Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- CMS recommendations
- Mark Goodge
July 2, 2007, 7:48 am
rate this thread
Ignoring all the usual principles about never working for your family or
friends, I've agreed to create a website for my brother's business. I
want it to be something that I can set up and configure for him, but
then leave to him to add or update content without having to ask me to
keep making minor changes, so some kind of CMS seems appropriate.
He's pretty computer-savvy in most respects (part of his business is
helping set up PCs for home users), but he's not a web author and
doesn't know HTML. So he can cope with a fairly sophisticated interface,
but (initially at least) needs to be insulated as much as possible from
having to enter raw code.
Assuming I go for a CMS solution, the basic requirements are:
* Must work in a standard, shared-hosting LAMP environment
* Must be free from known vulnerabilities in its current release
* Must be easily upgradable on top of an existing installation
* Ideally, needs to be easily skinnable/themeable
* Availability of useful plugins/modules would be a bonus
What would be the collective recommendations for a suitable CMS in this
Re: CMS recommendations
Thats not really much help as you will spend the rest of your life patching
If not, it will end up being used for phishing, based on my experience of
customers who install CMS's and either don't update them or alternatively
spend a lot of time keeping them patched.
We were just talking about this in the office and what we would like is a
simple CMS that runs on your desktop computer and uploads changes to the
server using FTP, therefore avoiding having potentially insecure scripts on
It will never happen of course, but without CMS my Saturdays would be my own
(a lot of the phishing goes on on Friday nights).
Gordon Hudson || Hostroute.com Ltd
e-mail:ghudson [at] hostroute.net
http://www.hostroute.co.uk/resellers Host 5 web sites for £9 per month
http://www.nameroute.co.uk/ Domain Names with free hosting and email
http://www.myqth.co.uk/ 3000MB of web space for £29 per year
Re: CMS recommendations
On Mon, 2 Jul 2007 19:24:19 +0100, Gordon Hudson put finger to
keyboard and typed:
From my previous experience with hacked CMSs, there are three things
that I would suggest are pretty much essential:
1. Remove the tell-tale signature (usually a link to the software's
home page) from the frontend. If it absolutely needs to remain as a
licence condition, then rewrite it a bit so that it won't be found by
a Google search for the standard string.
2. Unless absolutely necessary, remove any login facility from the
frontend. If you're only using the CMS as a publishing mechanism then
you don't need it there, and having it is just an invitation to
3. Use http authentication via .htaccess to protect the admin
directory, rather than relying on the CMS's own built in
The first two are a form of security through obscurity, but they work
(I got rid of 99% of forum spam on one site simply by removing the
"powered by phpBB" link). The third is a belt-and-braces approach that
protects you even if the first two fail.
http://www.MotorwayServices.info - read and share comments and opinons
"I don't care if Monday's blue"
Re: CMS recommendations
Mark Goodge wrote in uk.net.web.authoring on Mon, 02 Jul 2007 08:48:55
I'd suggest having a look at SPIP <http://www.spip.net/en , which is
open-source and seems to meet most of your criteria:-
Yes, runs with PHP 4.0.8 onwards and PHP 5, and with MySQL from 3.22
There is an active development community, SPIP has been upgraded since
2001, and is currently on v1.9.2. I have seen reported vulnerabilities
fixed pretty quickly in the four years I've used the package. (I'd
agree 100% with your three basic anti-hack measures, btw).
Yes, as long as you don't mind over-writing your data/files in a
production environment (however, the interface does allow you to
create a database backup without recourse to the command line).
Quite a lot of shared templates and themes available; there are over
5,000 sites declared as running with SPIP (these are linked from the
main site), with differing design templates available. Customisation
of the output/templates ain't difficult, though you do have to look
around the site a bit to find the relevant information.
Again, shedloads of these are available, and are/have been integrated
into the core product.
Now, the downside. SPIP development is done in France/French; despite
the input of willing translators, the English documentation does lag
behind a bit at times, particularly for the non-core stuff, and
Babelfish isn't the most helpful tool for matters technical(1).
But - SPIP does have a good and solid interface, with enough
flexibility to allow you to run it out of the box and choose the
elements that you want to use. Probably not as steep a learning curve
as some of the more popular ultra-flexible CMS packages, overall;
there is a helpful online support community as well.
Hope this helps.
(1) my early attempts to use this for a basic guide produced the
memorable rendition of "les squelettes mÃ©rite aussi un toilettage" as
"the skeletons deserve a grooming".
- » [ANN] Web testing tools selection in Methods & Tools Summer 2007 issue
- — Next thread in » Webmaster Forum