Content Management Systems
“Do-it-yourself” Websites and Blogs
CMSs Mask Technology | Security Concerns | Technical Considerations
CMS: A Generic Term
Content management system (CMS) is a generic term applied to “do-it-yourself” web design software.
WordPress is a CMS
Most people aren't familiar with that terminology but they have heard about the world's most popular platform: WordPress.
WordPress was originally developed as a blogging platform but since then it has been widely used to develop websites.
Using CMSs
CMSs provide the framework to post content on a blog or website without having to learn markup languages like HTML or CSS (the backbone of the Web).
Instead, they provide a graphical interface similar to word processing programs:
More recently, WordPress has moved to a block editor.
Instead of worrying about the alignment and organization of text, quotes, and images, now every element on a post or page has its own block — and you can focus on creating.
— WordPress Support
The Development Stage
Most clients hire someone to build a CMS-based blog or website, then manage changes to the content.
Some develop their own blogs or websites using templates that are either free or purchased.
CMS Software by Platform
W3Techs compare the market share of CMSs of the top 10 million websites:
- WordPress: 65.2% (42.4% of all websites).
- Shopify: 5.8% (3.8% of all websites).
- Joomla: 3.0% (2.0% of all websites).
- Wix: 2.6% (1.7% of all websites).
- Drupal: 2.2% (1.4% of all websites).
- Blogger: 1.4% (0.9% of all websites).
- Go Daddy Website Builder: 0.4% (0.3% of all websites).
The rest of the market share is spread across nearly 200 CMSs.
The CMS Structure
Essentially there are three aspects to the design and maintenance of a CMS system:
- the overall framework;
- the customization of the format and layout (template); and
- the content.
This is augmented by plugins and other addons that provide specific functions:
- automatically listing recent content;
- managing spam in comments;
- emailing or posting updates to your blog to social media; and
- generating forms or other interactive content.
The CMS Framework
Both blogs and websites can be built and managed using a CMS framework.
CMSs work best where the format and layout are simple and unlikely to change which is why they work so well for blogs.
The overall structure is generally designed by a team of software specialists. They need to provide the framework to interpret the way the CMS integrates and interacts with the Web.
This CMS framework also has to have the ability to manage and interpret templates. This is what makes the CMS customizable.
Templates & Plugins
The next step is the creation of templates and plugins that follow the particular CMS's framework and rules. In this manner the user can import a customized “look and feel” that can be changed without altering the actual content.
Different CMSs use different terminology. These customizations can be called themes, plugins or addons.
Content
The end user is now able to enter content in posts and customizations to generate an unique and distinctive blog or website. If the template they've chosen isn't quite right they can experiment with others knowing that they won't lose their content.
This last part is compelling to users. Many don't have the skills or the funding to hire someone that can develop a professional site. Instead, they use a free (or premium) template.
CMS Load Times
CMSs save content like blog posts or web content into a database (an organized collection of data).
When someone views your blog or website, that content is pulled together “on the fly” by the CMS template after which the content is again modified by style sheets, plugins and other variables.
This is both an advantage and a weakness.
Content Separated from Layout
The fact that the content is contained in a database allows you to change the structure of the site or blog without altering or destroying the content.
It also makes it possible to refer to any page by a single identifier after the domain:
- yourdomain.com/staff
rather than the typical website address:
- yourdomain.com/staff/index.html
This can be remedied by modifying the .htaccess file, but this must be done for every incidence you wish to use that approach whereas the CMS generates that approach automatically for every page.
CMSs Have a Lot of Overhead
However, CMSs require a lot of server computing power to generate this content in “real time” including a big chunk of content at the top of each page used to define styles.
CMSs often include a big chunk of content at the top of each page to define general layout and style THEN more content on every line for specific styling information:
A leaner page emerges if the style content is moved to an external style sheet which is loaded once per session for the whole site:
The above example assumes that the paragraph style is defined in the external style sheet. If specific paragraph styles are required you can refer to a specific class (e.g., “margin”) included in that external style sheet:
<p class="margin">Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat.</p>
This is explained in more detail in Cut ’N Paste HTML
Slow Loading Penalized
When the Internet or the CMS service are busy, CMSs can take too long and you may lose site visitors.
Google will simply start holding your website's poor performance against you very soon. Its motive is to put the most relevant, highest-quality content front-and-center for their users.
— Media Temple
Google's PageSpeed Insights shows a clear overhead with many WordPress sites:
If you're going to opt for WordPress or another CMS, you need to build it for efficiency.
CMSs Mask Technology
The main advantage to CMSs is that they allow you or your staff to update online content without any technical knowledge.
Few Understand Web Technology
Unfortunately, most people working with CMSs don't understand the process.
Since that fateful day when the idea [that people could manage their own websites] was first pitched to the public, we've seen a stampede of low quality sites emerging. They probably weren't always low quality sites, but I think you will find that, in general there is a direct proportional relationship between the decline in the quality of a site and the amount of time that the site owner has been self-managing it.
— 9 reasons you should never use a CMS.
You shouldn't blame the designer, but you probably will.
Hidden Costs
If your blog or website is representing a business or organization, you might want to rethink the hidden cost of doing it yourself.
- You need to learn how to manage the CMS environment.
- You may not be able to maximize the effectiveness of your website.
- Technical aspects can be masked, but they exist for a reason.
- Customizing templates involves additional developer time and fees.
- Customizations and plugins may require annual subscriptions.
- CMS-based sites tend to be larger and dependent upon databases which can be corrupted.
High speed Internet and better hardware allows us to deal with bigger file sizes and inefficient content, but Google may penalize your site.
If you're seriously considering a CMS-based site, we should talk.
Security Concerns
Security is an important aspect of maintaining any site because the Internet is very accessible from anywhere.
The average user doesn't understand the CMS they're using nor the technology being masked. Poor choices can make it dangerous to your site visitors.
A vulnerability in the CMS software or the template or the plugins you're using will affect your site or blog security.
Miscreants are also actively targeting content management systems. In recent editions of the Trustwave Global Security Report, we discussed how popular content management systems (CMSs) represent potentially lucrative targets for attackers.When they discover a significant weakness in a widely adopted CMS, it places every installation of that CMS at risk for exploitation, not only before the fix is available but also for considerable time afterward. Attackers use automated tools to find CMS installations to target.
— Trustwave Blog
Password Failures
Poor password hygiene is dangerous in any web-based service, including hosted CMSs.
Weak passwords or security can make your site susceptible to being hacked.
- Being part of a data breach could destroy your credibility.
- You could be liable for damages if your site is used to attack other sites.
Not only is your login freely accessible anywhere in the world, but the user name is often your email address.
A unique long and strong password will provide the best protection for your site.
Updates Can be Confusing
Updates to your CMS software can be a headache.
This includes not only any new CMS releases or security updates but also the templates and plugins you've used to enhance your site.
What If Something Goes Wrong?
If the process doesn't go as expected the documentation is usually technical.
If the CMS vendor stops supporting your CMS template or plugin, you'll no longer get security updates. You will need to seek out safer alternatives.
WordPress Vulnerabilities
Various vulnerabilities are often reported for WordPress and its various plugs. However, these are generally fixed with updates.
WordPress is, by far, the most popular way to build a website. That popularity has the unfortunate side effect of also making WordPress sites a juicy target for malicious actors all across the world. And that might have you wondering whether WordPress is secure enough to handle those attacks.Hackers aren't getting in due to vulnerabilities in the latest WordPress core software. Rather, most sites get hacked from entirely preventable issues, like not keeping things updated or using insecure passwords.
— Kinsta Blog
Unfortunately, many CMS users build their blog or website then forget to check for updates to the CMS itself.
Maintenance Contracts
Maintenance contracts allow you to ensure your CMS security updates are performed for the best possible price.
If you're seriously considering a CMS-based site, we should talk.