Visit main University website

The University of Sydney - Home

WP Resources

The University of Sydney - Home

WP Resources

Information for Contractors

Purpose 

This guide outlines the requirements, supported tools, and hosting environment for external contractors developing WordPress websites hosted on the University’s Plesk infrastructure. It ensures consistency, security, and maintainability across all non-branded University sites. 

1. Hosting Environment Overview 

  • Platform: Plesk-managed Linux hosting 
  • SSL: Let’s Encrypt certificates provisioned by default 
  • Backups: Daily automated backups 
  • Staging: Sites can be provisioned in subdirectories for staging 
  • Caching:  [preference] 
  • PHP Configuration: 
    • 128M Memory limit 
    • 8M Post max size 
    • 2M Max upload 

2. Mandatory Plugins and Tools 

If your website has features beyond the basic WordPress installation then the University has preferred plugins which are pro version on a subscription. Contractors are requested to use these below plugins or themes.  We make this request so that we can provide consistency of support and optimise costs. 

  • Advanced Custom Fields Pro (ACF Pro) – for custom fields and structured content 
  • WPForms – for form creation 
  • WordFence Security – will be installed and activated on all sites and must remain active. 
Learn more about plugins

Note: Contractors must avoid using themes or plugins not available on WordPress.org unless explicitly approved. 

3. University Licenced Plugins Available 

The following plugins are available for use on University-hosted sites: 

  • ACF Pro 
  • Divi Builder 
  • WPForms 
  • WordFence Security (free version) 

Plugins purchased independently by stakeholders are not supported by the WordPress Plesk team. These will be monitored and disabled if they pose a security risk or are not maintained. 

4. Support Boundaries 

The WordPress Plesk team provides support for: 

  • Core WordPress updates 
  • Theme and plugin updates (University-licensed or required only) 
  • Troubleshooting performance, caching, and compatibility issues 
  • Security hardening and monitoring 

The team does not support: 

  • Custom plugins or themes not licensed by the University 
  • Site-specific customisations outside the standard environment 

5. Development and Deployment Best Practices 

  • Theme Development: 
    •  Use block-based Full Site Editing (FSE) themes 
    •  Avoid themes not maintained on WordPress.org 
    •  Use child themes where customisation is required 
  • User Roles: 
    • Limit to no more than 2 admin users 
    • Use Editor or Author roles for content contributors 
  • Security: 
    •   WordFence must be active, configured and linked to WordFence Central by ICT Wordpress Support account 
    •   Strong password policies required 
    •   Avoid exposing staging sites to public access 

6. Compliance and Governance 

Contractors must adhere to University cybersecurity and governance policies, including: 

  • Keeping all plugins and themes updated 
  • Avoiding use of unsupported or unlicensed tools 
  • Ensuring backups and staging environments are used appropriately 
  • Maintaining auditability and accountability in site management 

7. Contacts and Escalation 

For support or clarification, contractors should contact the WordPress Plesk team via ict-wordpress-support@sydney.edu.au

Resources

Browse our searchable directory to find everything you need to edit and manage your WordPress site.

Knowledge Hub

Contact the team

Contact ICT WordPress Support with questions or suggestions for the site.

Contact Us

Don’t have a WordPress site yet?

Complete the ServiceNow Website Presence Request form.

Go to website request form