Home arrow CMS FAQs 3
CMS Questions - 3

CMS FAQs - 3 

CMS FAQs 3 - this page

The big CMS Question & Answer session continued.

Q: How to create an htaccess file on an IIS server ?
A: You can't.

For some reason this has become a popular query lately. You cannot create an htaccess file on a Windows server (a Windows server = an IIS server) because it is an Apache server tool, and only exists on a standard, LAMP server. An IIS server does not have user-operated tools such as this, you must contact the hosts for every single change or adjustment you need. Often they charge for this otherwise people would be running them ragged.

An IIS server is controlled by the IIS Manager, a console that is only available to the host. In contrast a normal LAMP server is controlled by top-level files that can in many cases be adjusted at local level. One example is the htaccess file, for which there is a server-level example, plus each website can have a local one to adjust server settings further.

Of course this is a perfect arrangement for many reasons. You can fix server default configurations that are not optimal for your site; and you can use SEF solutions on a CMS or ecommerce application that interact with the server via the local htaccess file. It's one of the reasons a LAMP server is far easier to manage than a Windows server: the webmaster can make all routine changes. This cannot be done on shared hosting, on an IIS server. However if you have your own IIS server this will not be a problem, you will have access to the IIS Manager console.

Also you need to consider the fact that perhaps you might be trying to run a PHP webapp on an IIS server. This is possible, as long as PHP and MySQL are installed - but far from desirable. The CMS or ecommerce application will run, in this case - but many plugins may not function. The obvious candidate is the SEF URL solution, which often needs an htaccess file. All problems can be resolved by changing hosts, and moving on to a LAMP server. Alternatively, use an ASP application, as that is designed to run on an IIS server.

You cannot run popular PHP cms or ecommerce software efficiently on an IIS server. It may work, but it can only ever operate at reduced efficiency.

Q: Lightweight java cms ?
A: There is no such thing that I know of. In fact, this question is a contradiction in terms - the trouble is that everything about Java CMS is monster heavyweight.

For a start they often need an application server, which is a middleware app that sits between the CMS and Apache server. In addition they probably need the JRE installed on the server (the Java runtimes), and perhaps even the Java SDK, the developer install. All told a monster install on the server just to get the CMS to work. This of course rules out anything except a dedicated server with extremely cooperative hosts who will build the web application group for you - or colocation where your engineer goes to the datacentre and works on the server in person. The costs involved with Java CMS are among the highest around, until you get to heavyweight commercial CMS with an entry fee that starts at $100k.

Q: Why does a cms need to be uploaded to a dedicated server ?
A: There are two reasons for this.

Firstly: specialist requirements. If the CMS is a heavyweight enterprise-class model, then it might well be expected that a dedicated server is needed anyway; so needing a dedibox, here, is not a negative.

And if the webapp was designed to appeal to people looking for a big intranet application, or even just one for some office teams to use, then a dedicated server is not a handicap as one can easily be set up in the office. In any case, for most teams, an old and redundant PC will do as server load will be very low.

So if the CMS you are looking at is in one of those classes, it is no drawback to need a dedibox - it's assumed to be a basic requirement.
It may for example need a middleware app - an application server or servlet container. This sits between the CMS and Apache server, and the CMS will not work without it. This is normally a requirement of Java CMS, though it also applies to Plone, a Python app. These need a dedicated server although in some cases a VPS may suit (when traffic is fairly low - a VPS with reasonable traffic is not normally a good choice).

Also, it may be an ASP / .NET CMS. These have different requirements from PHP CMS apps and have much more restricted server suitability. For example they run in a Trust environment: the levels are Medium-Trust, High-Trust, and Full-trust. Some require a Full-Trust environment and this is only available on a dedibox. In practice that means the CMS can only be used as a medium or large enterprise tool.

Secondly: a CMS needs to have a web installer if it is to be widely used. This means to be able to be installed via the web, using FTP and browser management. Otherwise, the 99% of website owners on normal hosting could not make use of it. Almost all PHP CMS can be installed in this way. However, many cms using other types of codebase cannot be remote installed, which means they can only be used within an office, or with hosts who will set up a dedicated server specially. Some WCMS need to be compiled on the server, which means that even hosts offering dedicated servers may well not be an option - you have to run your own server and have physical access to it. (To compile a cms means to build the application as a software group, by physically working on the actual server.)

Of course, these arrangements are highly restricting for most owners, even up to medium business size. It means that such CMS have a very limited appeal in terms of the numbers in use. However, as far as large enterprises go, any installation routine is acceptable, since other factors are more important.

Q : Compare CMS and .NET
A : Yes, a lot of people ask this. A CMS is a fully-featured way of publishing a lot of content, and/or for easy management of content that gets changed regularly, and it will provide extended functionality - especially when there are sufficient plugins.
Microsoft .NET, and the OSS equivalent WebDAV, were originally ways of editing content on hand-coded websites.
A CMS is about a thousand times more capable in every department. Microsoft .NET is basically an alternative to Dreamweaver-style website management - you have to build the pages in the first place, then the application syncs the website for you. That's basically all it does.
A CMS, in contrast, builds the whole site and its navigation for you, builds most of the page for you, and manages the site automatically. Then, it does an all-singing all-dancing job with dozens of different types of content and ways of managing them.

And, of course, .NET only runs on an IIS server (a Windows server), which is strictly a minority choice that will handicap you in many ways. It's much easier for a novice host to run - but that's about it. If you still want to expend time with hard-coded sites, then using WebDAV might be more logical - at least then you can use a normal LAMP server, PHP etc.
Some ASP-based website content management systems use .NET as the website editing machinery, instead of pure HTTP (browser-based editing). Fewer PHP CMS use the OSS equivalent, WebDAV, though - eZpublish is one that does.
We have seen some 'custom CMS' built around .NET and ASP. These generally refer to a semi-dynamic hard-coded one-off site that has some limited functionality. As a 'cms' these are about the same as a donkey compared to a Lamborghini. 

A CMS has access to a wealth of plugins that easily and quickly expand the functions a website can perform, and the tasks it can handle. An ASP-.NET site - or any other hard-coded site such as PHP or just plain HTML to start with - must have each and every one of these new functions coded from scratch. This type of site is suitable for small sites with limited dynamic functionality that have few content changes; and perhaps for sites that major on static graphic effects of some kind, like art displays and certain other image-based applications or custom-code jobs. All other websites - and especially those that need extended image-based dynamic functionality like image galleries and video - are better off on a capable CMS.
Q : Best ASP CMS ?
A : Good question. We are not specialists in this area so it would be unwise to offer an answer - but in any case you need to be more specific. Commercial or open-source? Exactly what class of CMS are you looking for?
As regards commercial CMS, there are plenty of offerings, so budget is the key question. Near the lower end of the commercial scale (from £10,000 / $15,000 to £50k / $75k) Colony has a lot going for it. In OSS, perhaps the best ploy would be to install a local server and then get hold of some of the open-source ASP apps we list. Install and trial them - which is straightforward - and then you will be able to see how to proceed. DotNetNuke is a popular choice; a mature application with good documentation. Umbraco is the fastest mover in ASP CMS and moving forward very rapidly. It has a number of plus points but like many webapps in this class, hosting can be tricky if your budget is limited - it runs on the medium trust level and the majority of shared hosting is not suitable. Umbraco is an entirely developer-built CMS - a 'blank canvas' CMS - so the result, as for Radiant in PHP-MySQL CMS, depends entirwely on the qulaity of the developer. In addition there is a choice in the use of .NET or XSLT and the higher quality is definitely the latter - but fewer devs can handle it. Umbraco is not suitable for webmaster implementation.
There is never any easy answer to "Best whatever" - it's what you want to use it for. What is the best car? :)  There is just no answer to that question - budget and usage requirements have to be stated first. A Ferrari is no use for shopping. A Hummer is a bad choice for crossing Europe via the autobahns. A microdiesel may be cheap to run but it won't suit a family with four kids and a dog.
For example, a multi-user CMS will need frontend editing, and some don't have this. To embed videos from YouTube etc on-page you need the right plugins, and this would limit your choice. So try them out, check what plugins are there, and then decide.
The main advice we would give in this situation is that without a shadow of a doubt every server - including an MS Windows IIS server - needs PHP / MySQL installed. Without that, add-ons of many types (like genuine full-function statistics applications) are impossible to install. You won't be able to use any of the best forum, blog or wiki apps, as they all run on PHP - MySQL.
Also, try to host with a service that gives you a proper server control panel, like Plesk for IIS. Without this (and Windows hosts tend to be worse than LAMP hosts here), life is just too difficult. FTP-only is a poor substitute, as you will be missing all of the management functions that Linux / Apache users on a LAMP server take for granted. How to set up cron jobs? How to check email parameters / users / spam rejection settings? How to check the server errors? How to set file permissions when they fail to set properly via FTP? How to manage your databases? How to set custom error pages? You can't webmaster sites properly without a server control panel.

Search optimising for ASP-based sites is the same as any other; Microsoft codebases are fully SEO-compliant. Provided, of course, that the server is a full-feature machine run by real hosts. SEO on IIS servers run by resellers and incompetents is a nightmare.

Q : Most stable CMS ?
A : I guess this is another "Best of...?" question.

Firstly - in what type of CMS? Large commercial - open-source ASP - open-source PHP - or what?

When you've worked out what your budget is, then go to sites that specialise in those areas and look around.

If you have a low budget and need the simplest CMS that will handle lots of plugins,  high page numbers and heavy traffic (which is what "most stable" infers), then Drupal will probably suit. It's a standard PHP CMS, which means deployment is a snap; it has enough plugins; it'll take high page numbers; it takes high traffic superbly; and as it's open-source the core webapp is free. It isn't easy to manage, so you'll need an introductory period when no one is expecting any great results from you. But it's rock-solid and hard to destabilise.

If, by "stable", you just mean trouble-free and without glitches, then I'm afraid all CMS have some minor issues. The best way to avoid them is to be extremely careful about adding templates and plugins since these cause most of the problems. If you install any old template - or a dozen of them - and also install any plugin that takes your fancy, then you'll find that every CMS will give problems. The core application is usually OK but there can be big inter-operability issues with everything else.

The straight truth is that you cannot have a CMS with Plugin X plus Plugin Y plus Plugin Z ad infinitum, because they often won't work together and the whole system will have gremlins. If you think you can have a set-up that performs an endless number of tasks, with a big feature set, then unfortunately you can't. It's like the difference between Windows 98SE and Windows XP; if you have a small number of things to accomplish, of a simple nature, then you cannot beat W98SE, provided you keep it skinny - it's very fast and very simple. There is nothing wrong with it at all for straightforward tasks, limited in overall numbers. I wouldn't use anything else to run my boat navigation systems, it's the fastest by a mile.

If you get WinXP and then add everything possible, in the hopes of having a tremendously powerful system, then maybe you will - on the days it's working right; and provided you've got plenty of time to wait. And like an operating system, if you turn a CMS into a gross fatboy you are guaranteed some problems.

Q : Joomla security is poor - I heard other CMS are better ? 
A : It depends.
[Please note this question was asked in 2008 - the answer is therefore valid for 2008. However since the general principals are still valid, we left the answer as-is.]

There are three issues here:
  • It depends which Joomla version you're talking about
  • Cheap, insecure hosting will sabotage the most secure website software
  • In the end, it all depends on the webmaster
Firstly, there are two versions of Joomla: the 1.0 series and the 1.5 series. The most secure Joomla version is the last in the 1.0 series, which is 1.0.15. This has the reputation of being one of the three most secure CMS - in the hands of a conscientious webmaster of course.

The new series of Joomla, the 1.5 version, is less than two years old and therefore cannot possibly be described as either stable or secure, since any webapp needs a minimum of two years live before it is either reliable or secure. There isn't any debate or argument about this - it's a straightforward fact and simple logic.

The developers build it, then refine it, and release it - but they cannot find all the holes. The web finds the holes. And holes always continue to be found, sometimes in large numbers, for around two years. At that time, about 90% of issues have probably been found. After four years it's about 98%. These are the facts and no web applications have ever proved different. All new webapps (and Joomla 1.5 is new, it is so different from 1.0) have exploits because they cannot be found prior to releasing the application.

At October 2009, Joomla 1.5 will be two years old and can then be described as mature. It will then go to the 1.6 version which will be a 'finished' version of 1.5, and will also include core ACL. There may be some issues surrounding the ACL of course, but at this time the new series will be stable. Joomla 1.5 - and even more so, the 1.6 version no doubt - is obviously a much better CMS than J1.0. But it will need two good years in the wild before it is mature.

Currently, the J1.5 series is so new that exploits are found regularly, and therefore it must be patched religiously as soon as upgrades come out. You must subscribe to the Security Bulletin and patch it immediately. If you have a sensitive commercial site it is pure common sense to use the the stable Joomla 1.0.15 version until Joomla 1.6 comes out. There were no security advisories for the last full year of Joomla 1.0.15's full support lifespan. In contrast there are hacking tutes all over the Net on how to crack Joomla 1.5 within seconds - see YouTube for example, for video guides to how to crack Joomla. But these all refer to the new 1.5 series, and to unpatched or badly-managed versions.

Secondly: the hosting of CMS sites is an absolutely critical factor. It is completely different from HTML site hosting, and the hosts must be of a higher standard and have more security knowledge. You pay your hosts for their security ability and not the widgets they advertise that you will get with with your cheap hosting account - that way of thinking is fatal for CMS site owners.

CMS and ecommerce hosts need to consider security for dynamic apps (those that use databases and scripting) as the #1 priority. No excuses are acceptable here. They must upgrade their server software and keep a close eye on all security factors and on each server's issues. If they don't do this, your site isn't secure and there's nothing you can do about it except move to a better host.

And last: the webmaster is a critical factor in the security of a full-feature / large CMS. If you want simplified management with minimal webmaster input, you need to use a micro-CMS like WordPress, which is super-simplified so that webmaster requirements are minimised, and there are few opportunities by inaction or poor management to create security weaknesses.

A webmaster with a full CMS needs to have experience, which is why you pay someone who knows what they are doing to run the site. A CMS is not like a flat HTML site or a fridge, you can't just install it and leave it. It must be patched / upgraded as necessary, and only good-quality plugins must be installed. The security aspects of all new plugins must be exhaustively checked before they are installed. The plugins must themselves be patched as required.

So the answer to this question in the shortest possible form, as you have seen, is: host with people who know what they're doing - employ a webmaster who knows what they are doing - run your CMS safely - and for ultimate security pick the most secure version of your chosen CMS. Or be realistic: use WordPress and just admit that your budget or motivation are not up to using a full CMS.

If you run a Joomla site properly it's as secure as any other, more so probably. You will have to decide on the exact definition of 'properly', but it involves a degree of expense, knowledge, work, and common sense. If you think a real CMS doesn't need any of that, perhaps you should reexamine your situation.

Q : What are the issues if you build your own PHP CMS ? 
A : Jeez, you must like pain.
[more tags: grow your own cms, roll your own cms]

This is a surprisingly popular question, so there must be a lot of fearless devs out there. But have you seriously thought about what this entails? Teams of people, the best and the brightest developers in the world, toil for years to get their projects to a sufficient stage of maturity that they deserve the title of A Real, Working, Good CMS. You should be able to figure that out by reading some of the reviews on A3webtech - many are critical, because there is so much work left to do before some apps can honestly qualify for that title.

In any case, why try to reinvent the wheel? What's wrong with the best of the free OSS apps out there? Either join an existing project and contribute; or if you just want something simple, maybe, then use a simple CMS - we've identified a couple for you. If you don't like them - fine, then fork off.

Er, sorry about that :) I mean, start with the existing CMS, and create a fork, going off the way you want. It's a popular strategy in OSS. At least that way, a lot of the groundwork will have been done; but we don't advise it because, surely, somewhere out there in the 3,000-plus CMS in existence, there must be something you can live with?

Anyway, first select your codebase. Then comes whether you work at a server farm or not, and therefore have access to the boxes - 99% of the time the answer is no, so you'll be looking for a remote-install CMS. You can do the dev work on your local LAN. Then - what sort of CMS do you want? Basic, with your own Dreamweaver page as a template; or maybe with complex ACL; or with an existing shopping cart backend? Choose one, then extend it yourself, if by some chance you don't like it as-is; but you'd probably be better off joining the project.

Alternatively, if you simply mean a couple of PHP pages to give some dynamic capability, then you are probably going in the wrong direction - semi-dynamic sites are a poor choice unless every single aspect needs to be custom code. That's OK for commercial sites with big funding, but doesn't suit many others.

Caution: we see a lot of 'custom-built' ASP attempts at a CMS. Normally they are about as good as a home-made nuclear reactor - it might sort of do the job, but you really don't want to be anywhere near it...

For a skeleton solution, what about webDAV or .NET (depending on whether you want to go LAMP or IIS)? Unless you need something really special, though, you might be better off with something like CMS-MS, maybe with a couple of new extensions to fit your intended profile. Dynamic site webapps are a much better proposition all round if they are a community effort, these days, so be sensible and join a project.

And to follow on from the last question, here is another one on basically the same point:

Q : CMS 'XYZ' is no good - I'm going to build my own. What do you think ?
A : Er - are you sure?
It is fairly common to see, on forums and so on, developers writing something like this or a variation: "I'm fed up with XXXX CMS, it just doesn't do what I want, it's no good at all, it's buggy, I'm going to build my own." Or a variation on this theme. This has two major errors that need pointing out:
1. You chose completely the wrong CMS in the first place. They are often targeted to a narrow functional area and you picked the wrong one. You tried to use a CMS with no ACL for multi-group working; or a provider-consumer CMS as a portal. Your fault, not the CMS.

2. There are 3,000 or more of them out there - find the right one for your purposes. Join the project if it's OSS. If you find that only a commercial CMS does something you wish an open-source app did - then help to make that happen.

All CMS are incomplete or buggy according to one viewpoint or another. So is every piece of software. It doesn't do what everyone wants, because it can't - find one more suited to your purposes. All are 'buggy' to a certain extent, especially if you are trying to make it do something it is not suited for.

Find a CMS - or especially an OSS CMS project - that suits your purposes better, then help to improve it in the direction you want. If you want ACL, use Drupal - don't try and make Joomla do that because the core is not suitable. If you want exceptionally capable ecommerce, then try and find a way to bridge a full ecommerce app to a CMS - no CMS right now has native ecommerce support on the scale of the full ecommerce packages. Don't try to make an application do things it is not capable of doing.
A lot of people have been down the road you are on. Don't try and do all that work again, there's no point.

And lastly: please, please, please validate your code. Research the requirements for search engine compliance, and accessibility issues - then incorporate that knowledge into your applications / extensions / sites / webpages. And validate the pages generated, before handing on to the client. Please.

Once again - for the Nth time - around seven or eight out of ten (that's up to 80%) of web pages we work with are code trash. Even clients coming to us with sparkling new websites that cost them a lot of $$ have sites where all the pages have 50 - 100 code errors. As far as we are concerned this is fraud.

If the vast majority of developers and website designers have never even heard of code validation, what point is there in talking about accessibility, usability or other SEO issues?

Q: Can I use frontpage with xampp ?
A: This means FrontPage extensions, right?

Look, FrontPage is long RIP and in any case was one of the worst web authors ever made. It produces terrible websites with all kinds of issues (apart from the grim design drawbacks) and the rest of us web users would prefer that you PLEASE consign it to the dustbin where it belongs.

Modern web design is done with CMS, which produces much better results quicker and with far less pain - so take a tip and get into that. Or, if you insist on spending hours hand-coding a page when it takes about 10 seconds in a CMS, then use a proper web author like SiteSpinner, which used the correct way of building web pages (with divs and CSS) years before anyone at Dreamweaver ever heard of that. You can get a free, lite version called WebDwarf which will let you play around. It builds a complex page in about 1% of the time taken on FrontPage, and with real code instead of cells and other bodges.

Funny searches this site gets

OK, it's wrong to laugh at others - but how else do you define a joke anyway? And some searches we get are just plain hilarious. Many were deleted with a chuckle and have gone for good, but here are one or two that we remembered to save. These are genuine searches that ended on A3webtech, no lie.

search query :- "How to install dreamweaver on xampp?"

This is one of the hardest questions we've been asked, actually.

An excellent question to finish up with - and no, I didn't rig it. Truth is stranger than fiction and even my fevered imagination couldn't have produced this one. But perhaps they just meant 'how to install a website created with Dreamweaver, on XAMP'. Makes a lot more sense.

Web Business Managers