Governing 155 Sites in One Week

🏛 TOP-50 RESEARCH UNIVERSITY

Governing 155 Sites in One Week

At a Glance

Institution: Top-50 R1 research university

Web estate: 155+ sites across 3 CMS platforms

Team size: 4-person central web team

Timeline: Full governance in 7 days

Key result: 31 → 0 vulnerable sites in 60 days

The Challenge

A top-50 research university had a web presence that had grown organically over 15 years. Colleges, departments, research centers, and student organizations had each launched their own sites — on WordPress, Drupal, and custom-built platforms — with minimal central oversight.

The central web team of four knew they had “a lot of sites,” but couldn’t say exactly how many. A six-week manual audit the previous year had identified 143 sites, but the team suspected there were more. Meanwhile, three security incidents in a single semester — including an unpatched WordPress site that exposed faculty email addresses — made it clear that hope was not a governance strategy.

“We were playing whack-a-mole with security issues. Every time we fixed one site, another one we didn’t even know about would surface with a problem.”

— Web Director

The Approach

The university deployed Accorbis across their entire domain estate. Within the first 24 hours, the platform’s automated discovery engine had crawled every subdomain and identified 155 public-facing websites — 12 more than the manual audit had found, including three sites still running WordPress 4.x with known critical vulnerabilities.

Accorbis immediately began continuous monitoring across all 155 sites, tracking uptime, SSL certificate status, CMS versions, security headers, and accessibility compliance — regardless of whether the site ran WordPress, Drupal, or a custom stack.

The web team used Accorbis’s health scoring to triage: sites were ranked by risk, and the most vulnerable received immediate attention. Governance playbooks automated the notification workflow — site owners received templated emails with specific remediation steps and deadlines.

The Results

Within the first week, the university had complete visibility into its entire web estate for the first time. Within 60 days:

  • 31 sites with critical security vulnerabilities were identified and remediated — down to zero
  • 12 previously unknown sites were cataloged and brought under governance
  • SSL certificate monitoring prevented 4 near-expiration events that would have caused browser warnings
  • Accessibility baseline scores were established across all 155 sites, giving the team data to prioritize WCAG remediation ahead of the April 2026 ADA deadline

“We went from not knowing what we had to governing everything in a week. Accorbis found sites our six-week manual audit missed — and it keeps finding things. That’s the difference between a one-time project and actual governance.”

— Web Director

Ready to discover what’s in your web estate?

Schedule a Demo

← Back to all case studies