[wp-hackers] WordPress as CMS (was: wordpress security)
Stephen Rider
wp-hackers at striderweb.com
Wed Oct 21 20:08:49 UTC 2009
[edited for clarity]
Note: This email repeats a lot of things I said in another email, for
the benefit of those who are not following the Security thread. For
those who *are* following that thread, please skim to the bottom, as I
pose a new and separate question from the security issues discussed
elsewhere....
---
In the past, I've asked for advice on using WordPress as a straight
CMS rather than a blog platform. Such questions are routinely
answered with remarks along the lines of, "It is a CMS, Dummy."
Fine it's a CMS. But I just don't understand this attitude toward
people asking about "WordPress as CMS" -- it's widespread and
wrongheaded (including coming from one developer with whom I've had a
very friendly relationship.) As long as the "blog post" aspect is
front and center, people will -- legitimately -- consider it "blog
software".
Personally I would love to see a plugin that entirely removes or
conceals the post/comment areas of the admin, and I'm considering
making one.
The Big Question: What would a "CMS" plugin have to do? Posts and
comments are woven throughout the Admin, and I'd like to remove all
aspects of them from the menus. My "to do" list is below -- if I'm
missing something, or if you have advice as to how to do some of this,
I would appreciate.
1) Remove "Posts" and "Comments" from main menu. (Am I correct that
direct links will still work? Is there a way to remove those areas
entirely rather than just hiding the menu items?)
2) Remove "Recent Comments" and "QuickPress" from Dashboard. (Again,
can it be removed entirely or merely hidden?)
3) Remove "Press This" from Tools page (how?)
4) Writing Settings page -- remove/hide/turn off "Remote Publishing",
"Post Via Email", and "Update Services" settings
5) Reading Settings page -- remove "Front Page Displays" option. Set
it to "static page". Still must allow user to set the static page
though.
(Since we're changing those two pages so much, perhaps remove them
entirely and replace them with a new consolidated page?)
6) Remove "Discussion" settings page entirely. Set default
preferences to no comments or notifications.
7) Remove "Discussion" meta box from Edit Page page.
8) Remove Tags/Categories from Permalink Settings page
Also, in general, I think WordPress itself should do a few things to
lessen the "blog assumption". Nothing major, but a few small things
to consider:
1) On General Settings page, change "Blog Title" and "Blog Address"
to "Site Title" and "Site Address"
2) Ditto "Privacy" page. "Blog" s/b "Site"
Good idea? Bad? Discuss!
Stephen
--
Stephen Rider
http://striderweb.com/
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list