There is no doubt that Content Management Systems (CMS) are continually growing more and more popular. Wordpress alone hosts well over 70M websites, plus there are a multitude of other CMSs such as Joomla, Drupal, Concrete5, the options are endless. The draw of a cms is that it is:
Most of the popular CMSs are free, you can download the source code and have it up and running in almost no time. Signup for an account with any of the big web hosts and after a "1 click" install you ready to roll with your new cms. Or are you?
Free and low cost themes seem like the ideal situation. You can get a myriad of great looking and well designed themes for under $50. These themes tout that they will let you update and modify almost anything on the site, from site colors to logos and even mobile settings.
Easy to use
CMSs are designed with non-technical people in mind. Simplicity in design of the admin UI allows website content managers and other users to update content without much training in coding or technical aspects of system maintenance.
So it sounds like a perfect setup, why not just end things here....
The one size fits all approach is wrong
Mixing layout and content
Without trying, it isn't difficult to start mixing layout and content. You've got a section of content that needs two columns, and what do you do? You add in a couple of div's in the html editor, toss in a little bit of inline styling (because finding the stylesheet in your ftp editor is too much work, and editing directly on the live site is a whole other can of worms) and you've got something that works great. Well that is until the client needs to make an edit themselves, that is the whole purpose of the cms, isn't it?
Too Many Options and Solutions
There has been a trend to give too many options or too much control into the theme by the author. I'm sure the author of the themes feel this is a good thing, but all I end up seeing is ultimate confusion for the end user.
Security and Accessability
Its really just a bad, bad idea to let files/directories be writable by the web browser. Wether it is an upload directory or a .htaccess file, do you really know if you've got permissions set right so only you as the admin user can modify them, or did you just give the entire world access to your site?
In June 2013, it was found that some of the 50 most downloaded WordPress Plugins were vulnerable to common Web attacks such as SQL injection and XSS. A separate inspection of the top-10 e-commerce Plugins showed that 7 of them were vulnerable.
Speaking of security, what about those themes and plugins?
Your client logs in to find a plethora of updates needing to be updated. Sure you can limit the permissions to make the site less hackable, but your client wants to be able to update all of the shiny new plugins themselves. But do the plugins work well together? You've got a neat little reminder telling you to back up your database before proceeding, but people don't read things. You just want to get rid of those notifications to update, I mean newer is better right? So you click on update and ..... Your blog is gone, the dashboard is blank, all your posts are lost. This isn't supposed to happen right, but no worries, you can just restore from your backup. You did backup, didn't you?
What else could go wrong
- How do you setup a local development environment?
- Version control
- How do you deploy from local to live?
- Database migrations
Now with all that said there is the potential to not completely mess things up. However I feel that the deck is stacked against you from the get go. We've been there and have a little different idea of what success looks like.
So what did we do?
We've created a few of our own takes on how to properly structure a CMS and blogging platform.
Blocky - https://github.com/codelation/blocky Blocky is a mountable Rails Engine for managing editable content blocks throughout your application.
Blogelator - https://github.com/codelation/blogelator Blogelator is a mountable Rails Engine for adding a blog to your Rails app.
Now after my above rant, I can't come out as a hypocryte and tell you that our solution is the perfect one and will solve all of the worlds problems. We've found that they fit four our needs and may suck just a little bit less than some of the other solutions out there.