[wp-hackers] WordPress as CMS (was: wordpress security)

Stephen Rider wp-hackers at striderweb.com
Wed Oct 21 20:00:13 UTC 2009

Note:  This email repeats a lot of things I said in another email, for  
the benefit of those who are not following the Security thread.  For  
those who *are* following that thread, please skim to the bottom, as I  
pose a new and separate question from the security issues discussed  

On Oct 21, 2009, at 9:03 AM, Otto wrote:

> A site that the admin has not visited in 2 months is, IMO, a dead
> site. No new content, no readers, nobody caring for it...

In the past, I've asked for advice on using WordPress as a straight  
CMS rather than a blog platform.  Such questions are routinely  
answered with remarks along the lines of, "It is a CMS, Dummy."

Fine it's a CMS.  But as such we must accept that many users are using  
WordPress to set up their sites, and edit them when needed, but are  
NOT routinely adding new content, /a la/ a blog.  In such  
circumstances, a site can **easily** go two months without being  

I just don't understand this "screw 'em" attitude.  The attitude  
toward people asking about "WordPress as CMS" is widespread and  
wrongheaded (including coming from one developer with whom I've had a  
very friendly relationship.)  As long as the "blog post" aspect is  
front and center, people will -- legitimately -- consider it "blog  

Personally I would love to see a plugin that entirely removes or  
conceals the post/comment areas of the admin, and I'm considering  
making one.

The Big Question:  What would a "CMS" plugin have to do?  Pots and  
comments are woven throughout the Admin, and I'd like to remove all  
aspects of them from the menus.  My "to do" list is below -- if I'm  
missing something, or if you have advice as to how to do some of this,  
I would appreciate.

	1) Remove "Posts" and "Comments" from main menu.  (Am I correct that  
direct links will still work?  Is there a way to remove those areas  
entirely rather than just hiding the menu items?)

	2) Remove "Recent Comments" and "QuickPress" from Dashboard.  (Again,  
can it be removed entirely or merely hidden?)

	3) Remove "Press This" from Tools page (how?)

	4) Writing Settings page -- remove/hide/turn off "Remote Publishing",  
"Post Via Email", and "Update Services" settings

	5) Reading Settings page -- remove "Front Page Displays" option.  Set  
it to "static page".  Still must allow user to set the static page  

	(Since we're changing those two pages so much, perhaps remove them  
entirely and replace them with a new consolidated page?)

	6) Remove "Discussion" settings page entirely.  Set default  
preferences to no comments or notifications.

	7) Remove "Discussion" meta box from Edit Page page.

	8) Remove Tags/Categories from Permalink Settings page

Also, in general, I think WordPress itself should do a few things to  
lessen the "blog assumption".  Nothing major, but a few small things  
to consider:

	1) On General Settings page, change "Blog Title" and "Blog Address"  
to "Site Title" and "Site Address"

	2) Ditto "Privacy" page.  "Blog" s/b "Site"

Good idea?  Bad?  Discuss!


Stephen Rider

More information about the wp-hackers mailing list