Hi Guys,

I've been asked if I could provide some technical assistance with a school
project between an English Department and the IT Department to provide a
website for the children (aged 11 to 13) to write reviews (books, music,
DVDs, games, etc) and the occasional blog.  We seem to think they'll be
around 16 regular contributors.

I've been asked if there is anything I'd do regarding security (bearing in
mind that these guys are minors).  I've given the usual sensible internet
advice of being careful who you communicate with, never tell anyone about
you where you live etc, and read the sites aimed at keeping kids safe
online.

I'm considering using an approval method for posts so that anything anyone
writes has to be approved by a teacher.  I'm also going to use the usual
security bits and pieces to keep the integrity of the site high and try to
keep spam down.

But other than that I can't think of anything else that would be useful for
keeping these guys safe online.

Does anyone have any ideas on additional steps that may be useful for
children using Wordpress?  Or anyone have any experience using Wordpress in
a secondary school setting?

Thanks,

Gyp

--

Gyp The Cat
- An Alter Ego

http://www.gypthecat.com/
http://www.twitter.com/gypthecatdotcom

=====================================================
PRIVACY & CONFIDENTIALITY INFORMATION
=====================================================
This e-mail communication isn't strictly confidential, and chances are I
won't mind at all if you forward it to everyone you know and your cat. In
fact the only thing I do mind is people sending me chain e-mail after chain
e-mail, send me the odd good one, naked bird content is usually a bonus. Or
genuinly funny ones. Oh, while we're on this subject, please refrain from
sending me any virus warnings. Regardless of how badly it will destroy my
PC and kill my house plants if my next door neighbour has a friend who
thinks his cousin in Australia may have looked at an icon which was this
virus. I will take my chances into my own hands about viruses. Oh yeah,
while I'm at it, that 'virus' with the teddy bear icon isn't a virus, and
if you've deleted it already don't worry, if you didn't know it wasn't a
virus you don't need it. If I ended up sending this e-mail to the wrong
person, don't worry about it. But if you know who I was supposed to send it
to and can send it on to save me time doing it that'd be great. If not just
e-mail me back letting me know I screwed up somewhat and I'll no doubt
apologise.

On Tue, Apr 10, 2012 at 10:27, Gyp the Cat <g...@gypthecat.com> wrote:

I built these sites: http://imascientist.org.uk/ and
http://imanengineer.org.uk/ which between them have more than 20,000 users.
The majority of which are school students aged 11-18.

There were some key things the client wanted/needed regarding the online
safety of the students. Although the students have profiles, only
registered members (students/teachers/scientists/engineers) can see them.
And even then the students real names are only visible to themselves, their
own teachers, and admins.
Also, the avatars are only selectable from a fixed set. No Gravatar/sign up
with Facebook/Twitter here, so there is never the opportunity for a real
photo of any of the students to appear.

The students were encouraged to use aliases, explicitly told not to user
their own names for login names (though that isn't actually policed), and
the signup process is done as part of (science) lessons.

The sign up process requires a unique sign up id that is printed on
instruction cards and sent round to schools. No ID - no way to register.
Both teachers and students needed those and the IDs are predefined to
determine role (teacher/student) and zone (sub-site). Scientists/engineers
are imported up by hand by the client's staff (though they too have a
unique ID that determines role and zone).

Finally, all student and teacher generated content -- questions (posts),
comments, and live chats are pre-moderated!

Your project sounds like a much smaller scale so I don't think you need to
go as far as printed sign up cards. Still, no real names, no Gravatars, and
pre-moderate all content will go a long way to keeping things safe.

Get the teachers to sign up the kids manually, and it will save you having
to write a lot of custom code (but not all).

If they have trouble with coming up with login names, create a spreadsheet
with a list of unique names they can use to record real names against - use
something like random colour + random animal to generate your names.

Note also that in our experience, lot's of school kids don't have emails
addresses (or they can't access them at school) or they have a shared email
address for the class (especially the younger classes and smaller schools).
WordPress does not like either situation. You will have to write some
custom filters around that.

Mike
--
Mike Little
http://zed1.com/