Content Management Systems
“Do-it-yourself” Websites and Blogs
WordPress is a CMS
Most people aren't familiar with the terms “CMS” or “content management system” but they have heard about the world's most popular platform: WordPress.
A Generic Term
Content management systems (CMSs) is a generic term applied to “do-it-yourself” web design software.
WordPress was originally developed as a blogging platform but since then it has been widely used to develop websites.
Development with CMSs
CMSs provide the framework to post content on a blog or website without having to learn markup languages like HTML or CSS (the backbone of the Web).
Instead, CMSs provide a graphical interface similar to word processing programs:
Most clients hire someone to build a CMS-based blog or website, then use the available tools to manage changes to the content.
Some develop their own blogs or websites using templates that are either free or purchased.
CMS Software by Platform
Stats for the major CMSs (the first number is the percentage of known CMS systems; the second the percentage of all websites):
- WordPress.com: 64.6% (40.7% of all websites) was designed for CMS-based blogs but has been adapted for websites.
- Joomla: 3.3% (2.1% of all websites) was designed for CMS-based websites rather than blogs.
- Drupal: 2.4% (1.5% of all websites) is an open source CMS.
- Wix*: 2.4% (1.5% of all websites) is a do-it-yourself template-based CMS.
- Blogger: 1.5% (1.0% of all websites) was one of the CMS blogging pioneers and is now owned by Google.
- W3Techs lists lots of others.
*Consider this warning if you're looking at using Wix.
Since I last posted these numbers, WordPress share has increased from 58.8% (27.7% of all websites) and leaves all the rest in the dust. Shopify (the next largest share) is only 5.4% (3.4%).
The CMS Structure
Essentially there are three aspects to the design and maintenance of a CMS system:
- the overall framework;
- the customization of the format and layout (template); and
- the content.
This is augmented by plugins and other addons that provide specific functions:
- automatically listing recent content;
- managing spam in comments;
- emailing or posting updates to your blog to social media; and
- generating forms or other interactive content.
The CMS Framework
Both blogs and websites can be built and managed using a CMS framework.
CMSs work best where the format and layout are simple and unlikely to change which is why they work so well for blogs.
The overall structure is generally designed by a team of software specialists. They need to provide the framework to interpret the way the CMS integrates and interacts with the Web.
This CMS framework also has to have the ability to manage and interpret templates. This is what makes the CMS customizable.
Templates & Plugins
The next step is the creation of templates and plugins that follow the particular CMS's framework and rules. In this manner the user can import a customized “look and feel” that can be changed without altering the actual content.
Different CMSs use different terminology. These customizations can be called themes, plugins or addons.
The end user is now able to enter content in posts and customizations to generate an unique and distinctive blog or website. If the template they've chosen isn't quite right they can experiment with others knowing that they won't lose their content.
This last part is compelling to users. Many don't have the skills or the funding to hire someone that can develop a professional site. Instead, they use a free (or premium) template.
CMS Load Times
CMSs save content like blog posts or web content into a database (an organized collection of data).
When someone views your blog or website, that content is pulled together by the CMS template then modified by plugins and other content.
This is both an advantage and a weakness.
The fact that the content is contained in a database allows you to change the structure of the site or blog without altering or destroying the content.
Slow Loading Penalized
However, it also requires the computing power to generate this content on the fly. When the Internet or the CMS service are busy, this can take too long and you may lose site visitors.
Google will simply start holding your website's poor performance against you very soon. Its motive is to put the most relevant, highest-quality content front-and-center for their users. — Media Temple
Google's PageSpeed Insights shows a clear overhead with many WordPress sites:
If you're going to opt for WordPress or another CMS, you need to build it for efficiency.
CMSs Mask Technology
The main advantage to CMSs is that they allow you or your staff to update online content without any technical knowledge.
Few Understand Web Technology
Unfortunately, most people working with CMSs don't understand the process.
Since that fateful day when the idea [that people could manage their own websites] was first pitched to the public, we've seen a stampede of low quality sites emerging. They probably weren't always low quality sites, but I think you will find that, in general there is a direct proportional relationship between the decline in the quality of a site and the amount of time that the site owner has been self-managing it.
— 9 reasons you should never use a CMS.
You shouldn't blame the designer, but you probably will.
If your blog or website is representing a business or organization, you might want to rethink the hidden cost of doing it yourself.
- You need to learn how to manage the CMS environment.
- You may not be able to maximize the effectiveness of your website.
- Technical aspects can be masked, but they exist for a reason.
- Customizing templates involves additional developer time and fees.
- Many customizations and plugins require annual subscriptions.
- CMS-based sites tend to be larger and dependent upon databases.
High speed Internet and better hardware allows us to deal with bigger file sizes and inefficient content, but Google may penalize your site.
If you're seriously considering a CMS-based site, we should talk.
Security is an important aspect of maintaining a site. Poor choices on your part can break your site or make it dangerous to your site visitors.
Miscreants are also actively targeting content management systems. In recent editions of the Trustwave Global Security Report, we discussed how popular content management systems (CMSs) represent potentially lucrative targets for attackers.
When they discover a significant weakness in a widely adopted CMS, it places every installation of that CMS at risk for exploitation, not only before the fix is available but also for considerable time afterward. Attackers use automated tools to find CMS installations to target. — Trustwave Blog.
- A vulnerability in the CMS software OR the template OR the plugins you're using will make your site or blog vulnerable.
- Weak passwords or security can make your site susceptible to being hacked. This could potentially destroy your credibility.
- You could even be liable for damages if your site is used to attack other sites or becomes part of a botnet or other criminal activity.
One of the contributing factors is that your average user doesn't understand the technology they're using or what it is masking.
Updates Can be Confusing
Updates to your CMS software can be a headache. If the process doesn't go as expected the documentation is usually technical.
Elements needing updating include new CMS releases or security updates as well as updates to templates and plugins. These may need replacement if support expires.
If the CMS vendor stops supporting your CMS template or plugin, you'll no longer get security updates.
WordPress Especially Vulnerable
A solid majority of the known web application attacks — attacks that could be traced to known, widely used exploits or techniques — that we observed in 2015 affected WordPress or WordPress add-ons. — Trustwave 2016 Global Security Report
Nearly half the attacks on sites in 2015 were a result of a vulnerability in the “RevSlider” WordPress plugin used to display a rotating gallery of images.
[A] typical WordPress site can be infected by just two lines of scripting code. — ZDNet
Maintenance contracts allow you to ensure your CMS security updates are performed for the best possible price.
If you're seriously considering a CMS-based site, we should talk.