Platform Choice - Content Management Systems

Joined
Apr 25, 2018
Messages
9
Likes
7
Degree
0
Long ago, Wordpress was always the go-to choice. It seems as thought it puts a target on your back these days for security exploits, etc. For someone working to build quality sites (not churn and burn), are there any CMS platforms that are specifically recommended? I'm familiar/comfortable on Unix/Linux systems and have dealt with PHP and Python in the past. I preferred to use python to write my own automation tools, and generally used PHP for websites.
 
You can only really mitigate problems by running away from them. Every CMS is going to have security problems, which are patched nearly instantaneously. It's almost always the fault of plugins, anyways. Choosing the right ones and keeping them updated helps, but you never know when one will be sold to someone who will get you to update it to inject links in your site.

All of the CMS's will require some additional security measures anyways. Everyone needs to harden their servers and CMS's, but that doesn't mean you'll be safe from security problems. Even Namecheap hosting was hacked a while ago.

I've tried my best to secure my Wordpress sites and have an operation manual on how to do it now, but I know I'm not getting everything. I keep rolling backups so when I find something I can roll back to an old version if it's too devastating, and find out how it happened after the fact to close that hole.

Going with a flat file CMS helps with a lot of this but adds a lot of annoyance for a site that adds content regularly. There are Wordpress plugins to generate a flat file version of your site though.

There's no way to be completely safe. It will always take some active measures to stay safe, and more to stay live after getting hacked. @turbin3 and @Ryuzaki have said a lot about how hiding through obcurity, like using an obscure CMS, only removes you as a target from script kiddies that you should be able to deflect anyways. If your site does good enough to get on the radar of the real bad guys, you'll have to do all the things above anyways, so you might as well not make your life harder by using some unknown CMS with bugs and a team that can't patch security issues quickly and without a ton of users finding them for you.
 
I don't mind rolling with Wordpress, I just wasn't sure what the general thought was these days. Also, I kind of wonder if Google give some decent benefit to those that use some of the paid platforms and commerce sites (Big Commerce, etc)
 
The technology is largely irrelevant. There are literally thousands of platforms out there, and the barrier to entry just keeps declining.

At the end of the day, what matters is "good enough" and just getting the job done consistently. The bigger concern people should have is time to market. Speed and frequency. Like can you keep putting out content easily? Or do you constantly have to fiddle with templates or backend stuff? Barely managing to keep a particular mess of a CMS chugging along.

A lot of flashy new things just don't have the age or maturity yet. They haven't worked through all the typical growing pains of a technology platform.

In my experience, Wordpress is still the most viable option for most marketers, most of the time. I don't want to say that, but that's the reality. It's easy enough. Resources and community support are second to none. It's an aged platform (that comes with both good and bad) with wide adoption and industry investment.

So what's actually important? First off, you have to ask yourself, what type of site do I need?
  • Blog
  • Magazine / News
  • E-commerce
Say you have a unique need for ecommerce capabilities. Your options will narrow. Maybe it's WP with plugins, themes, or custom coded solutions. Maybe it's Shopify or another WP-like solution tightly focused on e-comm.

Now say it's just a blog. What if you don't expect to need a significant amount of interactive site functionality? Say you also have some dev skills with HTML and CSS. Well you could probably get by just fine with any number of static site generators. A flat file CMS might also work, especially if you want an option with a bit more room for growth later on.

More recently, with lots of friends, family, and acquaintances asking the questions, though, I've come to sort of a default response.

If you have to think about or plan it too long, just do managed Wordpress hosting and focus on content.

Words. Sounds. Images. Video.

The "Management Systems" part is decidedly less important.
 
As you probably know, wordpress has a ton of good security plugins to use, Wordfence being one I use on every site. You can even go the extra mile and use sucuri to secure it even more for $99pa which I do for really important sites.
 
thanks for the detailed response turbin3 (like button not available to me yet).

Tucky - I've actually been out of the game long enough I wasn't aware that there were good security solutions available in the form of plugins. I'll definitely check it out. More than likely I'll stick with WP and just be careful about security and backups.
 
The key with WP is:
  • Implement security best practices to start with.
  • Minimize dependency on plugins.
  • Backup regularly.
The great thing is, now with the built-in JSON API, there's even more potential. For example, you could start with standard Wordpress. Build that to success first. If at some point you have concerns or needs, you have options.

There are plugins to export your content. There are even plugins to convert your content to Markdown files, like you might use with many static site generators.

You could also use the JSON API to generate a site with other technology. For example, if you want to do cool, cutting edge stuff. You could use static site generators like Hugo, React-Static, GatsbyJS, etc. Then you could have a static site hosted with something like Netlify, while using WP as purely a private CMS. That way you get the best of both worlds.

Back to security though. Here's a few threads with some helpful options. Mostly server-side stuff, or functions.php chunks of code.
 
You can do a lot to harden Wordpress. For normal use, you can use Wordfence or a similar plugin. I also backup all my sites to S3 daily.

All CMS, and also custom solutions, are prone to security holes.

It's also possible to use Wordpress as a "content backend", and then use a static site generator to spit out the site. In that way, you can manage many sites with one wordpress, and simply use WP for user management for your writers and as an easy to navigate content portal. Lot's of options.

Or run WP on a subdomain with IP restriction, and generate a static site to the main domain ...

If you're using Cloudflare, also make sure your server can only be accessed via Cloudflare.
 
My WordPress website was hacked once back in the day. I was still a newbie. I didn't know about security. Lucky my hosting company had a backup and restored my site. At the time, it was a pain and I was in a panicked state.

But now, I am glad it did happened. Since then, I have no more success hack. Because I took the time to research on security and understand the important of it. Never again will I build a website without some form of security system in place.

It's not that hard really. WordPress has enough security plugins to solve the issues. I use Bulletproof Security for years. It is still the best in my opinion. It's free. For Anti-spam, I use WPBruiser.

With those 2 plugins, I have secured my sites ever since with no issue.
 
The major security issues with Wordpress are that the core, itself, is flawed in many ways:
  • Built on a flawed language (debatable I guess)
  • Backward compatibility "baggage"
  • Older jQuery with known vulnerabilities
  • SQL implementation is flawed
I quite like the idea I heard from someone recently, on the topic of solving many of these issues. It was to say that, at some point, there should be a division in Wordpress. There would be WP "Classic". That version/product would be for maintaining legacy stuff.

Then there would just be Wordpress. That new WP would correct so many of those issues. Like, for example, why should jQuery be a baked-in dependency? Maybe vanilla JS, maybe even ES6+ instead? Gutenberg is being built with React, so that would seem like a great match.
 
I am using WordPress. Actually, it’s not so much tough to handle and allows me to use amazing plugins, themes, and many other functionalities. Moreover, today blog sharing is quite popular and WordPress specifically focus on content, video, images, and sounds.
 
I think Wordpress is probably your best bet with regular off site backups, but I have been exploring the idea of using Jekyll lately. Would probably need a few plugins written, but is much simpler than Wordpress in terms of a running site because everything is static.
 
Hassle for income, I'll take WordPress any day of the week. But if you're self-managing using Digital Ocean or similar, yeah, it can suck. Pony up the cash for a managed WordPress host and, while there may be a small exploit that takes your site down for a couple of hours once every 5 years (I haven't had an issue in what must be a decade now though!), a good managed host takes ownership or at least works with you to resolve the problem.
 
Back