open communications
Ruminations from open’s internal braintrust

Expertise is organic. It must be constantly nurtured if it is to grow and flourish. This is one of the fundamental pillars of OPEN’s internal culture.

Marvin Chaulk, Vice-President, Senior Consultant
OPEN Communications


the opinions and musings behind the expertise

Blog Author: Catherina Murphy

CMS: The DIY Solution to Your Web Presence?

Catherina Murphy

Posted: May 23, 2013

As the do-it-yourself (DIY) culture becomes more popular and acceptable, a new perspective begins to emerge regarding website development and contenting. Armed with the term, ‘Content Management System’ (or CMS), business owners and administrators ask, ‘why can’t we do this ourselves?’

The question is not whether you can do this yourself; it is whether you should. The answer, of course, is like life — never a simple ‘yes’ or ‘no’.

Money, money, money.
One of the greatest feature about CMS is the freedom to edit your website from anywhere and at any time. However like most freedoms, this comes at a cost. CMS platforms are more expensive than regular static websites, whether it is a custom-built CMS, or an open-sourced CMS with customized features.  Compounding this is the added cost of running databases on your web server, along with the development of a user guide and staff training sessions, essential when there is the possibility of a change in staff.

The question you have to ask yourself is whether the cost is justified. If you need to make constant changes to your website, then CMS is undeniably your star player. But if you only make periodic updates, or lack the resources to efficiently manage content changes, then a static site is more cost-effective.

She’s got the looks
Let’s for argument’s sake, say that your website is a customized CMS site.  It looks distinguished from all the other theme-driven, cookie-cutter sites, thanks to rounds of mock-ups and countless discussions.  Designed by a team of professionals, it was tailored to achieve the full transcendence of your brand and messaging, with carefully cultivated SEO elements.

After all that effort and expense, would you just hand the site off to someone to ‘copy and paste’ content onto any part of the website? Or maybe place unrelated or unprocessed pictures anywhere on any given page? Granted, there are some who handle online communications that come equipped with a degree or knowledge in the required discipline; but more often than not, this is not the case.

Professional webmasters or designers understand the subtle relationship between user experience and strategic image placements, sizing, site consistencies and font usage.  Incorrect applications destroy the carefully constructed feel and visual flow, and unnecessarily slow down the page-loading time.  I often encounter a blatantly different font style applied to a particular section of a website or brochure, text incorrectly justified or a huge image being laboriously loaded onto a page and then displayed in a much smaller scale. For many CMS ‘authors’, these things seem trivial, and are inconsequential to the information displayed on the page. But they can be detrimental to a website’s performance.

Furthermore since CMS templates are designed to keep things consistent, they also restrict the placement and orientation of the elements within a webpage.  One cannot easily create a page with a different layout to emphasize or commemorate a special cause or event. Perhaps conformity, in this case, truly kills the creative.

We’re only human
It should not come as a surprise that being human is a contributing factor to website vulnerabilities and inconsistencies. Somehow, website administration doesn’t always receive the same security ‘attitude’ as with network administration…at least, not until an attack had taken place, that is.

For example, how often does a user account stay active after someone leaves an organization? Will it shock you to know that people use ‘password’ or ‘password1234’ as their account passwords?  How many people do you know who had shared their CMS password one time or another? And how often are CMS accounts checked for unauthorized access?

It is not that non-CMS websites possess fewer security risks. Static websites, by nature, have in most cases, one authoring ‘user’, and this ‘user’ is typically trained to mitigate security risks.  Webmasters are also known to always keep a copy of the website on his / her local computer as well: a kind of off-the-server backup.

Lock the door? Add deadbolt. Bar the windows!
Perhaps one of the greater benefits of open-sourced CMS is the many contributions by the online community.  The community helps in developing and debugging the system, and contributes many commonly used widgets.

The downside? All these benefits are publicly available, and often come with documentations that can be downloaded, taken apart and examined, making an unwelcomed intruders’ job much easier. Once the vulnerability is identified, devious spammers and hackers of the cyber world can then make systematic scans to scout out and exploit websites with such security ‘holes’, especially those without security updates.

CMS is an ongoing developmental project, and as such, functional or security updates are inevitable. This applies to both custom-made and open sourced CMS. Unless you, the business owner has arrangement with your hosting provider or developer, the responsibility of these technical updates falls squarely on your shoulders. Failure to comply can invite malfunctions or worse, security vulnerabilities.

In recent years, I have witnessed evidence of systematic probing on websites, intruders nefariously combing for vulnerabilities. Often these intrusions begin with the search for CMS admin pages or specific database queries and invariably take place unnoticed by site owners. I have witnessed attempts to upload backdoor files onto CMS websites, disguised as image files.  Once inside the platform, the intruder can see and access virtually every file within the site, and can embed codes within a web page to do anything from spamming other websites to SEO hijacking or distributing Trojan-like programs onto unsuspecting visitors’ hard drives.

Plan ahead
Like almost everything in life, there are pros and cons in choosing one website management system over another. A website should never be an afterthought. It truly pays to plan ahead. Think what you want to achieve with your web presence. Determine what its function should be, and what is important. Discuss this with a trust-worthy professional, and listen to his / her advice.

CMS or not, it should fit your needs, your technical resources and your budget.