CMS recommendations

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Ignoring all the usual principles about never working for your family or
friends, I've agreed to create a website for my brother's business. I
want it to be something that I can set up and configure for him, but
then leave to him to add or update content without having to ask me to
keep making minor changes, so some kind of CMS seems appropriate.

He's pretty computer-savvy in most respects (part of his business is
helping set up PCs for home users), but he's not a web author and
doesn't know HTML. So he can cope with a fairly sophisticated interface,
but (initially at least) needs to be insulated as much as possible from
having to enter raw code.

Assuming I go for a CMS solution, the basic requirements are:

* Must work in a standard, shared-hosting LAMP environment
* Must be free from known vulnerabilities in its current release
* Must be easily upgradable on top of an existing installation
* Ideally, needs to be easily skinnable/themeable
* Availability of useful plugins/modules would be a bonus

What would be the collective recommendations for a suitable CMS in this


Re: CMS recommendations

Mark Goodge wrote:
Quoted text here. Click to load it

Uh oh.  ;)

Blinky                                                   RLU 297263
Killing all posts from Google Groups
The Usenet Improvement Project:

Re: CMS recommendations

Quoted text here. Click to load it

Thats not really much help as you will spend the rest of your life patching
If not, it will end up being used for phishing, based on my experience of
customers who install CMS's and either don't update them or alternatively
spend a lot of time keeping them patched.

We were just talking about this in the office and what we would like is a
simple CMS that runs on your desktop computer and uploads changes to the
server using FTP, therefore avoiding having potentially insecure scripts on
the server.

It will never happen of course, but without CMS my Saturdays would be my own
(a lot of the phishing goes on on Friday nights).

Gordon Hudson || Ltd
e-mail:ghudson [at] Host 5 web sites for £9 per month Domain Names with free hosting and email 3000MB of web space for £29 per year

Re: CMS recommendations

On Mon, 2 Jul 2007 19:24:19 +0100, Gordon Hudson put finger to
keyboard and typed:

Quoted text here. Click to load it

From my previous experience with hacked CMSs, there are three things
that I would suggest are pretty much essential:

1. Remove the tell-tale signature (usually a link to the software's
home page) from the frontend. If it absolutely needs to remain as a
licence condition, then rewrite it a bit so that it won't be found by
a Google search for the standard string.

2. Unless absolutely necessary, remove any login facility from the
frontend. If you're only using the CMS as a publishing mechanism then
you don't need it there, and having it is just an invitation to

3. Use http authentication via .htaccess to protect the admin
directory, rather than relying on the CMS's own built in

The first two are a form of security through obscurity, but they work
(I got rid of 99% of forum spam on one site simply by removing the
"powered by phpBB" link). The third is a belt-and-braces approach that
protects you even if the first two fail.

-- - read and share comments and opinons
"I don't care if Monday's blue"

Re: CMS recommendations

On 2/7/07 7:24 pm, in article 46894332$0$647$,

Quoted text here. Click to load it


Andy Jacobs

Re: CMS recommendations

Mark Goodge wrote in on Mon, 02 Jul 2007 08:48:55

Quoted text here. Click to load it

I'd suggest having a look at SPIP < , which is
open-source and seems to meet most of your criteria:-

Quoted text here. Click to load it

Yes, runs with PHP 4.0.8 onwards and PHP 5, and with MySQL from 3.22

Quoted text here. Click to load it

There is an active development community, SPIP has been upgraded since
2001, and is currently on v1.9.2. I have seen reported vulnerabilities
fixed pretty quickly in the four years I've used the package. (I'd
agree 100% with your three basic anti-hack measures, btw).

Quoted text here. Click to load it

Yes, as long as you don't mind over-writing your data/files in a
production environment (however, the interface does allow you to
create a database backup without recourse to the command line).

Quoted text here. Click to load it

Quite a lot of shared templates and themes available; there are over
5,000 sites declared as running with SPIP (these are linked from the
main site), with differing design templates available. Customisation
of the output/templates ain't difficult, though you do have to look
around the site a bit to find the relevant information.

Quoted text here. Click to load it

Again, shedloads of these are available, and are/have been integrated
into the core product.

Now, the downside. SPIP development is done in France/French; despite
the input of willing translators, the English documentation does lag
behind a bit at times, particularly for the non-core stuff, and
Babelfish isn't the most helpful tool for matters technical(1).

But - SPIP does have a good and solid interface, with enough
flexibility to allow you to run it out of the box and choose the
elements that you want to use. Probably not as steep a learning curve
as some of the more popular ultra-flexible CMS packages, overall;
there is a helpful online support community as well.

Hope this helps.

(1) my early attempts to use this for a basic guide produced the
memorable rendition of "les squelettes mérite aussi un toilettage" as
"the skeletons deserve a grooming".

Re: CMS recommendations

Quoted text here. Click to load it


I would use It is easy to setup, administrate and great
security. A lot of hosts provide the initial setup from cpanel.

You can also go to to view many php/mysql based

Site Timeline