[wp-hackers] WordPress as CMS (was: wordpress security)
Stephen Rider
wp-hackers at striderweb.com
Wed Oct 21 20:00:13 UTC 2009
Note: This email repeats a lot of things I said in another email, for
the benefit of those who are not following the Security thread. For
those who *are* following that thread, please skim to the bottom, as I
pose a new and separate question from the security issues discussed
elsewhere....
On Oct 21, 2009, at 9:03 AM, Otto wrote:
> A site that the admin has not visited in 2 months is, IMO, a dead
> site. No new content, no readers, nobody caring for it...
In the past, I've asked for advice on using WordPress as a straight
CMS rather than a blog platform. Such questions are routinely
answered with remarks along the lines of, "It is a CMS, Dummy."
Fine it's a CMS. But as such we must accept that many users are using
WordPress to set up their sites, and edit them when needed, but are
NOT routinely adding new content, /a la/ a blog. In such
circumstances, a site can **easily** go two months without being
updated.
I just don't understand this "screw 'em" attitude. The attitude
toward people asking about "WordPress as CMS" is widespread and
wrongheaded (including coming from one developer with whom I've had a
very friendly relationship.) As long as the "blog post" aspect is
front and center, people will -- legitimately -- consider it "blog
software".
Personally I would love to see a plugin that entirely removes or
conceals the post/comment areas of the admin, and I'm considering
making one.
The Big Question: What would a "CMS" plugin have to do? Pots and
comments are woven throughout the Admin, and I'd like to remove all
aspects of them from the menus. My "to do" list is below -- if I'm
missing something, or if you have advice as to how to do some of this,
I would appreciate.
1) Remove "Posts" and "Comments" from main menu. (Am I correct that
direct links will still work? Is there a way to remove those areas
entirely rather than just hiding the menu items?)
2) Remove "Recent Comments" and "QuickPress" from Dashboard. (Again,
can it be removed entirely or merely hidden?)
3) Remove "Press This" from Tools page (how?)
4) Writing Settings page -- remove/hide/turn off "Remote Publishing",
"Post Via Email", and "Update Services" settings
5) Reading Settings page -- remove "Front Page Displays" option. Set
it to "static page". Still must allow user to set the static page
though.
(Since we're changing those two pages so much, perhaps remove them
entirely and replace them with a new consolidated page?)
6) Remove "Discussion" settings page entirely. Set default
preferences to no comments or notifications.
7) Remove "Discussion" meta box from Edit Page page.
8) Remove Tags/Categories from Permalink Settings page
Also, in general, I think WordPress itself should do a few things to
lessen the "blog assumption". Nothing major, but a few small things
to consider:
1) On General Settings page, change "Blog Title" and "Blog Address"
to "Site Title" and "Site Address"
2) Ditto "Privacy" page. "Blog" s/b "Site"
Good idea? Bad? Discuss!
Stephen
--
Stephen Rider
http://striderweb.com/
More information about the wp-hackers
mailing list