[wp-hackers] WordPress as CMS (was: wordpress security)

Stephen Rider wp-hackers at striderweb.com
Wed Oct 21 20:08:49 UTC 2009

[edited for clarity]
Note:  This email repeats a lot of things I said in another email, for  
the benefit of those who are not following the Security thread.  For  
those who *are* following that thread, please skim to the bottom, as I  
pose a new and separate question from the security issues discussed  

In the past, I've asked for advice on using WordPress as a straight  
CMS rather than a blog platform.  Such questions are routinely  
answered with remarks along the lines of, "It is a CMS, Dummy."

Fine it's a CMS.  But I just don't understand this attitude toward  
people asking about "WordPress as CMS" -- it's widespread and  
wrongheaded (including coming from one developer with whom I've had a  
very friendly relationship.)  As long as the "blog post" aspect is  
front and center, people will -- legitimately -- consider it "blog  

Personally I would love to see a plugin that entirely removes or  
conceals the post/comment areas of the admin, and I'm considering  
making one.

The Big Question:  What would a "CMS" plugin have to do?  Posts and  
comments are woven throughout the Admin, and I'd like to remove all  
aspects of them from the menus.  My "to do" list is below -- if I'm  
missing something, or if you have advice as to how to do some of this,  
I would appreciate.

	1) Remove "Posts" and "Comments" from main menu.  (Am I correct that  
direct links will still work?  Is there a way to remove those areas  
entirely rather than just hiding the menu items?)

	2) Remove "Recent Comments" and "QuickPress" from Dashboard.  (Again,  
can it be removed entirely or merely hidden?)

	3) Remove "Press This" from Tools page (how?)

	4) Writing Settings page -- remove/hide/turn off "Remote Publishing",  
"Post Via Email", and "Update Services" settings

	5) Reading Settings page -- remove "Front Page Displays" option.  Set  
it to "static page".  Still must allow user to set the static page  

	(Since we're changing those two pages so much, perhaps remove them  
entirely and replace them with a new consolidated page?)

	6) Remove "Discussion" settings page entirely.  Set default  
preferences to no comments or notifications.

	7) Remove "Discussion" meta box from Edit Page page.

	8) Remove Tags/Categories from Permalink Settings page

Also, in general, I think WordPress itself should do a few things to  
lessen the "blog assumption".  Nothing major, but a few small things  
to consider:

	1) On General Settings page, change "Blog Title" and "Blog Address"  
to "Site Title" and "Site Address"

	2) Ditto "Privacy" page.  "Blog" s/b "Site"

Good idea?  Bad?  Discuss!


Stephen Rider

wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list