Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What's The Best CMS?

Posted by EditorDavid on from the intermittent-updates dept.

Slashdot reader pipingguy recently inherited a 2012 installation of Joomla 1.5.26, and while performing four years worth of updates, began wondering about other content management systems. I've built more than a few static websites (I use Sublime Text 3 or Atom, not some fancy-pants WYSIWYG doohickey) and am quite familiar with CSS, but databases not so much. I've been through lots of online documentation and am a bit bewildered, but I'm following the recommendations regarding backups and the like.

What are Slashdot readers' latest opinions on the three most popular CMSes -- Drupal, Joomla and WordPress? Any tips for me before I accidentally blow away the existing site and have to rebuild everything...?
Leave your educated opinions in the comments...

6 of 222 comments (clear)

  1. The Best CMS? - CP/CMS by ameline · · Score: 1, Insightful

    https://en.wikipedia.org/wiki/...

    --
    Ian Ameline
  2. Just horrible! by Aethedor · · Score: 3, Insightful

    - Drupal: slow, ugly hooking system.
    - Joomla: spaghetti code, too complicated.
    - Wordpress: security nightmare, spaghetti code.

    All three are horrible products if you ask me. They should be avoided.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:Just horrible! by techsoldaten · · Score: 3, Insightful

      They all seem so bad until you consider any alternative, and the work that goes into maintaining it over time.

    2. Re:Just horrible! by caitriona81 · · Score: 4, Insightful

      Wordpress may be been a security nightmare a new years ago, but has steadily gotten better with security, and, at this point has the smoothest updating process, security-minded developers, and a team that's focused on proactively identifying and fixing vulnerabilities. The same can't be said for some of its plugins though.

      These days, Drupal and Joomla are the real security nightmares, because of version lock-in and very poor upgrade paths. All but the largest organizations using Drupal or Joomla tend to do so without the manpower or expertise necessary to cope with the upgrade process. They tend to use consultants and contractors to develop the functionality they need, and that functionality invariably is locked to the major version it's developed against. A few years go by, and the version they depend on reaches end of life. By which point, nobody who understands the site is left, and management frequently won't pay for code to be rewritten for the latest version. Unless you can be sure there will be adequate manpower going forward to keep maintaining and keep pace with Drupal/Joomla development, it's a ticking time bomb from day one.

      Wordpress on the other hand is less of a framework and more of a ready to use system - thanks to a saner plugin system, upgrades that tend not to break the plugin architecture, and built-in functionality that does 99% of what most sites need right out of the box or with readily available plugins, has huge popularity and a large base of developers, and its rare that a Wordpress site ever becomes a dead-end project with version lock-in. Even when plugins or themes break due to upgrades, they tend to be easily removed or replaced without affecting the core CMS functionality of the site.

      You are still going to see more security advisories for Wordpress these days, but at this point, that's more of a function of popularity than inherently "bad" code - it's the most widely used CMS, so of course people are constantly going to be searching for bugs - and a bug that's found is a bug that gets fixed.

    3. Re:Just horrible! by phantomfive · · Score: 4, Insightful

      Wordpress may be been a security nightmare a new years ago, but has steadily gotten better with security, and, at this point has the smoothest updating process, security-minded developers,

      Unless you consider seven new vulnerabilities in the last 20 days to be secure, you are horribly, horribly wrong. There was a remote SQL injection found in November.

      Security is not something you can bolt on after the fact, you have to build it in to the very base of your system. When you're getting SQL injections, it's not because your code is popular, it's because the programmers suck. Fast updates are not a replacement for security.

      --
      "First they came for the slanderers and i said nothing."
    4. Re: Just horrible! by Anonymous Coward · · Score: 2, Insightful

      Java has a stellar security record on the ba ckend.

      Virtuallyou all of Java''s security issues were due to its terrible client technologies (applets, Web start, etc)