suggestion for a CMS
iotaka
Status: Contributor
Joined: 13 Apr 2009
Posts: 85
Reply Quote
Hi,

for a work I need to use a CMS, the customer must be able to update all the web site without my support. My idea is realize the theme and customize a bit the home page of an existing CMS.

Some suggestion?

joomla, xoops, wordpress or another one?
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 3762
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
I use modx, it works, it's quite hacker friendly.

I suggest Modx Revolution, and also the advanced install, which places the core files under document root, and also lets you create directory names that are not standard for long term security.

Remember that all cms has a learning curve, and you will NOT just be installing it and walking away, this is a dream, when you install ANY web based software, you must upgrade it for the life of the web site, primarily because of security issues, which are real.

The advanced install has some advantages, one of which that it installs only the core, and you have to install the modules you need, which usually will just be tinyMce user gui html editor, and Wayfinder navigation modules.

If the site is going to be VERY simple, and I mean VERY simple, you can use Wordpress Pages, which lets you create a VERY simple standard website. But I do not recommend wordpress in general for a cms because it's a blog platform with cms functionality added long after the original stuff was designed.

But wordpress requires updating maybe once every month or two, I do NOT recommend their automatic updating, I have seen that fail.
Back to top
iotaka
Status: Contributor
Joined: 13 Apr 2009
Posts: 85
Reply Quote
:: techAdmin wrote ::
I use modx, it works, it's quite hacker friendly.
I'll investigate it (seems good), thank you H2 ;)

:: techAdmin wrote ::
I suggest Modx Revolution, and also the advanced install, which places the core files under document root, and also lets you create directory names that are not standard for long term security
With phpmyadmin normally I use a different name of the directory and I place also an htdigest password before reach it :P. In the error.log of apache often there are try to finding phpmyadmin with also possible variants of the path!

:: techAdmin wrote ::
Remember that all cms has a learning curve, and you will NOT just be installing it and walking away, this is a dream, when you install ANY web based software, you must upgrade it for the life of the web site, primarily because of security issues, which are real.
Sure, this is the main reason because normally I don't use CMS!

:: techAdmin wrote ::
If the site is going to be VERY simple, and I mean VERY simple, you can use Wordpress Pages, which lets you create a VERY simple standard website. But I do not recommend wordpress in general for a cms because it's a blog platform with cms functionality added long after the original stuff was designed.
The web site is composed by 5 or 6 sections with some pages per section, no shop, user interaction or other strange things.

:: techAdmin wrote ::
But wordpress requires updating maybe once every month or two, I do NOT recommend their automatic updating, I have seen that fail.
Wide diffuse == a lot of script kiddies that try to find an old installation ... with bugs

< Edited by iotaka :: Apr 23, 11, 10:26 >

Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 3762
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
The problem with wordpress are many. First, any security update must be applied within a day or two of release, ideally same day. That's because automated scripts begin to seek out the security holes almost immediately.

Second, it does not have a real navigation system, it's just a hack.

Modx is a real cms, but it's got a new codebase, it's somewhat sanely designed, it's very easy to add snippets, which are php modules, but it's not burdened by the kind of massive overdesign things like drupal are. I mean, really, a product that can run the whitehouse.gov website is really not likely to be a good bet for a small client website.

Modx is nice because it does not require any license or copyright statements, which means there are no signatures for hackers to look for in general.

drupal also has upgrade issues, module breaks, etc.

All cms stuff you MUST run a local test version in my opinion, to test each update you apply before applying it to the live site. With nightly db backups etc in case it gets hacked, and so on.

Every cms requires a learning curve to setup, so it's basically a decision on which seems most useful and sane.

modx I like because it has no templates or anything else to get rid of on the install, if you use the advanced installer, and it is the only one of these common ones that has by design security in terms of core files under root and renaming of manager and compose directories to something more secure, I prefer adding a long password like string to them, so complex that it is not possible to guess it ever. You can also add directory password protection for added layers.
Back to top
iotaka
Status: Contributor
Joined: 13 Apr 2009
Posts: 85
Reply Quote
rtfm.modx.com/display/revolution20/MySQL+5.0.51+Issues

5.0.51a is the version included in Debian Lenny :( the web site of the customer use it ...
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 3762
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
This is why I use pair networks. Personally, I wouldn't run anything on Lenny that faces the web, Debian and security are not synonyms in my experience or opinion.

But I am glad for that issue report since it might actually affect another site I'm in the process of moving to modx, maybe that will be enough to finally convince the client to move the site off the ridiculously bad hosting company it's been lingering on.

Should you ever decide to move to high quality hosting, like Pair, make sure to start your account by clicking the link on the bottom of the page, I get a referral credit for each time, but only if the user comes in via that link.

There's a reason I use and recommend pair networks, and it's because everything works, all the time, no excuses, no sorry excuses like running Lenny. Maybe you can see if they can upgrade to Squeeze? It is time to do that anyway, sometimes they are just waiting to do the rollout.
Back to top
Display posts from previous:   

All times are GMT - 8 Hours