V&A Museum Blogs - now hosted by Big Blue Door

07 December 2017

Although the Victoria & Albert Museum website looks and feels like a single website, it's actually made up of a collection of websites, such as the homepage and basic information (e.g. What's On, Collections), the Shop, the Membership subsite and numerous collection-specific and exhibition-specific blogs. The V&A approached us recently with a requirement to host some of these sections, which are all Wordpress blogs.

We were delighted to be involved in this hosting project, and with a tight timeline of just a few weeks, we quickly got up to speed! The main driver for this project was that the Museum was aiming for Cyber Essentials certification (which they've now achieved succesfully). This is a certification that Big Blue Door holds, and all of our hosting is compliant with Cyber Essentials criteria. As an added bonus, consolidating resources and deploying into the cloud (using the Amazon Web Services (AWS) London data centre) has reduced server costs for the client as well!

A number of key tasks were completed as a part of this project:

  • We have set up a new cloud-hosting environment using Amazon Web Services (AWS) in their London data centre.

    • based on an analysis of the existing websites, we built a new environment for the blogs using "Infrastructure as Code" provisioning.

    • using Terraform and Ansible, we wrote scripts that can be used to rebuild and test the environment within just a few minutes.

    • our Ansible scripts install the latest versions of code and server software packages, including Varnish for advanced caching, aiding the site's performance.

  • A full code analysis of the existing sites, including vulnerability scans.

    • using industry-standard vulnerability and testing tools such as `wpscan` and Nessus Penetration Suite, we ran full tests against an offline clone of the live environment in order to confirm that the code and systems were secure.

    • included in this scan was a manual review of common Wordpress problems in custom code, such as not writing database queries properly, or adding non-performant code into the wrong sections of the site. We were pleased not to find any for these projects!

    • as part of this review, we also updated the codebase to the latest Wordpress versions so the new architecture was secured.

  • Automated migration of files and databases from the old servers.

    • once the environment was up-and-running and we were confident, we dual-ran the new platform against the old system for a couple of weeks.

    • during this time, an hourly sync of data from the existing live servers to the new servers was set up, so as to be always testing against up-to-date content and images.

  • Preparation and assistance with the system go-live.

    • once finally confirmed with sign-off from all relevant stakeholders, we liaised with the existing hosting agency to rotate the new servers into the live deployment.

    • this involved testing the system through the Museum's full range of environments (dev, staging, integration) before supporting the live switchover.

    • over the course of the next forty-eight hours, our on-call engineers monitored the infrastructure using visual graphs and server log files to ensure we had analysed the requirements of the server correctly. Given the way the architecture has been built, we can increase the size of the servers within a few minutes to respond to demand, and cycle the new servers into the load balancer with zero downtime.

Ongoing, we now manage the support and maintenance requirements for this website, including security updates for Wordpress core and Wordpress plugins, and provide a support desk via Basecamp, Slack, email and phone.

The blogs we're hosting can all be viewed publicly:

In the last couple of weeks we've also taken on another two Wordpress hosting websites, for a .gov.uk client - more on that in a future blog post.