Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What's The Best CMS?

Posted by EditorDavid on from the intermittent-updates dept.

Slashdot reader pipingguy recently inherited a 2012 installation of Joomla 1.5.26, and while performing four years worth of updates, began wondering about other content management systems. I've built more than a few static websites (I use Sublime Text 3 or Atom, not some fancy-pants WYSIWYG doohickey) and am quite familiar with CSS, but databases not so much. I've been through lots of online documentation and am a bit bewildered, but I'm following the recommendations regarding backups and the like.

What are Slashdot readers' latest opinions on the three most popular CMSes -- Drupal, Joomla and WordPress? Any tips for me before I accidentally blow away the existing site and have to rebuild everything...?
Leave your educated opinions in the comments...

34 of 222 comments (clear)

  1. Notepad by invictusvoyd · · Score: 4, Funny

    Notepad

    1. Re:Notepad by LifesABeach · · Score: 2

      What I do not understand in the main post is that pipingguy is asking about CMS's when it has never taken the time to learn even the simplest of Data Base engines. My first thought is that pipingguy has no motivation to learn about software but has chosen to earn a living in software.

    2. Re: Notepad by Anonymous Coward · · Score: 5, Funny

      Real programmers use butterflies.

      http://xkcd.com/378/

    3. Re:Notepad by TheRaven64 · · Score: 2

      Depends a bit on your userbase, but I really like Jekyll. The site it generates is purely static, so you can have a very small attack profile (web server running without write access to any of the filesystem and without access to a database). The source is separated into templates (edit only by people who understand HTML) and content. The content is in Markdown (or one of a few other simple markup languages) and there are a few nice WYSIWYG editors (I like MacDown on OS X, but there are many others). The sources are all stored in a filesystem tree, so you can easily use them with any revision control system (or, if your users can't be persuaded to use one, then with regular FS snapshots).

      The only good reason to want to have a database backing a CMS is if you have a lot of dynamic contents (user comments and so on). For a mostly static site, it's overkill.

      --
      I am TheRaven on Soylent News
  2. Remember Steve Ciarcia's suggestion: by LordHighExecutioner · · Score: 2

    My favourite programming language is solder.

  3. Re:What's the best fruit by Anonymous Coward · · Score: 3, Funny

    Can't you at least recommend a decision table software?

  4. Banshee for sure! by Aethedor · · Score: 3, Interesting

    It's more of a CMF (Content Management Framework) than a CMS, but I think nothing beats Banshee. It's secure, fast, small (therefore easy to learn) and has many ready to use modules. It has a clear MVC structure, so changing or extending the code is easy.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:Banshee for sure! by Aethedor · · Score: 2

      - No, it doesn't use the PDO library. So? Its SQL library protects against SQL injection and it has a audit script to check for any bypass of this library.
      - No, the tablemanager_model.php is not vulnerable for SQL injection. Everything goes via the Banshee SQL library.
      - No, passwords are stored via PBKDF2, using SHA256 and 100,000 iterations, which is much stronger.
      - No, not probably more issues. It's secure. If you don't agree, provide us with some real proof.

      Next time, try to understand the subject you are talking about, before you make false claims and accusations.

      --
      It doesn't have to be like this. All we need to do is make sure we keep talking.
  5. Wordpress, PMWiki, Couch are my favourites by Anonymous Coward · · Score: 3, Interesting

    Wordpress has to be up there for relative ease of use.
    PMWiki is a long time favourite due to the flexibility - I use it as a CMS with most of the wiki stuff hidden from normal users.
    CouchCMS is another easy to use and dead simple to create themes and style mods. A lot of flexibility.

  6. Drupal by techsoldaten · · Score: 4, Informative

    So, I agree with any advice about finding a decision table and making up your own mind. Take what they have to say with a grain of salt, however, and realize each table has it's own focus which may or may not be what is important to you.

    That said, Drupal is the best CMS right now, and it's doing work to stay in that role for a long time to come.

    From a usability perspective, the core team has done a lot of work to make it simpler to work with Drupal and interact with content. It's very easy to spin up new content types, add fields, and create pages / widgets that present that information. Now that views is in core, you can actually author a site using only drag-and-drop tools. Which is great for people just looking to get a single site up and running.

    From a technical perspective, symphony is now installed as part of core, which opens a whole lot of possibilities around what you can actually do with it. One of my favorite features is the CMI initiative, which allows you to author a site using a config file, and use that to spin up lots and lots of sites. Which is great for enterprises, looking to adopt a CMS in a big way.

    From an extensibility perspective, one of the most powerful features in the platform is native support for REST and JSON. Drupal can serve as a provider of data for single page applications, where people author content in Drupal and you load it through apps authored in Angular / Ember / React. Drupal simply serves as an API endpoint in this context, which allows you to pull data from it whenever you need it.

    I realize you can do these things with Wordpress as well, but not as easily or as scalably. Whenever you get past trivial use cases, there's always something getting in the way with Wordpress that makes it less appealing. And other commercial enterprise content management systems, like SiteCore, are simply not extensible. The moment you go outside the sandbox they set up for you, it becomes very hard to make them work.

    1. Re:Drupal by drinkypoo · · Score: 2

      Now that views is in core, you can actually author a site using only drag-and-drop tools.

      Hell, you can actually author a site that views arbitrary database content using only drag-and-drop tools! For my home intranet server I put together a drupal instance and (among other things) stuffed the USDA nutritive food content database into it. Without writing a line of code I was able to create a view into that database that lets me search it and display the really full nutritional information that none of the other sites seem to want to show you, like all the micronutrients. Took me less time than finding a decent site that actually did show that stuff, and maybe three modules.

      Drupal is cake to modify even if you aren't a PHP expert, so there's that too.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  8. Re:The one you've written yourself. by Cryophallion · · Score: 2

    That's how I learned the ins and out of the language I was using. I think it's said that many people write their own CMS the first time (no, I am not taking the time to source this, it's something I read years ago). And the lure of doing it is decidedly easy to fall prey to. You can do it your way, it's lightweight, free of cruft, and does things that are the most likely to save you a ton of time. All good things.

    The issue is, when I wrote my CMS (admittedly, 8-10 years ago), and while I had several clients using it, every single new client needed a new feature, a new upgrade, a new way of organizing things. And this was just the backend data side, with the database presentation layer for them to enter things, I had most of the front end pages custom coded because it was just easier.

    The reality is, designs change, features change, and someday, someone will ask you for something fancy and you will have to stay up all night getting it done last minute. Does that happen anyway? Of course, sometimes. But choosing the right framework can prevent some of that, and at least make sure that for the majority of clients, you are spending more time making THEIR site than reworking and adding on to your cms, which is suddenly becoming as complicated and convoluted as the ones you were trying to avoid. Feature creep is real, and it's insidious. Always assume your lightweight CMS will have to grow, and take that into account.

    And a quick googling of "write own cms" brings up tons of great articles about the danger of it.

  9. Just horrible! by Aethedor · · Score: 3, Insightful

    - Drupal: slow, ugly hooking system.
    - Joomla: spaghetti code, too complicated.
    - Wordpress: security nightmare, spaghetti code.

    All three are horrible products if you ask me. They should be avoided.

    --
    It doesn't have to be like this. All we need to do is make sure we keep talking.
    1. Re:Just horrible! by techsoldaten · · Score: 3, Insightful

      They all seem so bad until you consider any alternative, and the work that goes into maintaining it over time.

    2. Re:Just horrible! by caitriona81 · · Score: 4, Insightful

      Wordpress may be been a security nightmare a new years ago, but has steadily gotten better with security, and, at this point has the smoothest updating process, security-minded developers, and a team that's focused on proactively identifying and fixing vulnerabilities. The same can't be said for some of its plugins though.

      These days, Drupal and Joomla are the real security nightmares, because of version lock-in and very poor upgrade paths. All but the largest organizations using Drupal or Joomla tend to do so without the manpower or expertise necessary to cope with the upgrade process. They tend to use consultants and contractors to develop the functionality they need, and that functionality invariably is locked to the major version it's developed against. A few years go by, and the version they depend on reaches end of life. By which point, nobody who understands the site is left, and management frequently won't pay for code to be rewritten for the latest version. Unless you can be sure there will be adequate manpower going forward to keep maintaining and keep pace with Drupal/Joomla development, it's a ticking time bomb from day one.

      Wordpress on the other hand is less of a framework and more of a ready to use system - thanks to a saner plugin system, upgrades that tend not to break the plugin architecture, and built-in functionality that does 99% of what most sites need right out of the box or with readily available plugins, has huge popularity and a large base of developers, and its rare that a Wordpress site ever becomes a dead-end project with version lock-in. Even when plugins or themes break due to upgrades, they tend to be easily removed or replaced without affecting the core CMS functionality of the site.

      You are still going to see more security advisories for Wordpress these days, but at this point, that's more of a function of popularity than inherently "bad" code - it's the most widely used CMS, so of course people are constantly going to be searching for bugs - and a bug that's found is a bug that gets fixed.

    3. Re:Just horrible! by phantomfive · · Score: 4, Insightful

      Wordpress may be been a security nightmare a new years ago, but has steadily gotten better with security, and, at this point has the smoothest updating process, security-minded developers,

      Unless you consider seven new vulnerabilities in the last 20 days to be secure, you are horribly, horribly wrong. There was a remote SQL injection found in November.

      Security is not something you can bolt on after the fact, you have to build it in to the very base of your system. When you're getting SQL injections, it's not because your code is popular, it's because the programmers suck. Fast updates are not a replacement for security.

      --
      "First they came for the slanderers and i said nothing."
    4. Re: Just horrible! by Anonymous Coward · · Score: 2, Insightful

      Java has a stellar security record on the ba ckend.

      Virtuallyou all of Java''s security issues were due to its terrible client technologies (applets, Web start, etc)

  10. Bloated by cerberusss · · Score: 2

    I consider the big ones quite bloated for my purposes. I'm not a web dev, I'm an iOS developer. What I need, is a very simple CMS where I can just paste in a template and then make very small adjustments. Often, you pick any of the gazillion CMSes with a version number in the 0.x series. Their biggest selling point is that it's "light-weight", simply because it's not yet mature.

    CMS Made Simple however is mature, but still light-weight. It has been existing for years and is in the 2.x series. They waited a looong time before the 2.x series was really, really stable and only recently announced that they'll stop supporting their 1.x series. Very professional.

    --
    8 of 13 people found this answer helpful. Did you?
  11. Why only the top 3? What about other top 10 cms? by Cryophallion · · Score: 5, Interesting

    Why do we have to stick with only the top 3? Aren't there great options who some haven't heard of yet?

    Personally, I adore concrete5 (www.concrete5.org). They are making some major changes to the structure, and the upcoming version 8 adds new data objects that will make it more than just the page centric pattern it was before. The developers are active and engaging with the community, it's been around for long enough to be mature, and the in context editing is a huge asset to the end user.

    When I look at a CMS, I don't just look at how to code within it, although that is massively important. I also look at how easy it is for end users to pick up and customize. And being able to make changes to an area right in that area on that page is a killer feature. The fact that the block architecture ensures you can add special custom areas very easily and in a modular fashion is also extremely helpful.

    I've worked with all the big CMSs, and tested them out. I've tested out a boatload of the medium sized ones as well. C5 was hands down the winner.

  12. Concrete5 for ease of editing by Eukariote · · Score: 4, Interesting

    My recent CMS search and selection exercise made me bypass the "big three" and opt for Concrete 5. It had the right mix of features, mind share, and in particular, ease of adding content. Adding content is simply done while browsing the site by dropping a page into edit mode, modifying it, and then publishing it. This is particularly helpful when multiple technically challenged people need to update the site.

    So far I am quite happy with it, but it is not free from issues. There is a decent set of plugins and themes, the community is enthusiastic. Your requirements may differ: there are tons of other CMSes to choose from.

  13. Take a look at Grav by waz0wski · · Score: 2

    Take a look at Grav if you want to move toward a static-file CMS, helping to reduce security attack surface on the webserver. Otherwise, Wordpress and Drupal still are goto CMS' in terms of support, plugins, and themes

    --
    time .. is an illusion. lunchtime doubly so.
  14. Plone by Kilobug · · Score: 2

    I would advise using Plone. It's perhaps not easy to apprehend at first as the PHP CMS, but it is very feature-rich and has a strong security focus, as can be seen with the number of CEV concerning it compared to other CMS (about 10x as less) : https://en.wikipedia.org/wiki/...

    The latest version (Plone 5) that was released quite recently also brings much better performances (which was one flaw of earlier versions) and easier theming.

  15. Depending on scenrio, none by Anonymous Coward · · Score: 5, Interesting

    You may instead consider a static site generator (there are a ton, jekyll, hugo, a google search for static site generator will turn up a bunch)

    Then your server load is much lighter by getting out of server side anything by people just reading), you can still provide search most of the time (lunr). By avoiding a CMS, you are less likely to have a gaping security hole (e.g. my team has an internal only git server to coordinate maintaining it and building it, then uploading it to a dumb static server).

    So step one is considering whether you really *need* a CMS, a lot of folks really don't.

  16. If you like Sublime Text, try GetSimple by kbdd · · Score: 2

    GetSimple may not be the best CMS in general, but it fits the bill for me, simple and fast, with a comprehensive set of features that keeps growing, good and fast support (most of the time) and no database. Simple to install, simple to manage, simple to update, and very fast. Broad choice of themes that are easy to customize. I converted a text-based site to GetSimple in an afternoon. I cannot say in detail how it compares to the big CMS you listed, but I can tell you that the learning curve is not nearly as steep (I tried two of them), and I do not feel that I have handed my life to somebody else.

  17. Compare Content Management Systems by jraff2 · · Score: 2

    Compare Content Management Systems http://www.cmsmatrix.org/

  18. coupled with a custom RESTful engine for the rest by jabberw0k · · Score: 2

    I found Statocles (based on Mojolicious) the right way to build sites with nearly-fixed text content and a few up-to-the-moment database-backed bits that can talk to almost anything front-end or back-end.

  19. Go static unless you NEED dynamic content by ilsaloving · · Score: 2

    TL;DR version: A CMS will let you get a very nice website up faster, but you pay for that with with a long term maintenance nightmare. Go static unless you specifically and absolutely need dynamic content.

    The problem with virtually all CMSes is that they security-hole ridden messes. If you use, say Wordpres, you have to be prepared to babysit the thing on a daily basis because new vulnerabilities are being found and fixed constantly. And heaven forbid that an update to the core code base breaks a plugin you happen to use, and that plugin is no longer maintained.

    It's just not worth the effort. There are plenty of tools out there that will let you work on your website locally as if it were a CMS, but the final output is plain static pages. Unless your site specifically *needs* dynamic content, such as being able to allow users to make comments on articles, etc, a CMS is unnecessary.

    A classic tool is dreamweaver. There are plenty of open source static CMS generators you can find, with just a little googling.

  20. Re:What's the best fruit by pipingguy · · Score: 2

    Thanks. That site seems to be a bit out of date, though, as it lists the latest Joomla as being 2.5.4 from 5/2/2012.

  21. Re:The one you've written yourself. by Anonymous Coward · · Score: 2, Funny

    For the love of the poor people who have to fix your shit don't. I come across the odd DIY CMS every so often and they're always a clusterfuck. There's a point where you'll figure out WHY people use frameworks. Something to hande SQL injection? framework. Something to handle XSS? framework. Something that can assist in making actual maintainable code? framework. Something that lets you focus on the actual site rather than have to deal with all the repetitive shit? framework. FFS this is a solved problem. Stop re-solving it again just to appease your ego. We get it, you understand how this stuff works. Go re-write a CMS using Tensorflow. Jeez.

  22. OBLG. Dilbert by goombah99 · · Score: 2

    https://pbs.twimg.com/media/CA...

    --
    Some drink at the fountain of knowledge. Others just gargle.
  23. Ikiwiki by gsliepen · · Score: 2

    It's a wiki compiler, which makes it a lot more secure than CMSes which render pages on the fly. It looks very bland right out of the box, so you need to do some CSS work. But it has many plugins, supports different kinds of markup languages, and can be easily extended (if you know Perl).

    https://ikiwiki.info/

  24. Open Source CMS by emaname · · Score: 2

    Go here: http://www.opensourcecms.com/

    Open Source CMS has the various offerings grouped by purpose/application/specialty. It also provides links to CMS demo sites.

    FWIW, I'm using Concrete5. It's okay. Seems to be getting better.

    I can also suggest trying e107: http://e107.org/

    --
    An effective "democracy" creates the illusion the people have a say in their government.
  25. Confluence by apoc.famine · · Score: 2

    Confluence is a wilki with super-flexible read/write permissions, awesome macros and tools, all combined with a document versioning system and it integrates with Jira if you're also working with devs who use that system.

    --
    Velociraptor = Distiraptor / Timeraptor