Blog Posts

Best Overall CMS

While it may have started as a blogging platform, WordPress is one of the largest and most widely used CMS platforms today. It’s estimated that nearly 60 percent of websites that use a CMS choose WordPress. By its own estimate, 24 percent of the web operates through WordPress. Major websites that use WordPress include The New Yorker, Best Buy and Xerox.

WordPress is open source, which means that you don’t need to purchase a license to operate it. In addition, open source software is constantly being enhanced by a community of contributors, including web developers, who create plug-ins and themes for the software. This makes it a good choice regardless of whether or not you know how to code or have a web developer or a team of developers. The software can be customized to fit your needs.

WordPress Logo

WordPress is one of the most popular content management systems, servicing thousands of users and websites because it offers flexibility of tools with an easy-to-use interface. While it lacks in basic web creation tools, it still has extremely useful native and third-party business add-ons to quickly create functional eCommerce sites.

Its content-approval tools, SSL compatibility and granular privileges secure your content by limiting access according to administrative levels you set. WordPress has email verification, automatic problem-notification features and captcha tools to keep the site secure on the user side as well.

WordPress has a fair amount of standard add-ons that should be included with any content management program, such as blogs, email help forms and site maps. It is also one of the few CMS programs we reviewed that has graph and chart generators. In addition, it offers thousands of native or third-party plugins and add-ons for small businesses, including shopping carts, inventory management, affiliate tracking and point-of-sale systems. Using the clearly labeled dashboard, you can customize any of these tools to fit your personal business needs. WordPress offers a sandbox to test content changes without having to publish it first.

WordPress Screenshot

It offers content, document and project management, file distribution and project tracking. However, it doesn’t support database reports, and lacks search engines.

WordPress is simple to use. It offers drag-and-drop functions, a spellchecker and quick undo tools so you don’t have to delete large sections of your work and start over. The interface is intuitive, but this CMS program lacks site and style wizards that provide step-by-step instruction for novice users.

Because WordPress is so popular, there is a large web presence of community users. It offers blogs, web pages and social media posts concerning common – and uncommon – problems using the CMS software. You can also find source codes for features you may need. WordPress itself has user guides and discussion forums on its website and offers email support.

WordPress is a powerful content management system with easy-to-use web-development tools for both standard web pages and interactive business sites. It lacks a couple of common CMS tools, but the app section is vast as is the community of users who are willing to share tips and code to help you make a powerful business website.


Best CMS for eCommerce

If you have an online store, what you need from a CMS will differ from that of a standard website. Many CMS applications have plug-ins for eCommerce, but there are also those that are developed specifically for eCommerce sites. Magento rates as one of the best, with an open source platform and a variety of different options for eCommerce businesses of all sizes. Prominent clients include Burger King, Nestle and Zumiez.

Magento Community Edition is the basic platform, well suited for small businesses or tech-savvy entrepreneurs just starting out who want to build a webstore from scratch. If you don’t know how to code, there is a community of users creating extensions with new features that you can add on to your store. Magento also supports multiple currencies and languages, which makes it a good choice if you have international customers.

Enterprise and Enterprise Cloud Edition are options for larger-scale sites. The Cloud Edition includes webhosting. There are costs associated with these options, but they include assistance with installation and troubleshooting.

Magento LogoThe Magento content management system (CMS) is geared toward creating attractive and powerful eCommerce websites. It offers out-of-the box capabilities with ready-made themes while allowing for unlimited ability to customize with your own code. Thus, it’s a good choice for growing businesses.

The dashboard has a look and organization familiar to most CMS software, making it easy to navigate. You can choose from templates or create your own. It offers security and privacy capabilities to meet current laws and payment card industry requirements. You can set up a single store or multiple stores, even stores in different languages depending on their locations.

Because this CMS is geared for eCommerce, it has extensive features for creating a product catalog, with advanced pricing tools, image watermark capabilities and the ability to add multiple attributes or variations. You can also add general content pages, formatting each page individually to meet the needs of the content. There are also customer account and grouping features.

Magento Screenshot

The software also allows you to set up invoicing and billing through the program as well as shipping. You can set up the website to create reports on sales, customers, products or performance. The program also stores the statistics for use in the future.

This open source content management software nonetheless has expert tools and add-ons to efficiently program a versatile website that can handle the needs of your online business. You can find paid and free add-ons in the Magento marketplace for analytics, communication, payment processing, shipping and more. If you wish, you can program your own widgets or seek codes from the over 150,000 developers through Magento community forums.

In addition to users, Magento has over 3,000 trained solution partners, professional experts for consultation, code audits or business analytics. They can provide technical consultations and performance reviews. If you prefer to master they system yourself, there are user guides, live and online courses, certification processes and even Magento meetups to learn from other users.

Magento’s product focus and flexibility make it a strong choice for business that deal primarily in eCommerce. The open source content management system has multiple features for building the website without special coding and ready-made add-ons you can acquire for free or purchase. Plus, you can add your own coding. It’s a versatile system without being overly complex or requiring expert developer skills.


Best CMS for SEO

Optimizing your website for search engines is critical when building a website. Drupal, an open source CMS application, has many tools and modules to help you create content relevant to your target audience and structure your website so it can be crawled effectively by search engines. Major website that utilize Drupal include The Economist, Weather.com and Fox.

Drupal is a good choice for sites that manage a lot of pages or that have a large number of users. Having good SEO tools for a large site is crucial, as issues with duplicate content and poor site architecture can lead to poor rankings.

Drupal is more complex than other open source CMS platforms. You may have to hire a web developer or a team of designers and development staff to develop a good, user-friendly site. Drupal is well regarded as being one of the most secure open-source content management platforms.

Drupal LogoDrupal is a well-known content management system intended to help advanced designers create a powerful website capable of handling large volumes of visitors and hundreds of pages of content. Drupal is so flexible it can create a simple blog as easily as impressive, interactive business sites. This flexibility makes this CMS a great solution for a growing business with ever-changing website needs.

While Drupal, one of the founding solutions in content management programs, has some of the best add-ons and plug-ins available, it isn’t the most user-friendly for novice web designers. It has a decent selection of themes and a site wizard for quickly getting your business site online. However, it requires a lot of coding to make a truly powerful site. Drupal offers a highly active CMS community with a lot of user support.

Drupal Screenshot

Drupal content management software includes blog tools, email forms, search engines and site maps. These are basic features found on most websites, though Drupal also has a good range of add-ons especially for commerce and business websites. These include shopping carts, point-of-sale systems, help desks, live chat features and inventory management. This program also has several tools for tracking projects, managing documents and creating database reports – vital functions for mid-sized businesses with a lot of content to manage.

Drupal has very strong community support. You can join forums to ask questions, trade code and gain insights. In addition to online groups, there are events and meetups, chats and the Planet Drupal blog that aggregates posts by Drupal users for Drupal users.

In addition to the active community support, Drupal includes several technical support options. You can connect with support personnel through email or its social media pages, including Facebook, Twitter, Flickr and Google Plus. You can access the user guide via the website. As with most open-source CMS solutions, Drupal doesn’t have telephone support available.

While the selection of themes and templates isn’t as extensive as other content management systems, Drupal does have a very active community with enough support for developing your business website. It has ready-made tools to help you easily create a basic blog or website, but most of the tools and functions have been developed to support large amounts of website traffic and managing large volumes of content.


Best CMS for Small Business

Maintaining a website is a necessity no matter what type of business you operate. It is often the first impression customers have of your business. Joomla is well regarded as the best CMS application for small business owners. This is an open source CMS that is easy to develop and customize. Major websites built using Joomla include Harvard University and The Guggenheim Museum and Foundation.

Joomla is a good choice for small businesses regardless of the size of your business (whether you have one of 50 employees) or the industry because of the relative ease with which a site can be developed. Joomla offers many extensions and plug-ins that can meet the needs of most small businesses. Most CMS platforms offer different themes and templates, but the sites that share those systems all convey a similar look and feel. Joomla offers greater options for customization, so your website can be unique while also being easy to use.

Joomla LogoJoomla is an open-source content management system designed for developers with coding experience rather than beginners who are more dependent on website builders for creating web content. With a broad selection of commerce and business add-ons, Joomla works well for companies looking to step up their basic website to something more appealing, unique, interactive and professional.

Regardless of the business add-ons you need for your website, Joomla has them all free of charge. However, the selection of website themes isn’t as extensive as its other CMS solutions. You can easily search private website and blogs to find more, and the Joomla community is quite active and available to help you hunt down what you need for your business website project. It is easy to create an eCommerce site, complete with shopping carts, point-of-sale systems, inventory management and affiliate tracking.

Joomla Screenshot

Joomla has most standard add-ons you need for a basic website too. These include blogs, email forms, discussion forums and photo galleries. You can include user-contribution pages and allow visitors to add content. The security measures available with Joomla help protect your important content during any interactions with your site visitors. Captcha ensures that contributors sending information are human, and SSL compatibility gives you the option to password protect sensitive pages and content.

The dashboard is easy to navigate while creating and uploading web content. Additional add-ons are available to allow document management, file distribution and project management. These programs allow you to do more with your content than simply place it on a website. They give you and your employees easy digital access to data that is important to the overall operation of your company.

Joomla doesn’t have many support options. You can browse through the online user guide and discuss options on the user forums. There are also online classes available through the website, but no email or phone support options. This is not unusual for open source software systems.

Joomla isn’t a quick website builder with site or style wizards but rather a CMS for web designers who have experience using code to develop functional and professional websites. This CMS has an extensive list of business and commerce add-ons available, most without cost. The community is active and effective in answering questions that cannot otherwise be answered due to the lack of personal support options.

CMS Reviews

WebGUI LogoOpen source content management system (CMS) WebGUI includes so many add-ons that a variety of organizations, ranging from small businesses and government agencies to nonprofits, have utilized it to create and maintain online content. It offers a huge toolset, including the most important eCommerce and business add-ons, such as shopping carts, POS systems and file distribution. It also has a wealth of support options.

Since content management systems are designed for multiple users to use at the same time, WebGUI has tools for real-time collaboration, such as versioning. The sandbox tool allows web developers to create new webpages and content and to see how it will look online without disrupting the live site.

WebGUI has a unique feature that allows you to customize each user’s interface to match their skill level. This means the administrator can set the level and tools available to each user depending on their experience and need for the content management system. Interfaces range from simple tools to add or delete content from the company website to portals that allow IT personnel to make large changes to the programming.

Drag and drop is one of the best tools for easily adding content to your website. WebGUI also has an easy-to-use site wizard that lets you preview your additions and before you save and publish the final product. If you make a mistake, WebGUI has an undo feature so you don’t have to delete everything and start from square one. It also includes a spell checker to help you avoid some mistakes from the get-go.

This content management software includes tools for eCommerce, such as shopping carts, inventory management and point-of-sale systems. You can add a help desk portal so clients can easily send questions to support and IT personnel. WebGUI also supports a live chat feature for further enhancing your customer’s experience on your website.

WebGUI has a contact management tool that lets you safely store and share client information. The document management feature allows you to create and store content virtually. You can also share the data entry, file distribution and database reports among different departments and employees for group collaboration projects. This CMS can help you create and manage events that are important to the growth and success of your company.

The WebGUI community is relatively active, and you can find several personal websites and blogs with codes for a variety of add-ons. WebGUI offers telephone support in addition to email. It also has user guides and forum discussions online to help you during non-business hours when customer support is not available.

 

EZ logoeZ Platform, an open source content management system (CMS), offers drag-and drop capabilities and editing on the page itself. It offers multilingual and multisite capabilities so you can manage all your websites from a single repository, even those in different languages. It works on the Symphony framework and offers API capability so you can customize the site for your specific needs.

As with most of the best CMS programs on our review, eZ Platform has included many important security tools, including granular privileges that let you determine who has access to which parts of the software, with password protection afforded to individual users.

This CMS program has a unique sandbox that allows you to create, test and preview content before it goes live. You can also place each new change on a timeline that will automatically push the content live without any additional thought or effort on your part.

eZ Platform is a good choice for medium-size business that have a lot of back-end web content needs, such as contact, document and project management. This CMS program has real-time reports on visitor activity to help you analyze visitor information and make decisions about future content on your site. It lacks eCommerce tools but offers a powerful API system, so you may be able to integrate third-party software.

Creating your website is straightforward, with editing managers that include drag-and-drop functions for content such as images, graphs and data. eZ Platform has an image editor within the program itself that lets you control clarity, color effects and contrast. eZ Platform also has tools to automatically create mobile friendly websites. Preview tools let you see exactly what your web site content will look like when it goes live.

eZ Platform lets you include blogs, wikis and discussion forms that allow visitors to contribute content in a controlled environment. Search engines, site maps, email help forms and live chat are also important tools you can include on your website to give your visitors more access to customer support and IT support.

eZ Platform is an easy-to-use CMS program for creating high-level, interactive business websites, although some important eCommerce tools and functions are missing. The unique sandbox allows you to schedule many content items to automatically go live on user-specified publish dates. The real-time data tracking lets you quickly analyze and adjust content to create a more user-friendly experience for your visitors.

 

ModX LogoMODX is a developer-friendly content management system, or CMS, that is capable of recognizing several programing languages. MODX doesn’t have any simple web building tools like a site wizard. Instead, every aspect of your site must be created using code. While basic web-creation tools are not necessary for content management system software, it is nice to have them for creating quick web pages.

This CMS software is intuitive for web designers and organized to allow you easy access to important tools. Since this is a true CMS program rather than a souped-up web builder, you must use code to create an interactive, eCommerce-friendly business website.

The online video tutorials, user guides and discussion forums have lists of codes to use for a variety of business tools. It also offers a free download guide and codes for applications. However, you have a great deal of creative freedom with this platform, including the ability to use different programming languages for different types of content. For example, you can program your website in HTML5 and your mobile app in JSON.

You can create websites that are mobile responsive and handicapped-accessible. The platform allows for malleable plug-ins and apps. It allows for the most common website tools like blogs, product catalogs or directories, store locators, and FAQs. It has mods for email marketing via MailChimp, Constant Contact and other newsletter programs. It works with Javascript codes to integrate things like Google Analytic, and Zapier for more robust applications. It has some eCommerce integrations in MODX Extras for Shopify, Shopkeeper, Magento and others.

MODX offers a high level of security, with xPDO as an intermediate database layer to ensure code is sanitized before being saved to a database. This prevents SQL injection attacks. It has several password add-ins for ensuring your content is secure.

With a clean interface and the ability to recognize multiple programing languages, MODX is a developer-friendly choice for a content management system. You can use it to create websites or mobile apps. It also allows for email marketing, an important feature for businesses that use their websites to gather leads. It is secure, versatile and has integrations with several shopping cart programs.

 

Concrete5 Logoconcrete5 is open source content management software with pre-designed templates and add-ons for those who want some flexibility with coding their website but aren’t interested in doing it all from scratch. It has an active user community, several training opportunities and professional support.

This CMS software allows you to select themes to start, and you can customize them using the menu or CSS coding. You can also format each page individually with videos and images, layout modules, stacks and responsive grid points. It uses a WYSIWYG editor plus drag-and-drop capabilities to create the look that matches your brand. It creates mobile-responsive sites, an important consideration since over 40 percent of consumers are now using their mobile phones to make buying decisions.

You can employ marketing tools like forms for collecting customer data, reporting both on website performance and customer use, blogs with RSS syndication and comment moderation, and site optimization features to make sure you get the best search engine optimization.

If you are looking for advanced tools, you can check the documentation for codes for specific needs, ask on the forums or check out the add-on library. You can find hundreds of add-ons for everything from image carousels to eCommerce. The eCommerce apps were limited, however.

In addition, the software is very secure. You can modify it without overriding the core, and the CMS software itself has been tested at hackerone.com. You have audit trails and CAPTCHA tools as well as login histories to track issues. The program is SSL compatible.

The website includes documentation and tutorials created by the founders and the users, plus you can purchase online courses from beginner user level to advanced developer level. There is an active forum as well as the ability to hire professional assistance. 

concrete5 content management system software is open source, giving you a lot of flexibility in programming the code to create attractive, useful and mobile-friendly websites. It has themes and add-ons for those not interested in heavy coding and training for those who want to learn, but the real power of this system lies in its coding capabilities.

 

Composr logoComposr is an open source content management system (CMS) with a large plug-and-play feature set that also allows for coding. It makes secure, mobile friendly websites with automatic SEO tools and extras to engage your visitors. It’s not the best CMS solution for eCommerce or large-scale enterprise endeavors, but it has the power and ease for most SMB sites.

The code is easy to download and install and offers some templates to get you started, or a style wizard if you prefer to design the site yourself. You can then add modules such as catalogs, galleries, blogs and documents libraries. You can integrate it with your current forum or its forum, Conversr.

You can password protect parts of the website so others can work the parts of the system they need to. It offers SSL/HTTPS support, including integration to TLS, the next generation of PCI compliance. In addition, it offers forum protections on Conversr for warning members, putting them on probation or banishing them as needed.

You can create content with the WYSIWYG editor, add images singly or in galleries, post videos and create other interactive features, such as quizzes, to engage your readers. You can find some add-ons on the website; they are easy to install. However, this content management software prides itself on not depending on additions for its power. That means, you’ll find most of tools you need already in the program, but if you want something particular, you may have to code it or seek it from other sources.

It’s a versatile program, but Composr is up front about the things it does not do well. In fact, it recommends other CMS solutions for blogs, eCommerce and large-scale enterprise-level intranets.

If you are just starting out, there are video tutorials and documentation plus an active forum where you can ask questions or swap code. This CMS provider also has professional-level assistance, though it comes with a charge. This is typical of most CMS providers that offer professional support.

Composr is not as popular as many content management software systems, but it is versatile, secure and user friendly. It can handle most business websites, although it’s not focused on eCommerce.

 

SquareSpace LogoThe Squarespace content management system software (CMS) has a user-friendly interface and includes site hosting. This service charges per month or annually, but handles updates and offers a free custom domain and SSL security.

Squarespace offers the most critical built-in features necessary for website creation and management, including access to website analytics. The content manager offers a rich text, WYSIWYG editor with the basic formatting tools found in word-processing applications such as Microsoft Word. You can also input raw HTML or formatted text.

This content management software allows for some coding in HMTL/CSS and Java. However, these are small modifications or additions only; Squarespace is not an open source software CMS. This makes it a good choice for non-developers who want a basic but powerful site, but it limits developers who need advanced solutions.

Even though add-ons are not available through third-party developers, Squarespace still provides many basic customization options. The templates are versatile, and it offers many that are eCommerce focused. You can add unlimited products with variants, accept and track payments and integrate your email marketing list. The websites are automatically mobile responsive, an important feature since more and more people are shopping using mobile devices.

While there are no options for advanced coding, the system does provide useful layout blocks, including galleries and YouTube, menus and indexes. It also has archive blocks what let you group and display up to 1,000 content items by year, month, author or category to create an index page.

Squarespace ensures your site is safe and secure with the option to SSL-enable your pages. In addition, you can designate certain users as an administrator or provide a login and registration form for site visitors. Site controls include annotations, sitewide passwords to lock the site while it’s under construction, lock screens and page-specific passwords. With multiple access levels you can limit an employee’s ability to change the site to just the areas they need.

Squarespace is a basic but versatile content management system ideal for people who are not hard-core developers but want to create a useful and secure website for personal, business or eCommerce. It’s not open source nor does it have plug-ins, but it offers the most important tools, creating an attractive small business website.

 


What Is a CMS Used For?

At the most basic level, a CMS lets you upload and manage the content for your website. No matter the size or type of your business, a CMS has become almost indispensable. It operates on the backend of your website, allowing you to manage the content and other facets of your website, including the visual layout.

Another benefit of a CMS is that it makes it easy for users with varying levels of tech savviness. If your tech literacy is low, CMS systems have a variety of premade themes and plug-ins that have already been developed (think phone apps but for your website) and allow you to add tools, like search or appointment calendars, to your website.

If you know how to code, or employ software developers, most CMS software is open source and can be customized to your liking.

Businesses of all types can benefit from using a CMS for their website. Here are some examples of how a CMS can enhance the websites for a variety of different business types:

  • Restaurants: CMS software makes it easy for restaurants to add and update their menus, create coupons and offers, and allow customers to make reservations online. There are many premade plug-ins that specifically target restaurant websites.
  • eCommerce: A CMS can benefit your online store by allowing you to quickly add and remove products, track sales, and manage other aspects of your business. Plug-ins are available to add a shopping cart to your site. A brick-and-mortar store can easily add a shopping cart using a CMS.
  • Small Businesses: No matter what type of business you operate, a website is a necessity in today’s business world. A CMS allows you to manage the content yourself and update information quickly. Most CMS applications include SEO plug-ins to help you optimize your website’s content. You can also find templates and themes to quickly create an attractive website without having to hire a designer.
  • Nonprofits: A CMS allows nonprofits to easily manage their websites for not a lot of money, plus you can accept donations online by adding plug-ins. Many open-source CMS applications have robust communities of developers that can help nonprofits create the best websites. Add-ons and plug-ins are also available to help nonprofits manage their social media and marketing presence.


CMS vs. Blogging Platforms

A CMS platform is different from a blogging platform in terms of scale. Some of the services profiled in our buying guide began as blogging platforms and offer that service, but a CMS is much more robust, offering greater control over the look and feel of your site as well as allowing for different administrative levels of control. A CMS also allows you to add plug-ins that expand the look and functionality of your site. You can brand your website, send emails, manage user access and even add a shopping cart.

Another main difference between a blog platform and a CMS is that the blog will be hosted by the platform itself. This means that your website will have the domain name of the blog host, such as Blogger.

If you use a CMS to manage and develop your website, you’ll need to pay for the domain and the web hosting. Many CMS platforms include web hosting services, though you’ll have to pay for the hosting. You can read our articles about web hosting to learn more.


Open Source vs. Closed Source

Content management systems fall into two major categories: open source and closed source. An open source CMS has lower costs and is created and maintained by a community of developers A closed source CMS is proprietary and is more expensive to use. Here are some other benefits and drawbacks with each type of CMS.

The biggest difference is in the price. Open source CMS software doesn’t require you to purchase a license in order to access and change its source code. All code is free to the public and often supported by a large community of users. This gives you solid support since so many others are using the program as well. It’s easy to find ideas for incorporating various functions and features on your website. You can also find the required code from these community support groups, so even if you aren’t as program savvy as others, you can find enough information to make it work.

However, because the source code is free with so many users, most CRM companies continually update the software. This means you can count on new versions, patches and updates on a fairly regular basis, which could require you to change your website and code in order to keep up.

Because the code of open source programs is license-free, there is a greater risk of a security breach. Everyone using the open source code understands how to get around various protections. However, you can invest in add-ons and other security programs that work hand-in-hand with content management systems to give you an extra layer of security. Closed source CMS software has heavily guarded source code that requires a license in order to access it, or several if you have a team of developers. Because the source is so protected, it costs a lot to get started. Several closed source content management systems require a monthly access fee, so it isn’t unheard of to have to pay between $200 and $1,000 to get started.

Since you put so much effort into creating a CMS program, these systems are built to last for a while between version releases. While the occasional update or patch may occur, for the most part, once you purchase a closed source CMS, you can find solace in knowing you won’t have to update the program and risk reworking your website code. This also helps keep the program more secure since there is a limited number of people who hold a license to the code.

If you discover you need help with your closed source CMS, you don’t have the large community support found with open source software. Instead, these systems tend to come with high-end, personal support including telephone support, which is rare among open source content management systems.

Benefits of Open Source CMS

  • Cost: An open source CMS doesn’t involve any fees to use the platform. All of the open source CMS applications in our lineup include a free option. You may have to pay for hosting or advanced features, but there are several themes that are free to start with.
  • Customization: Open source CMS applications are flexible and can fit the needs of many businesses. Because a broad community of developers works on these systems, there are a wide variety of options, so you can find certain tools or plug-ins to suit your business. For example, if you want to add a feature so your customers can schedule an appointment or make a reservation online, there are several plug-ins available that are easy to integrate with your CMS.

Drawbacks of Open Source CMS

  • Vulnerability: Open source CMS software can be vulnerable to security issues, especially if plug-ins and modules are not updated.
  • Support: Don’t count on personalized support for problems you run into with your particular website.

Benefits of a Closed Source CMS

  • Security: Because this type of CMS software is proprietary, these applications undergo a more rigorous testing process, which leaves them less vulnerable to Trojans and other security flaws.
  • Customized Support: You can receive ongoing, personalized support to help you troubleshoot any problems with your site. Often this support costs extra.

Disadvantages of Closed Source CMS

  • Cost: Costs range from a few thousand dollars to upwards of a hundreds of thousands of dollars, depending on the scope and scale of the CMS.
  • Lack of Flexibility: A closed source solution isn’t always one size fits all, but there are fewer options for customization, and if you need something specific for your business, you may have to pay extra for it.

A content management system allows you to quickly and easily add and edit content on your website. You can control who has access to the various functions of the software and can schedule when content goes live on your website. We’ve assembled a lineup of the 10 best CMS applications in the industry so you can explore your options and find the one best suited for your business.


FAQ – Terminology

Throughout our reviews, we use a lot of internet and programming terms that might sound familiar but you don t quite know the meaning. Below are samples of some of the most commonly asked questions when it comes to terminology. 

What is access control?
This refers to a hierarchical system of privileges and permissions that secures content and identifies who can read, create, modify, and delete content on a web site.

What are web analytics?
This is the study of the impact of a website on its visitors. E-commerce companies often use web analytics software to measure statistics such as how many visitors, how many unique visitors, how they arrived at the site (i.e., if they followed a link to get to the site or came there directly), what keywords they searched using the site s search engine, how long they stayed on a given page or on the entire site, what links they clicked on and when they left the site. Web analytic software can also be used to monitor whether or not a site s pages are working properly. With this information, site administrators can determine which areas of the site are popular and which areas of the site do not get traffic and can then use this data to create a better/more profitable user experience.

What is asset management?
Asset management is the organization and publication of digital assets such as content and media and including but not limited to images, sounds, animations, movies, music and text.

What is the back end?
A database or program that is accessed by users indirectly through an external application. In a CMS, the admin panel is the back end.

What is CSS?
CSS stands for Cascading Style Sheet   this is the preferred way to add styles (which include fonts, sizes, colors and spacing) to web documents and designs. It s preferred because of the capability to simply tweak a class or identification attribute on the style sheet that will automatically apply to the entire page. Compared with the manual way of editing thousands of individual font tags, CSS is an elegant and efficient design tool.

What is a database server?
In either a client-server model or a master-slave configuration, this is a computer program that stores and performs the database services to other programs or computers.

What is deployment?
In systems this term describes the transforming of a computer system from a packaged form to an operation state. In software, deployment is used to describe all activities that make a software system available for use.

What is document management?
Document management systems (DMS) are similar to content management systems and serve different though complementary roles within an organization. DMS focus is primarily on the storage and retrieval of self-contained electronic resources in their original (native) format.

What is the front end?
As opposed to the back end, the front end is an interface that collects input from a user in various forms and processes it to conform to a specification useable by the back end.

What is load balancing?
This is the practice of dispersing work between two or more computers, network links, CPUs, hard drives, or other resources.

What is a log?
In a database or CMS this is a record of sequential data. In content management system software this could be user logs, content logs, etc.

What does OS stand for?
OS stands for Operating System   this is the interface between the hardware and its user. For example, if your computer is a PC your OS is likely Windows-based. If your computer is a Mac, it s OSX, etc.

What is Page Rank?
Page rank is the Google system of ranking web pages determines the value of any individual web page.

What is RSS?
RSS stands for Really Simple Syndication   it is a family of web feed formats used to publish frequently updated works such as news headlines, blogs, etc. These feeds benefit content publishers by enabling them to syndicate their content automatically.

What is a sandbox?
In content management system software, this is a secure area where developers can test a software tool or other code modification with full administration privileges, but safely walled off from affecting the stability of the site or CMS.

What is a static page (as opposed to dynamic)?
Static means that the web page always contains the same information in response to all download requests from all users. A dynamic page is regularly updated.

What is validation?
In content management system software, validation refers to security measures that ensure data inserted into an application meets pre-determined formats, complies with length requirements and any other defined input criteria you assign to it.

What is meant by workflow in a CMS?
Workflow is the system for routing documents or pages between users responsible for working on them   the management of who is making changes to or creating a content element or template.

0

Blog Posts

This sounds like something out of a Dan Brown book, but it isn’t: The whole internet is controlled by seven actual, physical keys.

The Guardian’s James Ball was recently allowed to observe the highly secure ritual known as a key ceremony.

The people conducting the ceremony are part of an organization called the Internet Corporation for Assigned Names and Numbers (ICANN). ICANN is responsible for assigning numerical internet addresses to websites and computers and translating them into the normal web addresses that people type into their browsers.

For instance, type 64.27.101.155 into your browser, and you’ll be taken to Business Insider’s web page. But www.businessinsider.com is easier for people to remember. ICANN maps the numbers (easier for computers to use) with words (easier for humans to use).

If someone were to gain control of ICANN’s database, that person would control the internet. For instance, the person could send people to fake bank websites instead of real bank websites.

On the other hand, if a calamity happened, the ICANN database could need to be rebuilt. So ICANN came up with a way to do that without entrusting too much control to any one person. It selected seven people as key holders and gave each one an actual key to internet. It selected seven more people to be backup key holders: 14 people in all.

The physical keys unlock safe deposit boxes stashed around the world. Inside those boxes are smart key cards. Put the seven smartcards together and you have the “master key.” The master key is really some computer code, a password of sorts that can access the ICANN database.

Four times a year since 2010 the seven key holders meet for the key ceremony where they generate a new master key, i.e. a new password.

The security to be admitted to the ceremony is intense, Ball reports, and involves passing through a series of locked doors using key codes and hand scanners, until entering a room so secure that no electronic communications can escape it.

The group conducts the ritual, then each person files out of the room one by one, and then they all head to a restaurant and party.

Source : IFL Science.

 

0

Blog Posts

You may not think your site has anything worth being hacked for, but websites are compromised all the time. The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to setup a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware. 

Hacking is regularly performed by automated scripts written to scour the Internet in an attempt to exploit known website security issues in software. Here are our top 10 tips to help keep you and your site safe online.

01. Keep software up to date

It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them.

If you are using a managed hosting solution then you don’t need to worry so much about applying security updates for the operating system as the hosting company should take care of this.

If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in.

Many developers use tools like Composer, npm, or RubyGems to manage their software dependencies, and security vulnerabilities appearing in a package you depend but aren’t paying any attention to on is one of the easiest ways to get caught out. Ensure you keep your dependencies up to date, and use tools like Gemnasium to get automatic notifications when a vulnerability is announced in one of your components.

02. SQL injection

SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement.

Consider this query:

"SELECT * FROM table WHERE column = '" + parameter + "';"

If an attacker changed the URL parameter to pass in ‘ or ‘1’=’1 this will cause the query to look like this:

"SELECT * FROM table WHERE column = '' OR '1'='1';"

Since ‘1’ is equal to ‘1’ this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed.

You could fix this query by explicitly parameterising it. For example, if you’re using MySQLi in PHP this should become:

$stmt = $pdo->prepare('SELECT * FROM table WHERE column = :value');
$stmt->execute(array('value' => $parameter));

03. XSS

Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages, which then runs in the browsers of your users, and can change page content, or steal information to send back to the attacker. For example, if you show comments on a page without validation, then an attacker might submit comments containing script tags and JavaScript, which could run in every other user’s browser and steal their login cookie, allowing the attack to take control of the account of every user who viewed the comment. You need to ensure that users cannot inject active JavaScript content into your pages.

This is a particular concern in modern web applications, where pages are now built primarily from user content, and which in many cases generate HTML that’s then also interpreted by front-end frameworks like Angular and Ember. These frameworks provide many XSS protections, but mixing server and client rendering creates new and more complicated attack avenues too: not only is injecting JavaScript into the HTML effective, but you can also inject content that will run code by inserting Angular directives, or using Ember helpers.

The key here is to focus on how your user-generated content could escape the bounds you expect and be interpreted by the browser as something other that what you intended. This is similar to defending against SQL injection. When dynamically generating HTML, use functions which explicitly make the changes you’re looking for (e.g. use element.setAttribute and element.textContent, which will be automatically escaped by the browser, rather than setting element.innerHTML by hand), or use functions in your templating tool that automatically do appropriate escaping, rather than concatenating strings or setting raw HTML content.

Another powerful tool in the XSS defender’s toolbox is Content Security Policy (CSP). CSP is a header your server can return which tells the browser to limit how and what JavaScript is executed in the page, for example to disallow running of any scripts not hosted on your domain, disallow inline JavaScript, or disable eval(). Mozilla have an excellent guide with some example configurations. This makes it harder for an attacker’s scripts to work, even if they can get them into your page.

04. Error messages

Be careful with how much information you give away in your error messages. Provide only minimal errors to your users, to ensure they don’t leak secrets present on your server (e.g. API keys or database passwords). Don’t provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.

05. Server side validation/form validation

Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website.

06. Passwords

Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.

As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.

Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.

In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.

Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset.

07. File uploads

Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded however innocent it may look, could contain a script that when executed on your server completely opens up your website.

If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not full proof. Most images formats allow storing a comment section which could contain PHP code that could be executed by the server.

So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won’t attempt to execute files with image extensions, but it isn’t recommended to rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through.

Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can’t be executed. If using *nix you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier.

deny from all
    <Files ~ "^\w+\.(gif|jpe?g|png)$">
    order deny,allow
    allow from all
    </Files>

Ultimately, the recommended solution is to prevent direct access to uploaded files all together. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example:

<img src="/imageDelivery.php?id=1234" />
     
<?php
      // imageDelivery.php
     
      // Fetch image filename from database based on $_GET["id"]
      ...
     
      // Deliver image to browser
       Header('Content-Type: image/gif');
      readfile('images/'.$fileName);  
     
?>

Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check.

Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don’t have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP.

If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH.

If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed.

Finally, don’t forget about restricting physical access to your server.

08. HTTPS

HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees to users that they’re talking to the server they expect, and that nobody else can intercept or change the content they’re seeing in transit.

If you have anything that your users might want private, it’s highly advisable to use only HTTPS to deliver it. That of course means credit card and login pages (and the URLs they submit to) but typically far more of your site too. A login form will often set a cookie for example, which is sent with every other request to your site that a logged in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site.

That’s no longer as tricky or expensive as it once was though. Let’s Encrypt provides totally free and automated certificates, which you’ll need to enable HTTPS, and there are existing community tools available for a wide range of common platforms and frameworks to automatically set this up for you.

Notably Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. There’s a stick to go with that carrot though: Chrome and other browsers are planning to put bigger and bigger warnings on every site that doesn’t do this, starting from January 2017. Insecure HTTP is on its way out, and now’s the time to upgrade.

Already using HTTPS everywhere? Go further and look at setting up HTTP Strict Transport Security (HSTS), an easy header you can add to your server responses to disallow insecure HTTP for your entire domain.

09. Website security tools

Once you think you have done all you can then it’s time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short.

There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers will use in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL injection.

Some free tools that are worth looking at:

  • Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS
  • OpenVAS. Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product.
  • SecurityHeaders.io (free online check). A tool to quickly report which security headers mentioned above (such as CSP and HSTS) a domain has enabled and correctly configured.
  • Xenotix XSS Exploit Framework A tool from OWASP (Open Web Application Security Project) that includes a huge selection of XSS attack examples, which you can run to quickly confirm whether your site’s inputs are vulnerable in Chrome, Firefox and IE.

The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren’t a concern for your site.

If you wish to take things a step further then there are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point.

So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then I would try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or to upload a server side script.

Hopefully these tips will help keep your site and information safe. Thankfully most CMSes have a lot of inbuilt website security features, but it is a still a good idea to have knowledge of the most common security exploits so you can ensure you are covered.

There are also some helpful modules available for CMSes to check your installation for common security flaws such as Security Review for Drupal and WP Security Scan for WordPress

Source : Creative Blog.

0

Blog Posts

There are over 1 million new strains of malware created every day. One identified infection can get your website blacklisted by Google, who currently blacklists over 10,000 websites each day. Mind you, the malware need not even be on your site.

SMEs (Small to medium-sized enterprises) are unfortunately one of the largest targets of cyber attacks. On average, over 30,000 SME websites are targeted each day, and to make matters worse, nearly 60% of their IT professionals think they aren’t at any real risk of being attacked.

Don’t allow your business to suffer expensive cyber attack damages (which average around $50K per attack) — instead, be proactive in your web security efforts to prevent security threats, protecting you and your customer’s private data. Here are 5 tips to help you protect your website from malware and other cyber threats:

1. Updates and Patches

Is your website running off of a Content Management System (CMS) such as WordPress? A CMS can be an easy and cost-effective way to manage your business’ website, but they’re also large targets for cyber attacks.

Why? Many CMS platforms and plugins are often easy targets for hackers and allow backdoor access to your server and data (a recent example of this vulnerability was the SoakSoak attack that occurred last month). Make sure your system, plugins and themes are always up to date, strengthening your web security. Many CMS solutions will even automatically update files for you, if you choose.

2. Website Scanning

Many web viruses and other malware go unnoticed until it’s too late, due to their elusive nature. They can often be implemented with a simple one-line script, injected into the code of your website – made to look like normal code.

Website security scanning software can scan your website for existing malware and other harmful code that doesn’t belong, and notify you immediately of any threats. The SMART (Secure Malware Alert & Removal Tool) software takes it a step further by automatically removing anything harmful – similar to what a virus removal software does for your PC.

3. Web Application Firewalls

Removing existing website threats is one issue, but keeping them from coming back is another. With over 1 million new malware strains created each week, your business’s website can potentially to be infected by a new virus every day.

Web Application Firewalls (WAF) can help prevent attackers from even visiting your site. How do they work? Let’s take our TrueShield WAF, for instance – it evaluates traffic based on where it’s coming from, how it’s behaving, and what information it’s requesting. Based on these and other criteria, the firewall will allow “legitimate” traffic (e.g. customers and search engines) access while blocking “malicious” traffic (e.g. spam bots and hackers).

Used in conjunction with a website scanning solution, a WAF can help provide around-the-clock, hands-free security for your business’s website.

4. PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.

Fortunately, it’s not difficult to become PCI compliant. There are many solutions that walk you through the steps to help create your own customized PCI policy.

5. Strengthen Passwords

Even in 2015 the world is still using weak passwords. A strong password is one that contains over 8 characters, no dictionary words, has a mixture of uppercase and lowercase letters, and includes digits and/or special characters. Unfortunately, many of those boxes aren’t checked – allowing brute-force hacking techniques (repeated attempts to login to your website) to become effective.

It’s extremely important that you create a strong password for your website’s back end, since it can often times be an easy way into your private data. You should also advise your customers who have online accounts to do the same, to help protect them from future attacks. After all, it only takes seconds for a computer to crack a poorly created password.

Credit : Sitelock

0

Blog Posts

According to the official site of cPanel, cPanel & WHM version 58 will reach End of Life in 1 month, at the end of July, 2017. cPanel & WHM versions 56 and 60 will also reach End of Life at the end of October, 2017.

In accordance with our EOL policy (https://go.cpanel.com/longtermsupport), when a version of cPanel & WHM reaches End of Life it will no longer be supported by cPanel, except when upgrading to a supported version. The software will continue functioning on servers where it is already installed. However, no further updates, including security and feature updates, will be provided once it reaches End of Life.

We recommend that all customers migrate any existing installations of cPanel & WHM version 56, 58, and 60 to the most recent version of cPanel & WHM 64, which you can read about on https://releases.cpanel.com.

If your server setup complicates the process of migrating to a newer version of cPanel & WHM (an upgrade blocker list is available at https://go.cpanel.com/blockers), then cPanel is here to help. Simply open a support ticket at https://tickets.cpanel.net/submit so that our knowledgeable support team can provide recommendations, migration assistance, and more.

0