Slashdot Mirror
Ask Slashdot: What's The Best CMS?
Slashdot reader pipingguy recently inherited a 2012 installation of Joomla 1.5.26, and while performing four years worth of updates, began wondering about other content management systems. I've built more than a few static websites (I use Sublime Text 3 or Atom, not some fancy-pants WYSIWYG doohickey) and am quite familiar with CSS, but databases not so much. I've been through lots of online documentation and am a bit bewildered, but I'm following the recommendations regarding backups and the like.
What are Slashdot readers' latest opinions on the three most popular CMSes -- Drupal, Joomla and WordPress? Any tips for me before I accidentally blow away the existing site and have to rebuild everything...?
Leave your educated opinions in the comments...
What are Slashdot readers' latest opinions on the three most popular CMSes -- Drupal, Joomla and WordPress? Any tips for me before I accidentally blow away the existing site and have to rebuild everything...?
Leave your educated opinions in the comments...
Notepad
So, I agree with any advice about finding a decision table and making up your own mind. Take what they have to say with a grain of salt, however, and realize each table has it's own focus which may or may not be what is important to you.
That said, Drupal is the best CMS right now, and it's doing work to stay in that role for a long time to come.
From a usability perspective, the core team has done a lot of work to make it simpler to work with Drupal and interact with content. It's very easy to spin up new content types, add fields, and create pages / widgets that present that information. Now that views is in core, you can actually author a site using only drag-and-drop tools. Which is great for people just looking to get a single site up and running.
From a technical perspective, symphony is now installed as part of core, which opens a whole lot of possibilities around what you can actually do with it. One of my favorite features is the CMI initiative, which allows you to author a site using a config file, and use that to spin up lots and lots of sites. Which is great for enterprises, looking to adopt a CMS in a big way.
From an extensibility perspective, one of the most powerful features in the platform is native support for REST and JSON. Drupal can serve as a provider of data for single page applications, where people author content in Drupal and you load it through apps authored in Angular / Ember / React. Drupal simply serves as an API endpoint in this context, which allows you to pull data from it whenever you need it.
I realize you can do these things with Wordpress as well, but not as easily or as scalably. Whenever you get past trivial use cases, there's always something getting in the way with Wordpress that makes it less appealing. And other commercial enterprise content management systems, like SiteCore, are simply not extensible. The moment you go outside the sandbox they set up for you, it becomes very hard to make them work.
Comment removed based on user account deletion
Why do we have to stick with only the top 3? Aren't there great options who some haven't heard of yet?
Personally, I adore concrete5 (www.concrete5.org). They are making some major changes to the structure, and the upcoming version 8 adds new data objects that will make it more than just the page centric pattern it was before. The developers are active and engaging with the community, it's been around for long enough to be mature, and the in context editing is a huge asset to the end user.
When I look at a CMS, I don't just look at how to code within it, although that is massively important. I also look at how easy it is for end users to pick up and customize. And being able to make changes to an area right in that area on that page is a killer feature. The fact that the block architecture ensures you can add special custom areas very easily and in a modular fashion is also extremely helpful.
I've worked with all the big CMSs, and tested them out. I've tested out a boatload of the medium sized ones as well. C5 was hands down the winner.
My recent CMS search and selection exercise made me bypass the "big three" and opt for Concrete 5. It had the right mix of features, mind share, and in particular, ease of adding content. Adding content is simply done while browsing the site by dropping a page into edit mode, modifying it, and then publishing it. This is particularly helpful when multiple technically challenged people need to update the site.
So far I am quite happy with it, but it is not free from issues. There is a decent set of plugins and themes, the community is enthusiastic. Your requirements may differ: there are tons of other CMSes to choose from.
You may instead consider a static site generator (there are a ton, jekyll, hugo, a google search for static site generator will turn up a bunch)
Then your server load is much lighter by getting out of server side anything by people just reading), you can still provide search most of the time (lunr). By avoiding a CMS, you are less likely to have a gaping security hole (e.g. my team has an internal only git server to coordinate maintaining it and building it, then uploading it to a dumb static server).
So step one is considering whether you really *need* a CMS, a lot of folks really don't.
Wordpress may be been a security nightmare a new years ago, but has steadily gotten better with security, and, at this point has the smoothest updating process, security-minded developers, and a team that's focused on proactively identifying and fixing vulnerabilities. The same can't be said for some of its plugins though.
These days, Drupal and Joomla are the real security nightmares, because of version lock-in and very poor upgrade paths. All but the largest organizations using Drupal or Joomla tend to do so without the manpower or expertise necessary to cope with the upgrade process. They tend to use consultants and contractors to develop the functionality they need, and that functionality invariably is locked to the major version it's developed against. A few years go by, and the version they depend on reaches end of life. By which point, nobody who understands the site is left, and management frequently won't pay for code to be rewritten for the latest version. Unless you can be sure there will be adequate manpower going forward to keep maintaining and keep pace with Drupal/Joomla development, it's a ticking time bomb from day one.
Wordpress on the other hand is less of a framework and more of a ready to use system - thanks to a saner plugin system, upgrades that tend not to break the plugin architecture, and built-in functionality that does 99% of what most sites need right out of the box or with readily available plugins, has huge popularity and a large base of developers, and its rare that a Wordpress site ever becomes a dead-end project with version lock-in. Even when plugins or themes break due to upgrades, they tend to be easily removed or replaced without affecting the core CMS functionality of the site.
You are still going to see more security advisories for Wordpress these days, but at this point, that's more of a function of popularity than inherently "bad" code - it's the most widely used CMS, so of course people are constantly going to be searching for bugs - and a bug that's found is a bug that gets fixed.
Wordpress may be been a security nightmare a new years ago, but has steadily gotten better with security, and, at this point has the smoothest updating process, security-minded developers,
Unless you consider seven new vulnerabilities in the last 20 days to be secure, you are horribly, horribly wrong. There was a remote SQL injection found in November.
Security is not something you can bolt on after the fact, you have to build it in to the very base of your system. When you're getting SQL injections, it's not because your code is popular, it's because the programmers suck. Fast updates are not a replacement for security.
"First they came for the slanderers and i said nothing."