Diary of a Summer Graduate Assistant

clarissa-photoHi, my name is Clarissa Stewart and I’m a graduate assistant at the Digital Learning Commons! This summer I had the privilege of working here full-time, assigned primarily to the MiddCreate project under Amy Collier, the Associate Provost for Digital Learning from Middlebury College, and Evelyn Helminen, Assistant Director for Digital Initiatives at MIIS. MiddCreate will officially launch for Middlebury community in September 2016, after a one year pilot phase.

Have you noticed something different about the DLC site? It still looks the same, but check out the URL. One of the major projects I completed this summer was migrating our website from the sites.miis platform over to a MiddCreate domain. This shift will allow us to greatly expand its functionality and integrate powerful apps like a Vtiger CRM to track the people we serve and find ways to better support them.

MiddCreate domains open up almost limitless possibilities, but while assessing our pilot I discovered that for new technologies like this to have a positive impact in the classroom, pedagogy must change first.  A lot of the work I did this summer involved creating support resources and processes that will help people think through how to design projects in MiddCreate. This included expanding our support documentation, configuring course sites for faculty, blogging about web security and adding external apps.

Thinking About Digital Pedagogy and Literacy

Pedagogy can become ineffective when it’s overly restricted by the tools it uses. MiddCreate challenges students to take responsibility for choosing the tools they want to use in their learning, and instructors to adopt more collaborative teaching practices.

In his book Net Smart, Howard Rheingold says that the web’s architecture of participation lends itself to developing key digital literacies like critical awareness, collaboration, and network awareness. Having access to and control over their web tools helps all the members of our community appreciate how digital identity is formed, pushing them to understand not only the technologies themselves, but how they impact their lives.

This is a primary goal of Domain of One’s Own according to Martha Burtis, Director of the Digital Knowledge Center at the University of Mary Washington where the movement first began. I hope my efforts furthered that goal for those who had appointments and workshops with me or will use the resources I created. I think my own digital literacy definitely improved, particularly because learning by doing and teaching others seems to stick with me the best.

Embracing Failure and Experimentation

As an International Education Management student, my degree program focuses on developing intercultural competence: the ability to be comfortable in diverse, highly contingent environments and communities. Shouldn’t we encourage analogous experiences in the digital realm? Some people may be hesitant to embrace MiddCreate because of its unpredictability and lack of structure or dedicated support services. But I think one of its greatest strengths is that it rewards creative experimentation and promotes agency and activism.

At Middlebury language learners often hear that failure is how we learn, that we need to break down hierarchies and rhetorics of linguistic “ownership” to make progress. Working with MiddCreate has taught me to take the same approach to learning the web. If you build a site and something breaks, just think of it as a learning opportunity instead of a failure. Now you have a real reason to figure out how it works in order to fix it. I did a lot of this kind of problem solving while experimenting with MiddCreate applications. I got to dust off my long-neglected web design skills and put them to good use, practicing everything from PHP, CSS and HTML, to Javascript.

Looking to the Future

I think my experience this summer will be invaluable to my career in the international education field because I’m now more aware of how digital tools can be used to promote and support programs and higher education institutions. I’d like to imagine that Domain of One’s Own initiatives like MiddCreate could be used to not only connect students, faculty, and staff on our academic campuses, but engage and create new communities across the country and the globe.

I’ve learned so much about technology, digital pedagogy, and how university administration functions over the past three months. I’m very grateful to Amy Collier and all the DLC staff for the trust they placed in me to take on all these projects, as well as their encouragement and advice.

Recommended Reading

More help on MiddCreate

Our colleagues at the Digital Learning Commons at the Middlebury Institute for International Studies at Monterey have been exploring and blogging about MiddCreate, Middlebury’s domain of one’s own environment. Take a look at their most recent posts:

Dive into MiddCreate Applications Recap

Screen Shot 2016-08-18 at 9.52.13 AM

Clarissa and Evelyn explore various applications on MiddCreate, including Docuwiki, vTiger, Collabtiv, Lime Survey, Known, and Omeka. Read the full post here.

How to Be Secure on the Web

Screen Shot 2016-08-18 at 12.01.21 PM

“Managing your own content means you must also take responsibility for the security of your sites. It’s tempting to procrastinate about web security because let’s be honest, it seems tedious and boring…Being proactive about web safety can help you avoid the unpleasant experience of being hacked, saving you a ton of time and trouble.” Read the full post here.

Expanding MiddCreate with Open Source Apps


“One of the great things about having your own domain is the power to manage your own files. This means you can endlessly expand the utility of your domain by installing any application that will run on a LAMP (Linux, Apache, MySQL, PHP) server, which is what we use for MiddCreate.” Read the full post here.

Expanding MiddCreate with Open Source Apps

MiddCreate provides around 150 applications that can be installed and used on your domain, but what if none of them are quite what you’re looking for? Don’t worry! One of the great things about having your own domain is the power to manage your own files. This means you can endlessly expand the utility of your domain by installing any application that will run on a LAMP (Linux, Apache, MySQL, PHP) server, which is what we use for MiddCreate.

When you use the MiddCreate Installatron, you don’t need to worry about moving files, creating databases, or doing the initial configuration because it’s all done for you. However, installing applications on your own means you’ll have to make sure it’s compatible with our servers and configure them on your own. You also need to be sure you take the appropriate security measures to confirm the quality of the application and that its configuration won’t leave your domain vulnerable to hackers.

Most web applications consist of files and a database, which you can view in the cPanel. To install an app you’ll need to make sure all of the files are copied over into the appropriate location, set up a database (and database user), and connect it to the files. There are installation guides for many of the open source web applications out there that can help you navigate this process.eafilemngrThe following tools and applications are not included in the Installatron suite, but can be added independently and integrate nicely with other MiddCreate applications.


eaEasy!Appointments is a free, customizable appointment scheduling web application. The Digital Learning Commons recently investigated this app as a possible way to streamline our appointment bookings. Here are some of its features:

  • manage multiple services and providers
  • show each provider their appointment details in a unique calendar
  • send email notifications
  • display user interfaces in multiple languages
  • sync your data with Google Calendar
  • integrate Google Analytics
  • access all of your customer info and their appointment history
  • embed your booking form into a WordPress site with the Easy!Appointments plugin


Intrigued? To add this app to your domain, just follow this easy installation and configuration guide from GitHub. If you need help or have questions, check out the E!A support group.

** One thing to note about this application is that you can’t edit the client information fields required by the booking form through the backend interface. If you want to customize the form you’ll have to edit the application files in the File Manager on the cPanel. Therefore, if those are changes you require, I’d only recommend this application to those who are comfortable editing PHP and Javascript code. You can find some configuration tips here.


yclx4_gvHypothes.is an annotation web tool that allows you to discuss, collaborate, organize your research, or take personal notes on any website. You can get it by generating a link from the Hypothes.is homepage, downloading the browser plugin, or embedding it directly into a self-hosted website. You can learn more about how it works in the video below or in this FAQ. Some applications in MiddCreate, such as Scalar, have built-in Hypothes.is functionality that you can toggle on and off.

Want to explore the unique layer of functionality this tool can bring to your site? Check out how Evelyn has used it to annotate her MiddCreate examples site.

If you find an application you’d like to use that requires additional components or has requirements that you’re not sure our servers can meet, submit a support ticket to Reclaim Hosting and they will look into it for you.

Learn more about MiddCreate »

How to Be Secure on the Web

This September, MiddCreate will officially launch for the Middlebury community! It provides spaces on the web that allow students, faculty, and staff to create and develop their digital identity using open source online applications. As we explore this new set of tools, it’s easy to get swept up in the excitement of having your own domain and forget the risks that come with that freedom.

Managing your own content means you must also take responsibility for the security of your sites. It’s tempting to procrastinate about web security because let’s be honest, it seems tedious and boring. We all wish there were one-click, set-it-and-forget-it solutions, but think of it this way: if your domain is an empty garden plot, waiting for you to plant whatever you like, it’s going to need regular tending and care to flourish.

Being proactive about web safety can help you avoid the unpleasant experience of being hacked, saving you a ton of time and trouble. Below I’ve listed some advice to help you understand the threats to self-hosted sites and how to defend them from hackers. Of course, these are just the basics, so check the resource links at the bottom of the page for more in-depth information.

How and why do sites get attacked?


You may wonder why anyone would be interested in hacking your little site, especially if it doesn’t contain any sensitive information or have a very large readership. The truth is most hacks are not done by people, but networks of automated bots that crawl the web looking for vulnerable openings.

If there is an opportunity, they’ll take advantage of it to use your site to infect visitors’ computers with malware, redirect them to generate income, or simply make use of your server to launch further attacks. So, how do hackers get into a site? Most attacks are a result of vulnerabilities in the hosting platform, flaws in the themes or plugins installed, or weak passwords.

Of all the applications available on MiddCreate, WordPress accounts for 65% of the installations people have made so far. WordPress is also one of the most popular targets for hackers. Why? One obvious reason is because it’s so widely used, but also because its open source nature and unlimited, customizable features can expose sites to attack. Most of the tips in this article can apply to any application you install on your domain, but some will focus specifically on hardening WordPress.

How to keep your site safe

Backlit keyboard

Keep Regular Backups

Always backup everything! Prepare for the worst so that even if your site gets hacked, you’ll be able to restore it. Seriously, if you think you’ll forget, set up a reminder in your calendar right now to make sure it gets done. The cPanel has a Backup Wizard that lets you easily backup and restore all or parts of your domain files and databases.backup wizard

A full backup will create an archive of all the files and configurations on your website. You can only use this to move your account to another server, or to keep a local copy of your files. You can’t restore full backups through your cPanel interface. In order to restore files, you’ll need to download partial backups.

Secure Your Login

Preventing hackers from cracking your login using trial-and-error brute force attacks can be as simple as setting up some additional security layers and maintaining good password habits.

  • Create a strong password: it should be long, complex (include numbers and special characters) and unique for each site. If you have trouble coming up with one, use a password generator or passphrase (such as an unusual sentence, memorable poetry/movie lines, or summary of a quirky event from your life)
  • Make other users do the same (if you can) by changing your settings to force strong passwords
  • Store your passwords in a secure place, such as a password manager (e.g Roboform, KeePass, LastPass, 1Password, or Dashlane)
  • Limit login attempts
  • Use two-step authentication so that you can only log in to your account if you also have access to your cell phone or social network credentials
  • In WordPress, avoid using the “admin” username, which is a common default and often targeted by hackers. You can also set your display name to something different than your actual username by going to Users on the lefthand sidebar menu from your Dashboard. Learn more about password and username security on WordPress in this video from WMUP DEV.

Choose Plugins and Themes Wisely

A high percentage of attacks occur due to vulnerabilities in plugins and themes. Only use up-to-date plugins and themes with well-written code by trusted developers.

  • Choose from products available in an application’s plugin and theme browsers. Look for ones with a high rating from a decent amount of users. If you’re unsure about its quality, click on ‘More Details’ or the author names to do more research. Check out the author’s history and assess their security measures. Look for stamps of confidence issued by reputable security solution providers or other evidence that the product has been submitted for a code auditplugins
  • Plugins with a high number of installs could potentially be greater targets, but also likely to have better documentation, support, and have security issues reported quicker
  • Look for plugins that are properly maintained: check when it was last updated (the more recently the better) and whether it’s compatible with your version of WordPress before downloading
  • Delete every plugin and theme on your site that isn’t strictly necessary. To delete a theme in WordPress, go to Appearance > Theme, then click on ‘Theme Details’ and hit ‘Delete’ in the lower right corner
  • Add security plugins that will configure a range of security options for you (e.g. WordFence for WordPress). You can also use free security scans that will look through your site’s code for malicious scripts
  • Keep up-to-date: many minor updates specifically address vulnerabilities, so make sure you have the latest versions of everything you use. It’s always a good idea to perform plugin and theme updates manually to avoid accidentally breaking the functionality of your site

Manage User and Access Permissions

A benefit of managing your own site is being able to control every aspect of how visitors and users interact with it. It’s very important to configure these permissions when you first set it up.

  • Review your site’s access permissions to edit how much outside visitors and users can see and do in your site. Typically you can assign users different “roles” with varying levels of privileges. For example, there are six user roles available in WordPress
  • Disable or limit open registration: this is extremely important if you’re using an application like DokuWiki that allows visitors to join and contribute content
  • Require a CAPTCHA (e.g. for access, page editing, contributions, etc.) to fend off bots

** Fun trivia fact! CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”.

From xkcd.com

Additional Resources

** If you want to really lock down your sites, some of these links include more advanced, technical methods you can employ if you’re comfortable working with code and files in the cPanel. I wouldn’t recommend trying most of them unless you are confident that you know how to reverse it if something goes wrong. Remember, when in doubt, always backup first!

Dive into MiddCreate Applications Recap

In July, the Digital Learning Commons held a series of exploratory workshops lead by Evelyn and Clarissa that provided an in-depth look into how to use six MiddCreate applications.

MiddCreate provides domains to members of the Middlebury community where they can explore and connect their learning, experiment with digital tools for teaching and collaboration, and create a digital identity that is owned and managed by them.

The workshops were attended by students, faculty, and members of staff interested in learning new ways to take control of their presence on the web. There’s a daunting variety of applications available in MiddCreate, so we’ve outlined the six featured in the workshops below to give you an idea of what’s possible. We encourage everyone to explore how these new tools can be used to share, collaborate on, and enhance your work!


This app has all of the core features you need from a wiki, such as cross-linking pages, revision and access control, and configuration in 40 languages. You can use it to collaboratively draft outlines, keep track of a project, plan events, or create a knowledge resource. The look of your wiki can be fully customized within the app and by accessing its files from the MiddCreate dashboard.

View examples from Evelyn and Clarissa.


Vtiger is a customer relationship management (CRM) software that can be used as a database to track information about large numbers of people. For example, the DLC is currently exploring this application as a means to track who uses its services and where we should target our support and training.

Explore the features of this CRM in Clarissa’s demo.


This project management tool enables virtual teams to work in close collaboration. It represents projects by tasks, milestones, related files and messages. Time worked can be tracked on a task-by-task basis. Furthermore, the software supports more than 35 languages.

Check out this example created by Evelyn.


A survey making tool that lets you to easily create and execute a wide variety of assessments. It supports an unlimited number of surveys in 80 different languages, with over 28 different question formats and conditional logic options available. It also generates survey result statistics reports and charts in HTML, PDF, or Excel format.

Try taking some of the surveys Clarissa and Evelyn have created.


Known is very easy to use and works like a Facebook group or Tumblr, but doesn’t require that you be a member of those platforms. A personal Known can be configured to syndicate the content you post to your other social media accounts. You can invite up to 200 users to collaborate by sharing posts, status updates, photos, events, and audio. Students can use Known to showcase personal projects, get feedback on their work, reflect on and discuss course content with their peers, or refer to it as a knowledge bank.

Take a look at how Evelyn and Clarissa have configured their sites.


This app is a flexible web publishing platform for the display of library or museum archives and scholarly collections. It’s a great way to share a variety of items and exhibits, including audio, documents, or visual media. It adheres to Dublin Core standards and allows you to expand its core functionality with plugins to create unique maps, allow users to contribute items, tag favorites, and comment within the site.

Explore the diverse ways Omeka is being used at MIIS and other institutions.

Learn more about MiddCreate »

Be on the lookout for future MiddCreate workshops! If you’d like help getting started in MiddCreate, feel free to drop by the DLC Learning Lab or make an appointment with a DLC staff member.