and don't give out more access privileges than are necessary.
• Audit user access lists and remove users who no longer need access (employees who no longer work for your unit, students who have graduated, anyone who has moved to a different role that doesn't need to use the application.)
• Besides auditing access lists within web applications, also audit the access lists for their server hosting accounts as well.  Make sure that the people with access to administer those accounts still have reason to be doing so.  Take old developers off of these accounts if they aren't actively working for you, even if you think you'll bring them back in later, and remove anyone who has left Georgia Tech, as they could potentially still be able to get to your hosting account even after many of their standard IT privileges have expired.
• If you implement a configuration where anyone with a GT Account can log into your application, be very careful about what you make available to these 'regular' users.  Keep in mind that when you include all GT Accounts, you include all guest users, outside vendors and developers who are doing work for Georgia Tech units, retirees, alumni, etc.  That's a pretty big pool of people.  If you really don't need to include all of those people, look into options for validating that someone logging in is a current faculty/staff member or student.
• If you add custom security modules to content systems like Drupal and WordPress, don't just assume they work as you have configured them:  open a different browser and test to make sure a non-logged in user really can't get to the content you are trying to protect.  A security configuration that doesn't actually work is worthless.

Run a Tight Ship

Module and plugin based applications like Drupal and WordPress have one distinct downside:  not all modules and plugins are created equal, and poorly written and managed ones can put your application at risk.

Before installing a module or plugin, review it carefully.  Avoid ones that do not have active support, ones that haven't been updated in several years, and ones that have never left alpha/beta status.  It's usually better to tell a stakeholder that there's nothing available to provide a certain functionality than to offer up a module or plugin that isn't stable and risks introducing security holes.  It's also far better to say no up front than to try something that stakeholders get used to, only to later discover a serious uncorrectable problem that necessitates removing the plugin/module.

Avoid Frankensites

What's a Frankensite?  It's a module/plugin based web application where so many extra components have been added to it that it's impossible to properly audit the functionality of the site.  Upgrading these sites can either become impossible, or strokes of pure luck if a major update doesn't break several things at once.

When any kind of complex functionality is required, look at abstracting that functionality out to a separate application that can run in parallel with the main application.  For example, if you are running a Drupal site and your stakeholders want a nice photo album, don't load up the Drupal site with the half-dozen extra modules needed to make a barely functional internal photo album system.  Instead, set up a copy of ZenPhoto, which is designed from the ground up to handle photo albums.  Or, suggest the usage of a hosted in-the-cloud system.  Any of these options will keep your main website application from turning into an unmanageable Frankensite.

(Setting up multiple applications may seem like more work at first glance, but it's far less work in the long run, as you'll be able to streamline the installation of updates, not to mention that you can update the secondary applications one at a time without having to bring down any others or the main application/site.)

Enable and Monitor Security Logs

Many applications and all hosting account systems will log different kinds of activity related to your web application.  While a lot of these logs may seem unreadable to the untrained person, they could still be invaluable should a problem arise - especially a security incident.  It's a good idea to keep these logs around for at least six months, and even longer if your application handles any sensitive data.  Check the Georgia Tech data security policy to find institute requirements and recommendations for log retention.

When possible, sending logs to a remote server is a really good idea, as that prevents those remote copies from being modified by a hacker who gets too far into your web server.

Make Regular Site Backups

Nothing is worse than having a site crash without a recent backup available.  Whether the crash was due to a patch gone bad or a hacker getting into the site, being able to restore the site to a previously known good state is critical.  Here are some recommended guidelines for handling backups:

• For all sites, run a full backup once a week, and for important sites, also run an incremental backup daily.
• Store backups in a safe location, ideally on a remote server.  If possible, configure your infrastructure so that the web server can't modify a backup once it's been written to the remote server, so that a hacker who breaks into the web server can't delete your backups.
• TEST your backups!  Far too many a systems administrator has been bitten hard by backup files that were corrupted, missing important components, or even just plain missing because the backup process didn't write out the files as expected.  After running your first backup, download the files and try to recreate the website in a test environment to make sure you have a complete backup of the site.  And, don't forget to check the backup archives periodically to make sure they're still functioning as you expect.
• Be sure to cycle out old backup files periodically, so that your backup system doesn't run out of disk space.  This is yet another way to discover that you have no recent backups when you need them the most.

Install and Utilize Security Tools

Some applications may have third-party tools to help you monitor for security problems.  A good, reliable security tool can block many types of known attacks, stop brute-force login attempts, log more details about accesses to the site, and/or point out configuration settings that you ought to change to make the site more secure.

Since every application is unique, you'll have to research the available security tools that work with a specific applications.  Be sure to look at how well respected the tool is within the user community, as that will give you an idea of how safe and reliable it will be.

There are also server level security tools that you can utilize, such as Web Application Firewalls (WAFs).  These have to be installed by a server administrator, but can add an extra layer of protection beyond the tools available for the specific application(s) you are running.  The OIT Web Hosting servers all run a WAF that protects their hosting accounts by filtering any requests coming from off-campus.

Write Safe Code

If you are coding applications for the web or even just coding modules / plugins / themes for existing applications, take the time to write safe code:

• Sanitize any user input that you utilize to deter hackers from running malicious commands by submitting carefully crafted values into a form field.
• Use proper security wrapping methods to make sure that authorization is being checked properly before the execution of any higher level command.
• Avoid putting in a backdoor "just for testing", as it can be all too easy to forget to remove it later.  If you must use one, document it boldly and clearly so that it's easy to detect when you review the code later.
• Do carefully review your code before putting it into production, and even better, have someone else review it as well, since they might catch bugs that aren't obvious to you.
• Always keep a copy of your code on a separate server, so that if your development or production servers get hacked, you can run a code comparison to your protected code to see if anything was changed by the hackers.

Clean Up After Yourself

Leaving junk behind in your public web hosting account directories can cause multiple problems, so keep your public directories clean:

• When installing code updates, keep the installers out of your public directories, or at least move them out once you are finished with the update.  If your hosting account doesn't already have a private directory, create one and use it for installers, backups, etc.
• If you edit live code, don't leave any backup copies in the live directories.  If you need to make a backup of a file before editing it, put the copy in a private directory.  There are many ways in which an improperly named backup file could accidentally expose the program code to a hacker, and depending on the file, this could expose internal user account credentials, shared secrets, or internal server names, all of which could be quite valuable to a hacker.
• If you run a major update and want to move your current installation to a different folder, once again move it somewhere inside a private (non-public) directory, especially if there is no need to be able to access the old installation over the web.  If you do need to leave the old installation up temporarily, plan a date at which it will be shut down, and if at all possible, firewall that directory for the interim to just on-campus IP addresses (or if possible, just IP addresses for your local unit).  Old installations usually never get patched, and thus can become huge forgotten security holes if left publicly accessible over the web.
• Security precautions aside, keeping your public web directories neatly cleaned up will help you in many other ways, including making it easier to debug problems and in some cases even speeding up application performance.

For those considering hiring a third party for their website work, Georgia Tech has an enterprise-wide contract in place that allows you to quickly get estimates from a group of pre-approved vendors. 

In March 2020, the Institute finalized two enterprise-wide contracts for web projects:

• One for projects less than $50K.
• One for projects greater than $50K.

These contracts include a number of fully vetted vendors with a broad range of skillsets in owned digital. Every Georgia Tech unit seeking third-party website support must use a vendor from one of the enterprise-wide web contracts.

For more information, refer to: How to Hire a Website Vendor.

On-campus web developers can, in some cases, serve as contractors for on-campus web work. 

Important Notes

• Please note that is strongly advised that you receive direct agreement from your supervisor and the hiring unit's leadership before beginning work. 
• To simplify the process, the best practice is to complete this work outside of the employee's regular working hours. 

Employee Policy

5.3.2 Extra Compensation:

Extra compensation may be paid to employees for tasks performed after normal business hours for duties not included in the employee’s normal job responsibilities, provided the following three criteria are met:

1. The tasks must be outside of the employee’s regular department.

2. The Departmental Agreement Form, must be completed and signed by the appropriate department heads. Departmental Agreement Form

3. The employee must meet at least one of the criteria listed below (Criteria from the Official Code of Georgia Annotated Section 45-10-25):

   • Chaplain
   • Fireman
   • Dentist
   • Certified Oral or Manual Interpreter for Deaf Persons
   • Registered Nurse
   • Licensed Practical Nurse
   • Psychologist
   • Teacher or Instructor of an evening or night course or program
   • Professional holding a doctoral or masters degree from an accredited college or university
   • Part-time employee

Also, an employee meeting all three criteria listed above may be paid extra compensation for a task for another department during normal job hours if the task is not part of the employee’s normal job responsibilities, and the employee takes annual leave for the portion of time that is being used for the task receiving extra compensation.

Employees that have been determined by the institution to be non-exempt, as defined by the Fair Labor Standards Act (FLSA), and are performing extra duties could qualify for overtime pay. Non-exempt employees should be paid at least the overtime rate or more.

Examples of situations justifying the payment of extra compensation are:

• An employee teaching a continuing education course after hours or while taking annual leave, when teaching the course is not part of the employee’s normal job responsibilities.

  Note: This is allowable under the Official Code of Georgia Annotated Section 45-10-25, No. 15.

• A part-time public safety officer working extra hours to referee a ball game.

  Note: Georgia Code 45-10-25 does not apply to part time employees.

• A staff member with a masters degree doing web design for another department.

  Note: This is allowable if the required Departmental Agreement Form is completed and signed by the appropriate department heads.

A proposed workflow for how smaller teams can code collaboratively with git at Georgia Tech.

Defining Git

Git is an environment-agnostic version control system that allows teams or individuals to collaborate on projects in a distributed fashion. Git was created for the command line, but there are also GUI clients available.

Commits

Under the hood, git is powered by a tree of commits. Each commit tracks the difference between it and the previous commit in the tree. This saves tremendous space by storing only the changes and not the entire changed file.

Repositories

Repositories (repos) are a place where files and their histories are stored. Local repos are stored on your machine and/or the production server. The remote (origin) repo is an agreed-upon authoritative repository through which all changes flow. We use the GitHub.gatech.edu enterprise website to store our remote repos, as well as to manage their permissions and the code review process.

Branches

Central to git is the idea of branches. Each branch is just a pointer to a commit in a tree. So making a new branch is as cheap as initializing a pointer to the current commit, and updating that pointer (and only that pointer) when work is done on that branch. And because of the way git stores commits, storage for the work done on branches will be cheap too.

Branches are a way for collaborators to work together without all working on the same version of code. This allows for more advanced nonlinear workflow than a single stream of commits. It also allows for powerful administrative features such as code reviews, keeping the master (production) branch stable and testing new features without compromising that stability.

Pull requests

Pull requests are a GitHub-specific feature that encourages review of any code changes before they go live. It also gives administrators a chance to request changes or resolve conflicts before the final code is merged into the master branch.

Collaborative Workflow Overview

This workflow is based on the lightweight GitHub Flow system. This choice reflects our emphasis on less complexity for our small team, instead of focusing on a perfectly clean commit history.

In this system, all development (whether fixes or features) is done in branches and then merged back into the master/production branch when completed. Below is a sample timeline for the workflow of creating and implementing a new feature branch.

This workflow follows 5 rules:

1. The master branch is protected and should be kept deployable to production at all times. This is the most important rule. All code merged into master should first be thoroughly tested and reviewed. It is possible to revert the master branch, but this should be avoided whenever possible. Even if a hotfix is needed, verification of the fix should always be done in a branch. This is especially essential when our server is configured to automatically pull updates from the remote origin repo, meaning that any commit to master will quickly be made live.

2. Create separate branches off the latest master for each feature. Since branches are cheap, use one for every feature or fix. And, to ensure updated code, branch off of the current master.

3. Before every commit, pull the latest master and merge it into your local branch. One of the most challenging tasks in collaborative git is updating an existing file that needs to integrate divergent code changes from multiple developers. Merging the latest master branch into your local feature branch before every commit will largely prevent that by ensuring that any discrepancies in code are limited in scope and easily resolvable.

4. Constantly push all branches to the remote/origin repo. The remote repo isn’t just for maintaining the master branch: it can also store any other branches you are developing. This allows others to contribute to the individual branch you are working on (if you both are working on the same feature, for instance), as well as showing the current progress on each feature.

5. Use pull requests to add completed features to the master branch. Pull requests allow new features to be vetted by administrators before being added to production. Once a feature is in a mergeable state, a pull request allows discussion, review, and finally approval to get integrated into our live, master branch.

(Credit to Eli Trexler for putting together a lot of this content).

Learn how to connect a repository on github.gatech.edu to a virtual host on a server (examples given for a RHEL7 server, but similar will work IF using at least OpenSSH version 5 or higher on your server).

Make SSH Keys on Server

1. On your server, become the superuser (sudo su).
2. Create a folder in which to store SSH keys (mkdir /var/www/.ssh).
3. Create an SSH key pair on your server in that .ssh directory (ssh-keygen -b 2048 -t rsa), and name the key for the virtual host (example: /var/www/.ssh/mysite).
4. Create a config file (touch /var/www/.ssh/config) and add this code inside it:

   # mysite.gt
   Host mysite
   HostName github.gatech.edu
   PreferredAuthentications publickey
   IdentityFile /var/www/.ssh/mysite

5. Change the .ssh folder permissions (chmod 700 /var/www/.ssh).
6. Change the .ssh folder ownership for use by apache (chown -R apache:apache /var/www/.ssh).
7. Change ownership of the already-existing vhost's folder for use by apache (chown -R apache:apache /var/www/vhosts/mysite.gatech.edu).
8. Copy the contents of the public key into your Text Editor of choice (cat /var/www/.ssh/mysite.pub).

Add Deploy Key on Github

1. Create your private repo on github.gatech.edu, under the appropriate departmental Team. Do not add any files (not even a README).
2. Within your repo, click the Settings tab.
3. Choose "Deploy keys" in the left side menu, and click on "Add deploy key"
4. Give a descriptive title, like "Mysite server public key".
5. Paste the public key you copied from your server into the "Key" area.
   • If this is your initial copying of the repo from the server TO github, check "Allow write access", so that you can push to this github repo from your server.
   • If you already have the initial copy of your files pulled from the server, you need to delete the old key and make a new one that does NOT allow write access (to improve the security setup).
6. Click "Add key".

Connect your Server to Github

1. Make sure git is running (git --version).
2. Become the apache user (su -s /bin/bash - apache).
3. You probably need to symlink the .ssh directory for the apache user, so that known_hosts is saved in the correct place.
   • As the apache user, change to the home directory (cd ~)
   • Find where that home directory is located (pwd)
   • Make a symlink from your recently-created .ssh folder to apache's home directory location (ln -s /var/www/.ssh /path/to/apache/home/.ssh).

Existing Server Repository

If this vhost on your server already has a git repo initialized, follow these steps:

1. Change to your vhost's folder (cd /var/www/vhosts/mysite.cc.gatech.edu).
2. Use ssh not http to add the github repo as its origin, including the "Host" you created in the .ssh/config file as the url so that the server uses the correct ssh key to connect (git remote add origin git@mysite:My-Dept/mysite.git).
3. Push your server's repo to github (git push -u origin master).
4. Check the repo on github to make sure you see the commits from your server.

New Server Repository

If this vhost on your server does not yet have a git repo initialized, follow these steps:

1. Change to the directory above your vhost (cd /var/www/vhosts).
2. Use ssh not http to copy the repo from github to your server, including the "Host" you created in the .ssh/config file as the url so that the server uses the correct ssh key to connect (git clone git@mysite:My-Dept/mysite.git mysite.gatech.edu).
3. Change to your vhost's folder (cd /var/www/vhosts/mysite.gatech.edu).
4. Check the repo on your server to make sure you see the commits from github (git log -n 1).

Configure protected master branch on Github (Under construction section)

Since you will be connecting the repo to a Production site, you need to protect the master branch on github, so that all changes pushed to it must go through an approval process before being merged into the master/production branch.

Customize .gitignore file

For a Drupal 7 site, add these lines to the repo's .gitignore file (as they should not be version controlled):

• sites/*/files
• sites/*/private
• sites/*/settings.php

Set cron to do a git pull as the apache user (Under construction section)

Example:
0 */1 * * * cd /var/www/vhosts/mysite.gatech.edu && git pull >> /dev/null

Change File Permissions (Under construction section)

Often, the file and directory permissions on the server differ from your local development environment. You will need a cron job or automatic git-accompanying command so that, whenever it pulls updates from the remote repository, files and directories receive the correct ownership and permissions for the server.

For a Drupal 7 site, the defaults should be:

• user and group = apache:apache
• most directories = 755
• most files = 644
• not version controlled, so set it once and forget it:
  • settings.php file = 444
  • /sites/*/files = 777 (directory)
  • /sites/*/files/* = 666 (files)

Connecting to GitHub Enterprise at Georgia Tech, unlike Github.com, requires a few additional steps because GitHub Enterprise is not publicly accessible.

Please note that it is much easier to connect to GitHub Enterprise via GitHub Desktop, which natively supports enterprise installs like GitHub Enterprise at Georgia Tech.

To facilitate access to a repository in GitHub Enterprise at Georgia Tech, follow the directions below.

Setup

Derived from metroplus documentation.

1. Generate a SSH key:

   ssh-keygen -f ~/.ssh/filename-goes-here -b 4096
   

2. Copy SSH key files onto your server of choice into ~/.ssh/, making sure that your private key is chmod to 0400.
3. Add the SSH key to your GitHub Enterprise at Georgia Tech account.
4. Establish SSH fingerprint for GitHub Enterprise at Georgia Tech:
   
    ssh-keyscan github.gatech.edu >> ~/.ssh/known_hosts
    
5. Edit (or create) file config in ~/.ssh/. This file is responsible for routing the generic git@github.gatech.edu account to the defined SSH key on the server and on Github. See below for an example config file.

Sample config file

host github.gatech.edu-identifying-text-here
 Host github.gatech.edu
 IdentityFile ~/.ssh/filename-goes-here
 User git

The above configuration routes git repository URLs for Host (github.gatech.edu) to check for the SSH key file under IdentityFile with the git account (User). 

More Information

• Github Documentation on SSH

Overview of the Process

1. In a web browser, go to the OIT Web Hosting site (https://hosting.gatech.edu/ - available on-campus or via the VPN only!)
2. Log in, using your GT Account username and password (e.g. "gburdell1").
3. Follow the link on the right-hand side of the main menu for My Plesk Hosting.
4. In the grey horizontal section, select the Request a site on Plesk link, which will take you to a request form.
5. Follow the link in the left-hand sidebar for Request, and then select the Request button under New Site
6. Fill out the form and select the Request New Site button at the bottom of the page.
7. These requests will take up to 72 hours to complete. You will receive an email once the site has been set up.

If you have any questions about any part of the form, you can hover over or tab to any of the question mark icons to get detailed instructions.

There are two user roles for OIT Web Hosting accounts: "owner" and "authorized user".

• Owners are the people responsible for the website who make the key decisions about the site.  An owner is oftentimes not the technical manager of the site, but must be a full-time employee of Georgia Tech.

• Authorized Users have most of the same privileges as owners, and can be anyone with a valid GT Account Username (including guest user accounts).

Keep in mind that OIT will reach out to the owner(s) first when there are issues with the website that need to be addressed, so make sure at least one of the owners is someone who can answer those questions and handle those requests.

Process

To grant or revoke access for another person to access your OIT Web Hosting site's Plesk control panel, an owner of the site should do the following:

1. Go to the OIT Web Hosting site (https://hosting.gatech.edu/) in your web browser (available on-campus or via the VPN only!)

2. Select the My Plesk Hosting button on the right-hand side of the main menu bar.

3. After logging in, you should see your list of web hosting sites.  Locate the entry for the site in question and select the Manage button with the cogwheel icon next to it.

4. On the next page, select the Edit tab to modify the web hosting site's configuration.

5. Update the entries under the Manage Site Owners section and/or Manage Authorized Users section as needed, noting the following:

   • To add someone to a Web Hosting Account, that person must have logged into the OIT Web Hosting site at least once before you can add them to an account.

   • You must enter each person's GT Account Username (no other identifier will work).

   • Use the Add another item button to add extra blank spaces if needed.

   • To remove an existing administrator, just delete the person's GT Account from the given blank (you can re-use the blank for a different person if you wish.

   • On the Owners section:

     • The first field cannot be left blank.  If you need to remove that person, you'll need to move one of the other owners up so that there is a valid GT Account username in the first field.

     • If you have trouble adding someone as an owner, ask them log into the OIT Web Hosting site, which will refresh their account information on the site.  If you still have trouble adding that person as an owner, check their status in IAT or Mage to see if they are possibly missing the "full-time-employee" role.

6. Don't forget to select the Save button at the bottom of the page.

Below are some helpful tips on how to use the SSH to get command line access your web hosting site via a Windows or Mac computer.

• Are you off-campus? You must use VPN from off-campus in order to access your site via SSH.
• FAQ: finding your login information for ssh
• Guide: Using ssh on Windows with cygwin (generic).

A sample command you might run to access your site is:

$ ssh my-ftp-username@my-internal-domain-name

Weekly backups of all OIT Web Hosting accounts now happens automatically.  However, if you wish to to more frequent backups for an important site that changes regularly, the following instructions below explain how to configure the Plesk control panel on OIT's web hosting to keep automatic backups of your entire site.

Overview

First, read this general FAQ on how to create scheduled backups.

Setting Recommendations

For a Georgia Tech Drupal site, good default settings are:

• Backup period: Daily

• Maximum number of backups in repository: 14

• Backup content: All configuration and content except mail

• Suspend domain until backup task is completed: Depends on whether you want your site to be unavailable while this backup is happening.

If you have administrative access to at least one OIT Web Hosting account, you can look up the owners and administrators of any other account.  Simply navigate to your My Plesk Hosting page (available on-campus or via the VPN only) and follow the link in the left-hand sidebar for Site Lookup.

Unfortunately, there is no longer a means for looking up an account owner / administrator if you do not have access to at least one hosting account.  In this case, you will need to either contact OIT for assistance, or find someone who does own an account to perform the look-up for you.

SSL encryption is highly recommended for websites these days, not just because it makes user interactions with your site more secure, but also because the major browser manufacturers are starting to mark all non-SSL encrypted sites with some kind of red symbol (red padlock, red 'X' through a padlock, etc.) to better warn users not to enter sensitive information into these sites.  So, from a marketing standpoint, it's going to make your site look more professional if you turn on SSL encryption, which will keep those red warning symbols from showing.

OIT provides an article on How to Force Your Site's HTTP Traffic to HTTPS that covesr much of what you need to know to get started your site set up with SSL encryption.

To set up an external domain name with SSL encryption on an OIT Web Hosting account:

Generate a Certificate Signing Request (CSR) File

You can generate a CSR for an OIT Web Hosting site from the site's Plesk Control Panel:

1. Log into the Web Hosting Control Panel System and navigate to your site's control panel
2. On the control panel page, select SSL Certificates
3. On the SSL Certificates page, select Add SSL Certificate.
4. On the Add SSL Certificate page, fill in the requested information and then select the Request button (do not use the Self-Signed button!)
5. That will generate a CSR that you can then upload to a third party certificate provider, and your Private key is auto-generated and stored in your Plesk Control Panel. 

Uploading and Enabling the Certificate

Once you have received your certificate from your provider:

1. Log into the Web Hosting Control Panel System and navigate to your site's control panel
2. On the control panel page, select SSL Certificates
3. Choose or Browse to the fileon your local computer, then select the Upload Certificate button.
4. After the certificate has been uploaded, select Websites & Domains in the left-hand menu bar, then select Hosting Settings in the main control panel
5. Look in the middle of the page for the Security section.   Select your certificate via the provided drop-down selector
6. Select the OK button to save your changes.

OIT is phasing out the Sympa mailing list system and is no longer using it in conjunction with OIT Web Hosting.  There are other solutions for having multiple people get notifications relating to an OIT Web Hosting account, and it may be best to discuss these with your local IT support, who should understand the ins and outs of campus email.

One important thing to note is that the Plesk hosting system will only support a single email address, and cannot handle a comma separated list of multiple addresses.  So, in the hosting management system (found at https://hosting.gatech.edu/), you can only put a single email address in the Notification Email Address for Website field.  If you are the sole site administrator, then just put your email address in this field and you will receive all site notification emails.

The simplest solution for sending notifications to multiple people, although it will typically require the help of your local IT support, is to create an email alias for your site that forwards to all of the site admins, and then enter that alias under Notification Email Address for Website.  

Previous content about Sympa mailing lists is left below for reference until Sympa is completely phased out (date TBD.)

Prior to late 2016, OIT always set up a Sympa mailing list whenever it set up a web hosting account, and the 'hosting.gatech.edu' site automatically managed the membership of that mailing list, syncing the hosting account's administrators and owners to the mailing list.

This process changed with the late 2016 upgrade of 'hosting.gatech.edu'. Previously existing mailing lists remain in place, but new hosting accounts do not get mailing lists created for them, and owners and administrators are no longer synced to the existing mailing lists for existing hosting accounts. Instead, there is now a Notification Email Address for Website field on the hosting record where the site owner or administrator can specify an email address where Plesk server notifications (e.g. your hosting account SSH password is about to expire) can be sent.  The hosting record is viewed and edited by selecting the cogwheel symbol next to the hosting account name on your Plesk Web Admin Tools page.

Here's what you need to know about this new system:

• If you have a previously existing hosting account and want to keep using the previously existing notifications mailing list, you should open a ticket with OIT and ask them to make you the owner of that Sympa mailing list. Then, you can manually update the mailing list as needed.

• If you have a new hosting account, you can manually request a Sympa mailing list for the people who will own and administer that account. Once the list has been approved, enter the list's delivery email address into the 'Notification Email Address for Website' field for the associated hosting account.

• If you don't want to use a Sympa mailing list, you can enter any address into the 'Notification Email Address for Website' field, but it will only accept a single address.  If you want to have it send to more than one person without using a Sympa mailing list, ask your IT support to set up an email alias that points to all of the admins, then enter that alias into the 'Notification Email Address for Website' field.

1. In your repository on github.gatech.edu, click the Clone or download button.
2. Click the Use SSH link in the upper-right corner of the dialog.
   
3. Click the copy to clipboard icon.
   
4. Go to your domain under hosting.gatech.edu.
5. In the Websites & Domains panel, click the Git link.
   
6. In the Add Git Repository panel, make sure the Remote Git hosting option is selected.
7. Paste the link you copied from your Github repository into the Remote Git repository box.
   
8. To the right of the green arrow, you can accept the default or click the automatically deployed link and change it to manual deployment.
   
9. Plesk will automatically generate an SSH public key. Copy the hash in the textbox.
   

The SSH public key can be added to an individual user account or to the repository as a deploy key.

Adding SSH Public Key to an Individual User Account

1. Go to your repository on github.gatech.edu > Settings > SSH and GPG keys.
   
2. Click the New SSH key button.
3. In the SSH keys dialog, add a Title, paste the SSH key you copied from Plesk into the Key textbox, and click the Add SSH key button.
   
4. Return to the Add Git Repository panel in Plesk and click the OK button.
5. It takes a few seconds for Plesk to clone the repository.
6. Once complete, you should see a your.domain.gatech.edu.git repository in Plesk.

Adding SSH Public Key to Repository as a Deploy Key

1. Go into your repository in github.gatech.edu by clicking the name link.
   
2. Click on Settings in the navigation bar.
   
3. Click Deploy keys in the side menu.
   
4. Click the Add deploy key button.
   
5. In the Deploy keys dialog, add a Title and paste the SSH key you copied from Plesk in the Key textbox. Leave Allow write access box unchecked and click the Add key button.
   
6. Return to the Add Git Repository panel in Plesk and click the OK button.
7. The cloning process takes a few seconds to run.
8. Once complete, you should see a your.domain.gatech.edu.git repository in Plesk.

OIT Web Hosting accounts can be accessed remotely via a protocol called SSH, which gives you a command line style interface to the hosting account.  From there, a knowledgable person such as a web developer can manipulate the files on the website, changing settings and configuration and even writing and debugging code to some extent.  (The SSH interface on OIT Web Hosting is somewhat limited in its capabilities, so it's not recommended that anyone actually attempt to develop code using it, but technically this is possible.)

To access a hosting account via SSH, you either need the SSH password for the account or you need a valid SSH key.

SSH Password

To set the SSH password for an OIT Web Hosting account, go into the account's Plesk Control Panel, then select Web Hosting Access from the main control page (known as the "Websites & Domains" page).  Please note that there is no way to see the current password - if you do not know what it is, all you can do is reset it to a new value.

SSH Keys

An SSH key is a form of public key encryption to let you connect to another system via SSH without having to send a normal password.  To use this method, you will need to generate an SSH key for yourself.  The process varies greatly based on the operating system and SSH client you are using, so we cannot provide any instructions for this part.  However, in the end you should have two keys: a private key and a public key.

If you are enabling SSH Key access for an outside developer, then s/he should send you his/her public key, which is the part you need to enable access to your OIT Web Hosting Account.

Adding an SSH Key

After logging into the Plesk Control Panel for your hosting account, locate the large title text "Website & Domains".  From there, look to the far right for an icon that looks like a square with a left-pointing black triangle in it, and select that icon.  A menu of options should appear that starts with "Backup & Restore" - look to the bottom of that menu for "SSH Keys" and select that option.

That's the hard part.  On the next page, "SSH Keys Manager", you can add and delete authorized keys.  Simply select the Add Key button, paste the new key into the Key field, and select the Add button to add it.

Removing an SSH Key

To remove someone's key, simply locate it in the list on the "SSH Keys Manager" page, select the checkbox to the left of the key title, and then select the Remove button to remove it.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 1: PLAN

The project sponsors and other important stakeholders will decide whether to commit to the web project and define it at a broad level.

Identify the website’s purpose.

• What is the rationale for embarking on this website project?
  Example: We want a website that focuses solely on this program and the functions related to applying, enrolling, and being a student of the program.
• What are your objectives and how will you leverage the website to achieve them?
  Example: Increase newsletter subscriptions by making the web form responsive and brief.

Determine success metrics.

• How will you measure impact and success?
  Example: Increase subscriptions 10%, from 500 to 550.

Identify target audiences and audience goals.

• Who are the primary and secondary audiences?
  Examples: Prospective undergraduate students, current undergraduate students, prospective graduate students, current graduate students.
• Are there any other key audiences that will visit the website?
  Examples: High school counselors, parents of prospective undergraduate students.
• What are the top three tasks you want each of these audiences to do on the website?
  Examples: Read graduate program descriptions, learn how to apply, sign up for the newsletter.

Assemble a project team.

Who will be involved in the building, launch, and maintenance of your website? To determine whether you may need to hire an external vendor, answer the following questions:

• Do you have an in-house web developer? Yes/No
• Do you have an in-house content writer and editor? Yes/No
• Do you have an in-house designer? Yes/No
• Do internal team members have the bandwidth to make the website a top priority during key phases of the project? Yes/No

If you answered, “No” to any of the questions above, you should plan to hire freelance professionals or agencies. In this case, you will need to prepare a Scope of Work in order to find the best professionals to work with within your budget.

For those considering hiring a third party for their website work, Georgia Tech has an enterprise-wide contract in place that allows you to quickly get estimates from a group of pre-approved vendors. 

Resources:

• Hiring a Website Vendor (aka, How to navigate the enterprise-wide web projects contract)
• Scope of Work Examples: Small and Large Website Projects
  (Note: you will need to login with your GT account information to access these documents.)

TIP:
“Around this time, there may be a need to develop a communications strategy around the redesign effort and launch. In some instances, the communications will primarily be internal.” Shayla Hill, Assistant Director - Digital Strategy

Next Step

Once the project has been formally started, all team members should participate in the discovery part of the Planning Phase.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 1: PLAN

Once the project has been formally started, the discovery phase begins. This phase is meant to reveal the state of your website today and your competitive landscape. All team members should participate in this phase of the project.

Assess current website.

If your current website has analytics, pull reports to benchmark for comparison later.

Analyze current content.

Begin inventorying existing website content to determine what content you have on your site, what needs to be updated, what can be removed, and what needs to be created. 

Resources:

• Take Stock of Your Current Content
• Content Audit and Analysis: A Step-by-Step Guide

Interview stakeholders.

Interview the individuals or groups whose work and responsibilities are affected by how the website performs. Their input will help set a strategic direction that will guide the process.

Resource: Stakeholder Interview Questions

Look at competitor websites.

Perform an analysis of competitor and peer website categories to identify best practices, good ideas to emulate, and bad ideas to avoid.

Resource: Competitive Review Template

TIP:
“I actually draft a sitemap before I do a content audit. It helps me to have a really clear idea of the structure before diving into the content, thereby making it easier to eliminate content that is no longer needed.” Ashlee Gardner, Communicator

Next Step

Identify the technical and functionality requirements for the new website during the scope portion of the Planning Phase.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 1: PLAN

During the scope phase, you will identify the technical and functionality requirements for the new website. If you need to outsource any work, the information that you have gathered in the initiation, discovery, and scope phases will be critical for the external vendor.

List required features and functionalities.

What features and functionality would you like on the site?

Determine the content management system (CMS), web hosting, and other integrations.

Select the CMS and web hosting service that should be used, as well as determine whether the website needs to integrate with any third-party applications (e.g., Mercury, Google Analytics, Salesforce).

Resources:

• Content Management Systems
• Web Hosting Solutions
• Recommended Systems and Services

Indicate Institute- and department-level requirements.

These are requirements related to usability, security, legal issues, page loading times, etc. As a state-funded school, there are several requirements that every Institute website must legally comply with:

• Accessibility: Federal law and Georgia Tech policy require that you follow proper accessibility guidelines when creating and updating content.  
• Security: Familiarize yourself with and adhere to Security Best Practices.
• Data Protection: All Institute websites must comply with the EU General Data Protection Regulation Compliance Policy. 

Set a preliminary budget.

Establish a preliminary budget for the project and indicate other funding sources that could affect the project.

Resource: What it costs to plan, design and build a custom website.

TIP:
If you have an internal web developer, they can begin setting up the staging/production environments.

Next Step

During the UX design phase, you will begin to organize content around your website visitors' needs and your unit's priorities. This begins the design phase of the website redesign project.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 2: DESIGN

In this phase, you will draft a high-level organization of the technical, functional, and visual components of the website.

Draft a sitemap.

Using the information and data gathered in the discovery phase, sketch out an optimal sitemap. A sitemap will typically mirror your main menu navigation and website pages branching off from those pages.

Resource: Plan Your Site Structure

Articulate user flows.

Map out what each user will do when they visit the website. Outline the series of steps that will be involved in accomplishing each task.

Resources: 

• Buyers' Journeys
• Content Maps

Create content outlines.

Using the user flow information above, list the high-level ideas that you want to convey and that users would be looking for on the main pages of the website.
 

TIP:
Make sure all team members familiarize themselves with the Accessibility Primer and Search Engine Optimization (SEO) Fundamentals. The two go hand-in-hand to help create a highly usable and accessible website.

Resources:

• Accessibility Primer
• SEO Fundamentals

Next Step

Built upon a sound UX strategy, the design phase continues with wireframing.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 2: DESIGN

Wireframes are 2D illustrations indicating where the major navigation and content elements will appear on a webpage.

Design homepage wireframes.

Include full screen and responsive views/layouts.

Resource: How to create wireframes

Design main template-page wireframes.

Include full screen and responsive views/layouts.

TIP:
While this is happening, the content team can begin assigning, gathering, and organizing content. At the same time, the web developers can begin working on any backend features that do not require design. The backend is the part of the website that users do not see or interact with.

Resources: 

• Writing for the Web Guide
• Georgia Tech Editorial Style Guide

Next Step

The design process continues with the visual design phase.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 2: DESIGN

Built upon a sound UX strategy, the design process continues with the visual design of the website.

Determine the overall visual feel.

Use the Drupal theme as a base. Be sure to review the Institute's Brand Guide and Web and Digital Style Guide.

Resources:

• Brand Guide
• Web and Digital Style Guide
• HTML/CSS Templates for Creating Georgia Tech Websites

Design homepage and main page mockups.

Using approved wireframes, design a homepage mockup including full screen and responsive views/layouts.

TIP:
Before creating mockups for the rest of the pages, take the homepage mockup all the way through the review and approval process.

Create and gather visual assets.

These assets include buttons, calls-to-action, photos, and videos.

Resources: 

• Find Images for Your Website

Next Step

When all of the mockups have been approved, the project will move into the development portion of the build phase.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 3: BUILD

When all of the mockups have been approved, the project will move into the development portion of the build phase.

Set up the content management system (CMS).

The recommended CMS for Georgia Tech websites is Drupal.

Resources:

• Content Management Systems
• Georgia Tech Drupal Handbook

Install and customize the theme.

You can find a repo of a static HTML/CSS template for creating a Georgia Tech website on the Georgia Tech GitHub page.

Resource: Appearances and Themes

Build page templates.

A page template is a guide for how a certain type of page will look. When reviewing your sitemap and content outlines, think about how these pages will look. Note that your page templates should match the list of wireframes in the preceding sections.

Install third-party integrations.

Install and configure any data and service integrations or modules. 

Resource: Recommended Systems and Services.

Program any custom functionality. 

Customize the backend.

Next Step

When the content is ready, the web developer will populate the new website by transferring existing content and uploading any new content.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 3: BUILD

When the content is ready, the web developer will transfer existing content and upload any new content to the website.

Add content.

This includes text, visuals, and files. The web developer should work hand-in-hand with the designer to ensure that the text and graphics appear correctly on every page. 

Add links and functionality within the content.

Once all of the features and templates have been developed and the content has been loaded, review and collaborate with stakeholders to optimize existing content across key content sections. In other words, ensure that every webpage links to at least one other webpage within your website.

Proofread and edit.

An editor should always review the website content before changes are made live to the public. Additionally, make sure that your website content follows the Institute's editorial style so that the voice is consistent across the Institute.

Resource: Georgia Tech Editorial Style Guide

Create a 301 redirect strategy.

If any URLs are changing on the new site, you’ll need to create a 301 redirect strategy to eliminate the possibility of broken links from other websites that link to the page or from browser bookmarks.

Resource: How to Create a 301 Redirect Map

TIP:
Once you’ve developed a full 301 redirect map, give it to the developers to implement.

Next Step

Next is the testing, where all participants make sure that the website works the way it should before it goes live. This is the first stage of the deploy phase.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 4: DEPLOY

The testing phase is for all participants to test the website and fix any errors before making it live to the public.

Develop a test plan.

The test plan should include:

• The actions and tasks each testing participant needs to complete.
• A priority scale for classifying bugs or issues.
• A consolidated communication method.

Test on different devices and browsers.

Each participant should click links and view each page on Chrome, Safari, Firefox, etc., as well as on desktop and mobile devices.

Track and correct bugs.

Often, timing gets tight as you get closer to the launch deadline, so it may not be possible for developers to do everything in time. A priority scale allows decisions to be made in terms of which items are launch-critical versus more minor things that can wait.

Check for broken links.

Resource: W3C Link Checker.

Test for accessibility compliance.

Resources: 

• Accessibility Quick Reference Guide
• Accessibility Testing and Tools

Optimize and adjust as needed.

Next Step

Once the site is fully approved, a launch date should be scheduled and the website prepared for launch.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 4: DEPLOY

Once the site is fully approved, a launch date should be scheduled and the website prepared for launch. The website launch is when the new website is made visible to the public.

Assign user roles and train on the content management system (CMS).

Provide documentation and training for key staff to equip them with an understanding of the CMS and site-specific customizations.

Push the new website live.

Migrate the website to the permanent server.

TIP:
On launch day, all team members should monitor the site to ensure that there are no issues.

Implement 301 redirects for new URLs.

Celebrate your good work!

Next Step

Moving forward, the website should be updated following a monthly maintenance schedule — at a minimum.

A NON-WEB DEVELOPERS GUIDE TO A WEBSITE REDESIGN
Download the template now

PHASE 4: DEPLOY

Moving forward, the website should be maintained on a regular basis. This should include Drupal updates, security updates, content maintenance, and basic page styling.

Monitor website traffic.

For two months post-launch, monitor what has changed from your baseline analytics report and alert the team of any issues on a weekly basis.

Validate page load times.

Compare it to your pre-migration baseline.

Inform linking partners of your new URL structure.

Send them your 301 redirect map.

Update your XML sitemap.

Submit it to search engines.

The College IA is designed to put your college’s work – academic offerings and research – at the forefront of the website.

Adopting this structure will help ensure a cohesive, unified experience across Georgia Tech academic sites. Users who visit multiple sites, such as students comparing degree programs, will have an easier time finding information.

A streamlined, easy-to-navigate site will also make a positive impression upon prospective students, faculty, and the larger community.

Below is a guideline for a college website’s main menu

You are not required to use menu categories that do not apply to your college, and you may have categories that are unique to your college. For consistency-sake, however, it is recommended that you, at minimum, begin the main menu with “About,” and end with “News and Events.” Limit your menu to seven categories or fewer.

About

Purpose: To provide background about your college and logistical information

Examples of what to include: Letter/welcome from a dean/chair, general department contact information, buildings & facilities, directions, job opportunities, history.

Academics

Purpose: To highlight your academic programs.

Examples of what to include: Information about undergraduate, graduate, and postdoc programs, secondary concentrations, program requirements, classes, admission.

Schools

Purpose: To highlight the schools within your college.

Examples of what to include: A high level overview of your schools and links to their websites.

Research

Purpose: To highlight the latest research taking place in your college.

Examples of what to include: Highlights of faculty research, overviews of your department’s main research areas, publications, news related to research, cross-university collaborations, and research initiatives or partnerships.

What not to include: Items that are intended only for an internal audience, such as paperwork for research administration or safety procedures; this information should be included in resources.

News and Events

Purpose: To showcase what’s happening now in your department, announcements, and upcoming events. 

The School IA is designed to showcase your academic programs, research, and student life.

By using this navigation, you are helping to provide a cohesive, unified experience across Georgia Tech academic sites. Users who visit multiple sites, such as students comparing degree programs, will have an easier time finding information.

Below is a guideline for a school website’s main menu

You are not required to use menu categories that do not apply to your school, and you may have categories that are unique to your school. For consistency’s sake, however, it is recommended that you, at minimum, begin the main menu with “About,” and end with “News and Events.” Limit your menu to seven categories or fewer.

About

Purpose: To provide background about your school and logistical information.

Examples of what to include: Welcome from a dean/chair, general department contact information, buildings and facilities, directions, job opportunities, and history. 

Academics

Purpose: To highlight your academic programs.

Examples of what to include: Information about undergraduate, graduate, and postdoctoral programs, concentrations, program requirements, and admission. 

Student Life

Purpose: To focus on academic and co-curricular elements of student life that are unique to your school or to Georgia Tech.

Examples of what to include: Student profiles, organizations, career development, community outreach, and life in Atlanta.

Research

Purpose: To highlight the latest research taking place in your school.

Examples of what to include: Highlights of faculty research, overviews of your school’s main research areas, publications, news related to research, collaborations, and research initiatives or partnerships.

What not to include: Items that are intended only for an internal audience, such as paperwork for research administration or safety procedures; this information should be included in the bottom footer menu under Resources.

People

Purpose: To highlight the faculty, researchers, and staff associated with the school.

News and Events

Purpose: To showcase what’s happening now in your school, announcements, and upcoming events.

A content inventory and analysis is an excellent way to determine what content exists on your current website, what needs to be updated, what can be removed, and what new content you need to create to meet your communications goals.

After completing an inventory and analysis, it will be easier to build your new site, knowing what is needed and what is not.

Below are some tools and methods you may find helpful.

Step 1: Build the inventory

Make a list of all of your current Web pages and input them into the Content Audit and Analysis Template.

A tool to help speed up this process is xml-sitemaps.

1. Go to www.xml-sitemaps.com.
2. Input your website URL into the "Starting URL" field, and click Start.
3. Once the process is done, select “Download sitemap in text format.”
4. Save the text document to your computer.
5. Next, Open the text document, Select All of the text, and Copy it.
6. Open GT Content Audit and Analysis Template in Exel, and paste all of the URLs into the "URL (Web Address)" column. 

Please note that xml-sitemaps will only generate a list of your first 500 URLs. Any URLs beyond this will need to be input by hand into your content audit spreadsheet. 

Step 2: Evaluate existing content

Look at each Web page and assess its purpose and condition. 

1. First, set a goal for your content audit.
   Think about your website's audiences and what information they need to find on your site. Keeping these audiences in mind while conducting your audit will help you properly assess whether or not your content is meeting their needs.

2. Next, grade each page.
   O: Out-of-date. Content that is still useful and will move to the new site, but should be updated.
   U: Unnecessary. Content that is not needed at all. It should not be moved to the new site.
   C: Current. Content that is fine as is, up-to-date, and just needs to be moved to the new site.
   H: Have to write. H will not be used on your first pass of the content audit, so nothing on the "AUDIT" tab should be marked H. 

3. Assign an owner to each page.
   This is the person who is responsible for reviewing or updating the page content.

Step 3: Identify gaps in content

Next, think about what content you would like to add to the new site.

1. Sort your content by grade.
2. Copy the O and C content over to the tab titled “New Site Content Plan.”
   The U content should be left behind since it is not needed for the new site.
3. In the “New Site Content Plan” tab, add lines for content you would like to add to the site.
   Think about what kind of content you will need to add to serve your audiences and achieve your communications goals.
4. Assign all of the new content an H status, as well as a Page Owner and an Update Schedule.
   In order to keep your content as up-to-date as possible, make note of any pages that contain timely content. You should set up a schedule for having the Page Owner review these pages on a regular basis.
5. Decide which photographs need to be updated or added.

Step 4: Gather and manage content

1. Connect with the Page Owners
   Start collecting the content you need to have updated or written. Be sure to provide deadlines with lots of padding.
2. Track the status of each page
   The "NEW WEBSITE CONTENT PLAN" spreadsheet can then become a helpful way of tracking content as you add it to the new site, whether you are simply moving over content, or writing something new. You can use the “Status” column in the content plan to keep track of the process in a way that works best for your organization.

How Users Read on the Web:

They don’t. 

• Web users read about 20 percent of the words on a webpage. 
• The more words on your webpage, the less they’ll read.

They scan.

• Searching for very specific information.
• Scanning for headings, specific words, links…anything that catches their attention or matches the reason they are visiting your website in the first place. 

About Those “Users”…

• They are impatient: You have less than 12 seconds before they click off your page (and perhaps even your website).
• Providing clear and concise messages is not about user intelligence. It is about the writer making it easy for the reader. 
• Formatting content in scannable chunks is not about users’ inability to read dense copy. It is about presenting information in the way that people expect to see it on the web.

The majority of web visitors do not read all of the text on a webpage. Instead, they skim the page, scanning for headings, specific words, links…anything that catches their attention or matches the reason they are visiting your website in the first place.

Because of the way that people read on the web, it is very important to write clearly and concisely and to format your copy in scannable chunks.

Four Techniques To Use

1. Craft clear, concise messages

• ​​Get to the point immediately
  • Use action verbs
  • Omit unnecessary words
• Stick to the point
  • Keep the subject matter of each webpage focused
  • Sticking to one topic per webpage increases its visibility to search engines
• Then stop
  • Don’t give users a lot of unnecessary or extra information

2. Be straightforward

• Use common words
  • Plain language helps you communicate more effectively on the web
  • It helps readers find what they need and understand what they find
• Use action verbs

INSTEAD OF: In order to USE: To

INSTEAD OF: We are currently planning USE: We are planning

INSTEAD OF: When used without USE: Without

INSTEAD OF: Is required to USE: Must

INSTEAD OF: Utilize USE: Use

INSTEAD OF: Facilitate USE: Help

INSTEAD OF: Methodology USE: Method

INSTEAD OF: Sufficient  USE: Enough

INSTEAD OF: Conduct an analysis USE: Analyze

INSTEAD OF: Do an assessment USE: Assess

INSTEAD OF: Provide assistance USE: Help

INSTEAD OF: The use of  USE: Using

3. Use personal pronouns

• Personal pronouns like “You,” “me,” and “I” pull readers in and make your material more relevant to them

4. Provide basic information

• In your “About Us” section, state who you are, what you do, and where you are located. Don't assume that everyone already knows
• Include a tagline on your homepage that summarizes what you do in one sentence or phrase
• List contact information and a map or directions in a prominent place on your website

Four Things to Avoid:

1. Jargon, industry terms, or academic-speak

• Avoid using words that typical readers may not understand
• Many terms that are familiar to Georgia Tech faculty and staff, but not to outside audiences

2. Abbreviations and acronyms

• Online users who are new to a topic are likely to be unfamiliar with related acronyms
• Overusing acronyms slows your audience down and increases confusion
• The first time you use an acronym, spell out each word then place the acronym in parentheses immediately after
• Don’t use more than two and, at most, three abbreviations in each document

EXAMPLES 

GT
CATEA
CGIS
CQGRD
DBL
GTCMTGIFT
STEP
CEISMC
COACh
GEM

3. “Click Here”

• Tell your audience where they are going when they click a link
  • Within a sentence, hyperlink a keyword or phrase that matches the content to where the link leads
  • Don’t use the actual URL in your copy unless it is short (e.g., www.gatech.edu)
• Most stories should contain at least one link to additional information
  • No webpage should be a dead end. Push readers toward other relevant content
• Too many links in the webpage copy can look cluttered and hard to read
  • A better idea: Provide a list of links at the bottom of the article, or in a sidebar where they will be available but not distracting

EXAMPLES 

Avoid: For the list of winners, click here.

Better: View the complete list of 2014 InVenture Prize winners
 

Avoid:  www.standardandpoors.com/servlet/BlobServer?blobheadername3=MD-Type&blobcol=urldocumentfile&blobtable=SPC omSecureDocument&blo bheadervalue2=inline;+file name%3Ddownload.pdf& blobheadername2=Conte nt-Disposition&blobheade rvalue1=application/pdf&b lobkey=id&blobheaderna me1=contentype&blobwh ere=1245286034462&blo headervalue3=abinary;+c harset%3DUTF-8&blobn ocache=true

Better: U.S. Home Prices Keep Weakening

4. PDFs

• Not all web users have the software needed to open a PDF file
• PDFs are hard to read online.  They should be reserved for documents intended to be printed
• Whenever possible, transfer the information from a PDF to a webpage.  This makes the content readable to search engines, too
• When linking to a PDF, indicate this fact and list the file size in the hyperlink next to the title, e.g., Download the Graduate Student Handbook (317kb PDF)

The vast majority of web users don't read webpages word-for-word. Instead, they scan them, looking for the information they came to your website to find.  

Use these formatting techniques to create scannable, easy-to-read pages.

Techniques

1. Use Headings and Subheadings on content-heavy pages

• Headings that identify sections of your page should be marked with actual heading tags (H1, H2, H3, H4, H5, H6) so that screen readers and other accessibility tools can identify your headings and then allow the user to easily skip ahead to a specific heading.
• All words are capitalized except articles, prepositions (and, a, the, of) and coordinating conjunctions, unless they are the first or last word.

2. Write meaningful titles and subheads

• A strong title is vital for a web story. If it doesn’t grab your readers’ attention, they’ll leave.
  • Use a max of eight words.
  • Include important keywords.
  • Use strong verbs.
  • Avoid using adjectives and prepositions.
• Subheads break up the page into easily digestible chunks.
  • Aim for informative, not clever.
  • Questions are often the most helpful subheadings.

3. Break up content with bulleted lists

• Lists make it easy for readers to quickly identify all the items or steps in a process.
• Seven list items max.

4. Split up long sentences 

• Average length is 20 words or less.
• No single sentence should be longer than 28 words (and that’s a stretch).

5. Keep paragraphs short

• One idea per paragraph.
• Only one or two sentences.
• Fifty words max.
• Very often, paragraphs on a webpage are only one sentence long. This is OK.
• Break up long paragraphs with subheads.

6. Limit the number of words on each webpage

• Use half of the words (or less) than writing for print.
• Rather than placing all of the information on a single webpage:
  • Break your information into chunks.
  • Put each chunk on its own page.
  • Connect the pages using links.

7. Use lots of white space

• Faced with large chunks of text, most web users will leave the page immediately.

These websites and experts are well regarded in the world of web content.  Feel free to browse these external sites for more information about creating content for the web.

General Usability

• Usability.gov

Reading on the Web

• Jakob Nielsen
  How Users Read on the Web

Writing Web Copy

• Hemingway Editor
  Hemingway is a simple-to-use tool that helps streamline and simplify your writing.
• A List Apart
  ​Topic: Writing
• Nielsen Norman Group
  Writing for the Web Research Reports

• Plain Language Action and Information Network
  Plainlanguage.gov

Formatting Copy on the Web

• Screaming Frog
  Title Tag Best Practices
• The Onion (Satire)
  Nation Shudders at Large Block of Uninterrupted Text

Images on the Web

• Design Instruct
  Usability Mistakes to Avoid When Using Photos in Your Website
• Enviragallery
  15 Best Free Image Optimizers for Image Compression

Use the following best practices below to ensure that your images are appropriate for your website, and optimized for the Web.

Selecting 

• Used properly, images are powerful tools
• Choose images that visually clarify the words on the page
• Web users pay close attention to photos and other images that contain relevant information. They completely ignore non-information-carrying photos and graphics

Sizing

• Compress the file size of your photos as much as you can to make them download as quickly as possible. Remember, web users are impatient

Naming

• Before you upload a picture to your website, name it clearly and accurately
• Use keywords in your filename to help search engine rankings
• If you upload an image, always type a description of the picture in the "Alternative Text" field. Alt text is simply a description of the picture that can be read by web visitors using screen readers. Having descriptions of your image will also help with search engine rankings, and is required by Georgia Tech's accessibility policy.