[wp-hackers] WordPress as CMS (was: wordpress security)

Wed Oct 21 20:05:40 UTC 2009

You're most likely about to be told either:

1) If you want a website CMS (non-blog) then try drupal/joomla/EE
2) If you MUST use WP as a site CMS (non-blog) just tell your client to
ignore the blog stuff.

Good luck.

FWIW, I like the idea of a lightweight plugin that does nothing but remove
all references to blog posts, comments, etc. I think it's a fine idea.

------------------
Nathan Rice
WordPress and Web Development
www.nathanrice.net | twitter.com/nathanrice | www.modthemes.com

On Wed, Oct 21, 2009 at 4:00 PM, Stephen Rider <wp-hackers at striderweb.com>wrote:

> Note:  This email repeats a lot of things I said in another email, for the
> benefit of those who are not following the Security thread.  For those who
> *are* following that thread, please skim to the bottom, as I pose a new and
> separate question from the security issues discussed elsewhere....
>
> On Oct 21, 2009, at 9:03 AM, Otto wrote:
>
>  A site that the admin has not visited in 2 months is, IMO, a dead
>> site. No new content, no readers, nobody caring for it...
>>
>
> In the past, I've asked for advice on using WordPress as a straight CMS
> rather than a blog platform.  Such questions are routinely answered with
> remarks along the lines of, "It is a CMS, Dummy."
>
> Fine it's a CMS.  But as such we must accept that many users are using
> WordPress to set up their sites, and edit them when needed, but are NOT
> routinely adding new content, /a la/ a blog.  In such circumstances, a site
> can **easily** go two months without being updated.
>
> I just don't understand this "screw 'em" attitude.  The attitude toward
> people asking about "WordPress as CMS" is widespread and wrongheaded
> (including coming from one developer with whom I've had a very friendly
> relationship.)  As long as the "blog post" aspect is front and center,
> people will -- legitimately -- consider it "blog software".
>
> Personally I would love to see a plugin that entirely removes or conceals
> the post/comment areas of the admin, and I'm considering making one.
>
> The Big Question:  What would a "CMS" plugin have to do?  Pots and comments
> are woven throughout the Admin, and I'd like to remove all aspects of them
> from the menus.  My "to do" list is below -- if I'm missing something, or if
> you have advice as to how to do some of this, I would appreciate.
>
>        1) Remove "Posts" and "Comments" from main menu.  (Am I correct that
> direct links will still work?  Is there a way to remove those areas entirely
> rather than just hiding the menu items?)
>
>        2) Remove "Recent Comments" and "QuickPress" from Dashboard.
>  (Again, can it be removed entirely or merely hidden?)
>
>        3) Remove "Press This" from Tools page (how?)
>
>        4) Writing Settings page -- remove/hide/turn off "Remote
> Publishing", "Post Via Email", and "Update Services" settings
>
>        5) Reading Settings page -- remove "Front Page Displays" option.
>  Set it to "static page".  Still must allow user to set the static page
> though.
>
>        (Since we're changing those two pages so much, perhaps remove them
> entirely and replace them with a new consolidated page?)
>
>        6) Remove "Discussion" settings page entirely.  Set default
> preferences to no comments or notifications.
>
>        7) Remove "Discussion" meta box from Edit Page page.
>
>        8) Remove Tags/Categories from Permalink Settings page
>
> Also, in general, I think WordPress itself should do a few things to lessen
> the "blog assumption".  Nothing major, but a few small things to consider:
>
>        1) On General Settings page, change "Blog Title" and "Blog Address"
> to "Site Title" and "Site Address"
>
>        2) Ditto "Privacy" page.  "Blog" s/b "Site"
>
> Good idea?  Bad?  Discuss!
>
> Stephen
>
> --
> Stephen Rider
> http://striderweb.com/
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>