Defending Against the Ongoing Attack on Joomla! and WordPress

Be aware that there is a major attack underway aimed at WordPress and Joomla! websites. If you are having trouble accessing the admin system of your site, contact your web hosting company for support; they may have restricted access to help discourage the attack. This would also be a good time to change & beef up your passwords.

How secure is your admin access? One of the easiest changes you can make to boost security is to use a less common admin system username. The top five user names being targeted by attackers are admin, test, administrator, Admin, and root. Do not use those names! Set up something unusual for your admin system username — and a solid password.

The other half of the puzzle: Passwords. The most recent spate of attacks was using some heavy password cracking tools, and they are hard to escape, but not impossible. The bottom line: The longer the password the better (as long as it is not to be found in the dictionary). You can, however combine words. For example, pinkcloudfishmask is a better password than 8jk#BB simply because it is longer. Gibberish is NOT more secure than readable text, assuming your readable text string is not to be found in the dictionary. The top five passwords being attempted in the most recent attacks against WordPress and Joomla! sites were admin, 123456, 111111, 666666, and 12345678. Please be smart and do not make your site vulnerable to password hacks.

You can learn more about the recent cyber attacks aimed at WordPress and Joomla! website by going to: http://securitywatch.pcmag.com/none/310350-wordpress-joomla-sites-under-brute-force-password-attack

The Necessity of Patch Management

One aspect of site security is neglected more often than any other: Keeping your CMS software patched and up to date. We see this problem occur over and over again. Clients purchase websites with content management systems, then once we hand it off to them they do not keep it patched.

We’ll say it again: You must keep up with your website’s CMS software patches! A large number of Joomla! sites were recently compromised by a bot that specifically searched for a very commonly-installed extension which had been the subject of a security patch. The hackers knew that many people would have failed to install the path, so the bot looked for unpatched versions of the extension as a doorway into the site. It worked very well; a number of sites fell victim.

Your CMS software is no different than the software on your desktop, your notebook, your smart phone: There will be patches and maintenance releases and you must install them to keep your site safe from attackers. Also, don’t forget, many times those patches also bring with them new functionality or improved performance, so if you fail to take advantage of the upgrades, you may be missing out on enhancements that also add value to your site.

If you are not comfortable doing upgrades yourself, find someone to help, or contact us. Charges for this type of work are very low — unless of course you have neglected it for too long and you already have a problem — then it gets expensive!

Building Usable Websites (Part 3)

Website and software application usability is a classic intangible, hard to measure and even harder to sell to clients or management. Ironic, as I think it safe to say that at this stage in the game there are few sites that would not benefit from a usability survey and a bit of tweaking. Nevertheless, some companies have taken the cue and great usability case studies are beginning to emerge.

Banking giant HSBC’s Hong Kong operation went through two usability projects recently with excellent results. The lessons learned are applicable to other regional or global sites.

HSBC, like many other financial institutions, offers a variety of online content, including applications for new services. By using forms online at the HSBC website you can apply for a variety of services, from travel insurance to home mortgages. HSBC was unhappy with their online conversion rates. Conversion rates for Travel Insurance applications, for example, hovered at around 2%, a relatively low figure for the industry.

HSBC faced two basic challenges: Getting people to take the affirmative step of setting the application process into motion, and having done so, creating an easy-to-use online application process.

HSBC brought in an outside consulting firm to help with the assessment of their site. The consulting team began by attacking the prominence issues, that is, how to make site visitors aware the services existed. A simple change in home page layout did the trick. A direct sales message combined with an “Apply Now” label was all that was needed. The larger challenge was how to get the users through the application process.

Online forms are a consistent source of problems for users. The way forms are built often make it hard for users to complete them, much less to provide accurate information.

Long forms are a sure turnoff for many users. Only the most motivated individuals are likely to complete a long form online. Firms frequently make the mistake of transferring an offline process straight on to their website, with no consideration of whether the traditional paper and pencil format is appropriate for use with a browser. The simple fact is online forms are more time consuming and more difficult to complete properly than their traditional physical counterparts, and this difficulty grows exponentially with form length. Forms that are pages long in particular are an anathema.

The difficulty of completing lengthy forms can be compounded by systems which fail to persist critical data – that is, forget data when the user moves from one page to another. Most frequently this occurs when a user tries to “go back” to edit some detail or correct an error. Oftentimes, the user finds the data they entered on that previous page has disappeared.

Equally frustrating is bad validation. Validation routines are designed to check the data input into a form to see if it meets certain basic requirements, for example, checking to see that all the required fields have been completed, or that an email address is in proper format. More than a few sites have poor validation routines, which make it hard for users to find the problems they need to correct, or even worse, delete data and force the user to re-enter.

In the case of HSBC, they found good improvements in form processes by following the basic principles above. If you want travel insurance, do you want to spend a long time completing a detailed form? Not likely. The HSBC form was trimmed down significantly. If you are interested in a mortgage, are you likely to have all the information you need at your fingertips to complete a lengthy application form? No. The HSBC online mortgage was converted into an inquiry process handled offline by a sales team able to respond to the wide variety of variables that go hand-in-hand with a complex lending transaction.

The results of these changes: The conversion rates for online travel insurance applications jumped from the low 2% to a remarkable 22%. Online mortgage inquiries went from 9 to 10 leads per month to 178 leads in the first month. Great results from application of basic usability principles.

While most sites are unlikely to see such clear-cut improvements, the fact is that usability analysis can provide solid refinement of any site’s online processes. If your website involves transactions of any sort, don’t scrimp on usability analysis. Take the time and do it right, it will come back to you in improved results and goodwill.

Special thanks to Hong Kong usability firm The Kingstone Group for the case studies used in this column.

Building Usable Websites (Part 2)

Over the last few years, usability practice has begun to take on a new maturity. Systems have become more formalized, practices more standardized, and in the process certain principles have risen to prominence. To get you thinking about what it means to create usable applications, here’s a list of six basic principles which should be applied when you are building software-based systems.

(1) Consistency & Reuse

A good system will reduce the need for users to rethink the system by consistently reusing external and internal systems and behaviors.

A good way to approach building computer applications is to stick with the conventions of the computer platform. People are familiar with buttons, scroll bars, combo boxes, etc., so use them. You don’t have to render everything as a stylized graphic to have an attractive site. Buttons, for example, should look like buttons and should bear labels users have seen before. There is no good business reason to re-invent the wheel, simply because you can. Once a convention is applied, do not vary from it without reason and when you vary from it, make it clearly different. Reinforce your conventions throughout the application and you will find that users are able to navigate and move easily.

(2) Tolerance

A good system cuts down on terminal errors by building in tolerance for foreseeable misuse and reduces the cost of errors by allowing users the option to redo or undo the offensive action.

While supporting “undo” can be challenging on the Web, it is not impossible and should certainly be a part of any key process, like a multi-part form, or a shopping cart. One of the frustrations most commonly cited by users is the loss of data on forms when they go “back” to add information or correct an error. Make sure your programmers build sites that persist data to allow for effective “undo” and re-do”.

(3) Feedback

A good system will keep users informed of changes in state or condition, or of errors, in clear, unambiguous language, informing the user of the range of options available (if any).

When the Macintosh first appeared (128K!) I rushed out and bought one. While I loved the interface and the usability of the device, it completely fell down when it came to error reporting. When my little gray box would crash, it would produce a frowning face and spit out an utterly useless error code in the form of a meaningless string of digits. There was no clue why it had crashed, or what could be done. (Users eventually learned that the liberal application of a straightened out paper clip to the obscure reset button was their only recourse.) Apple has finally gotten that fixed, but it took them years (and cost them lots of frustrated users).

(4) Jakob’s Law Of The Web User Experience

Users spend most of their time on other sites, so that’s where they form their expectations for how the Web works.

Well, that statement may be a truism, but it’s worth repeating. From a business perspective Jakob is right: We should be building things people recognize and can navigate without difficulty. There is a reason why Amazon, Yahoo, Excite, eBay, and all those other large sites share common elements – the interface is familiar to users and works with the wide variety of computers and browsers in the market. If you want your site to be accessible to the widest audience possible, learn from the Big Boys and follow their approach.

(5) Organize Purposefully

Group like things together; separate unlike things in a meaningful manner; keep all the necessary tools and materials visible; don’t clutter the interface with extraneous information.

Seems obvious, but so many sites I visit are a visual train wreck. Frankly, I am not interested in spending 5 minutes trying to find the button that takes me to where I want to go. Clean out the extraneous junk – remember, what doesn’t add to your message detracts from it.

(6) Keep The User Focused

A good system allows a user to answer these three questions at any stage in the process: (1) Where I am? (2) Where I should go next? (3) How do I get back to where I was?

While this last principle seems to be limited in application to processes, say a shopping cart, in fact it should be applied across your site. New users will thank you, and experienced users will use the system more efficiently. You will find that if you adhere to this final simple principle, users will describe your system as “intuitive” or “user-friendly”.

Hopefully these points will give you a starting point for your own usability analysis. In the next installment in this series we will look at the value of usability in dollars and cents.

Building Usable Websites (Part 1)

The study and application of usability principles in software is a new dimension of the discipline known as human factors engineering. Human factors revolutionized the way people built products and processes in the last century, and unfortunately in the early days of the web, was a virtually forgotten discipline. Now, as Internet and software applications insinuate themselves into our lives, the human factors approach has taken on a new urgency and is back in the forefront; this time wearing the name “usability.”

Usability is all about how people interact with software driven systems and how to make those systems better suited to their all-too-human users. When you hear people describe a piece of software as “user-friendly” or “intuitive”, what they are really saying is that the software exhibits good usability.

Usable applications are not created by accident (well, not usually!), but are rather the by-product of an iterative process of trial and error based on experience and real world feedback from users. Site planners often think in terms of metaphors that can help people draw functional or visual similarities between existing familiar systems and the new interfaces. One of the most common of these interface metaphors is to compare the computer screen to the dashboard of a car. All the necessary information and controls should be right there to allow you to navigate to your goal. The dashboard metaphor is a useful one, but by no means the only one. The root of the interface we all think of as Windows (or Mac) is a desktop metaphor.

These metaphors are strong primarily because they are familiar to most people. This is typical of good business-oriented software systems: They should match systems in the rest of the physical world. If they follow familiar conventions, they will speak the users’ language and should behave in a manner which is consistent with the users’ expectations (an “intuitive system”).

More adventurous developers are pushing the envelope, giving users less obvious metaphors or completely fresh systems. While it is true that the boundaries are essentially artificial ones and that designers can and will continue to take us into new and innovative spaces, there is a point of diminishing returns. As with many other areas in the business world, there is a point at which the management needs to keep things focused on the end goal – that of providing a usable application that requires little or no training, does not impose a support burden, and helps users get the job done.

We have all experienced websites that are too clever for their own good, leaving you guessing what in the world you are supposed to click on to find what you want. These sites, at least from a business perspective, are wasted money.

The challenges faced are considerable. More than a few projects have launched without sufficient attention paid to the usability aspects of the projects. Once released to the users, companies may well find that clients struggle with aspects the management never dreamed were problematic. Sites may well under perform. Opportunities may be missed and complaints and support costs begin to rise.

While usability is admittedly not rocket science, the fact remains that it is both necessary and more difficult than most people would assume. Designers face a conundrum: How to make a system that is simple enough for first time users to navigate without training or support, yet powerful and sophisticated enough not to frustrate experienced users who may already be familiar with the system.

Unfortunately, business unit leaders and project managers rarely make the best sources of information on a project’s usability – they are just too close to the project to be objective. The best approach is to get the project in front of a group of users as early in the process as possible to watch how people who have never seen this new system respond to it. This user testing is usually done with a limited deployment of the site in a controlled environment or with simple reviews of prototypes. One-to-one testing is not uncommon, but by far the most frequent technique involves assembling a small group of typical users for a focus group. In my experience, these focus group sessions never fail to surprise. Things you never thought were issues surface as people look at the work with a fresh set of eyes and few preconceptions.

In Part 2, we’ll take a look at some of the basic principles that have emerged that can help you make your website or software application more usable.

A Look at OSCommerce

Do you want an e-commerce system but are reluctant to incur the expense of building a virtual storefront? Well, if you have been thinking about moving your business online, or about starting a new business that sells online, but have been put off by the enormous expense and long time lines associated with custom development, there is an alternative: osCommerce.

Traditionally, Open Source e-commerce solutions have been hard to find. There are only a few choices in the market at present: Mambo has a plugin called PHPShop, and you can find a few good open source shopping carts (for example, Zen Cart) but most of these systems are incomplete solutions: They either lack a full set of features or require additional systems to be developed prior to integrating the shop component.

osCommerce is different. This is a stand alone catalog and shopping cart system that comes ready straight out of the box with a wide range of features. It is head and shoulders above the crowd in terms of functionality and options. Indeed, as noted by the Open Source CMS team (www.opensourcecms.com): “osCommerce is hands down the best open source ecommerce solution available. Never mind open source, it is one of the best ecommerce solutions period.”

The osCommerce feature set includes: customer accounts supporting order histories and multiple addresses (for shipping), temporary and permanent shopping carts, product reviews by customers, “best sellers” lists, new additions announcements via a built in newsletter / mailing list, payment and shipping modules, tax zones, and much, much more.

Perhaps best of all for those of us outside the US and the UK, the osCommerce system is built for the international market with multi-lingual interface options. It comes bundled with English, German, and Spanish and supports many additional languages courtesy of contributions by the open source development community (no Thai yet, though they do have Japanese and Vietnamese!). Multiple currencies are handled via a real-time link to the currency conversions published on Oanda.com.

The system also provides multiple payment options, with support for all the most common online payment methods (including the ever growing PayPal) as well as support for traditional COD, checks, and money orders.

Shop administrators will love osCommerce as it integrates order and inventory tracking. You can set inventory levels and tie alerts to your inventory count. When a certain level is reached, the system can notify you of the need to re-order and when inventory is exhausted (or expires), it can pull the item offline automatically.

When an order is placed, the system will notify you and will automatically produce invoices and shipping lists. Using the reporting function, you can track order status, order histories, most popular items, and most valuable customers.

The osCommerce system is fairly mature. It originally debuted in March 2000 and is now on version 2.2. The osCommerce website claims that more than 1300 shops are running the system worldwide.

The widespread adoption has lead to a significant development community forming. Participation levels are high in the Support Forums and the documentation (via an osCommerce Wiki) is pretty good. There are available many user contributions that extend the functionality in a variety of ways.

osCommerce is based on PHP and uses mySQL for the database functions. It can run on Linux, Unix, or Windows. The setup is very straightforward and takes little time. There are no specialized or arcane hosting requirements (though of course you will want SSL support).

What are the downsides? Well, first of all, customizing the appearance of osCommerce is a challenge.  A review of the sites using the system finds many run it straight out of the box with minimal customization. It is fine that way, but if you want to heavily modify the look and feel to meet your requirements you will need someone skilled in PHP. (By way of reference, it is much more difficult to modify than Mambo.)

Second, it is not a Content Management System. If your site has a number of pure content pages, you will need to deal with them separately.  The osCommerce system is only intended to run your catalog and as such supports only basic content pages, like a Terms & Conditions page, a privacy Policy, or a Shipping Information section.

All-in-all it is a very solid system and definitely worth considering if you are looking to create an online channel for sales. Check it out at: http://www.oscommerce.org.

Eight for Open Source

Is Open Source better? It’s not a black and white question; the answer will depend on your needs and circumstances. Still, there are some very good things to be said for supporting Open Source and Open Standards. Here’s a list of the top reasons why we prefer Open Standards and Open Source development.

First advantage: speed of development

When an open source community forms around a project, the speed of development increases rapidly. As users put the product to use, the feedback cycles are quicker and the development more responsive than proprietary systems. While I can’t offer you any hard stats on this, my experiences bear this out.

Second advantage: distributed development decreases errors

Writing code is just like writing a research paper, in the sense that the more people you have proofreading, the more likely you are to catch errors before publication. Centralised development teams develop blind spots. It’s just human nature. Distributed development means more eyes, more scrutiny, and fewer errors. In this aspect of development, more programmers are better.

Third advantage: survival of the fittest

Weak code and flawed approaches to problem solving are spotted and shunned. Yes, there may be more dead ends explored, but they are abandoned more quickly. In a proprietary environment, teams find themselves married to architecture decisions regardless of whether they are right or wrong, as the cost of making fundamental architecture changes post-release is too high to be commercially viable.

In the open source community, there is no management saying “live with it”; there are, in contrast, competitive developers who are constantly striving to champion a better way.

Fourth advantage: rapid adoption of technologies that work

Just like water flowing downhill, streams of developers and users tend to flow together to form larger rivers of consensus for cost-effective technologies that work. Consider 802.11: Open standards are fostering rapid and broad-based adoption.

If you think the jury is still out on 802.11, then look at the lessons from Ethernet or the x86 computing architecture: Both are examples of open standards which have gained critical mass in the consumer and developer communities and have consistently outperformed proprietary systems in the marketplace.

Fifth advantage: source code availability

Frankly, I just don’t see how anyone can argue with this point: Source code that is open for scrutiny and modification is the superior path for the end user and for the development community. With open source, you can modify code to meet your specific needs and you can adapt it to accommodate changing environments and evolving hardware needs. And it should be painfully obvious to everyone who has to sit through lengthy downloads of the multi megabyte Microsoft patch of the moment that when the source code is available it is much easier to isolate bugs.

Sixth advantage: unrestricted use

There’s no one out there telling me how, when, or where I can use open source code. While that is a big factor to many governmental entities, it may not at first glance seem to be an issue to legitimate businesses, but think again: When a proprietary software maker decides to stop supporting a legacy product, the affect is unilateral use restriction on you. The product is abandoned _ an orphan _ and since the code is locked away, its usefulness to you deteriorates across time.

Seventh advantage: vendor independence

You are not tied to one vendor, nor is the future of the software dependent upon one entity. Proprietary software development is governed by the marketing and strategy decisions of the vendor and the decisions they make will be in their own best interest. Moreover, it is a simple fact that there are often conflicts between marketing goals and the best development path for a product. If a vendor decides to adopt a new technology, abandon a product, or completely shift business lines, you are just out of luck. This has happened many times in the software market and will continue.

Eighth advantage: no per copy fees

This makes me nuts. I have three home machines. I have multiple office machines. I want the same software on all boxes, but I am only one user. Some firms are reasonable about this; I write them a letter, they let me use multiple copies without additional fees, but frankly this is awkward and many firms are not willing to accommodate this request. This is an issue that never completely goes away as the next upgrade of a proprietary product often puts me right back in the same situation.

So there you have it: eight reasons why I find myself more and more frequently being a champion for open standards and open source development.

The Lights Beyond LAMP

The 2009 Open Source CMS Market Share Report showed clearly the ongoing dominance of PHP-based content management systems. While the LAMP stack may be the leader in the arena of web content management, it is certainly not the only game in town. For the 2009 Open Source CMS Market Share Report we looked at not only the PHP-based systems, but also the Java and .NET-based systems.

LOOKING BEYOND LAMP

The LAMP stack is populist in nature. Not only does the stack carry the cost advantages of open source, but there also exists a wide assortment of low-cost hosting and a ready (and growing) supply of developers. These characteristics create low barriers for entry and an attractive choice for individuals, hobbyists and small to medium sized enterprises.
While few would dispute that there are numerically more deployments of the common LAMP stack systems, it would be a mistake to assume that this is the only platform that matters. The web content management space is not homogenous. A hobbyist building a personal site, a small company building an online marketing presence, and a medium sized enterprise building a portal for customer relationship management are just three examples of widely disparate, yet common, uses. And while it is possible that all three of those groups might be looking at the same systems, it is more likely that those who require higher level functionality will look beyond the most common PHP-based systems. The argument becomes even more persuasive when you look at enterprise level clients.

For users who demand more functionality, higher security and more robust platforms, Java-based and .NET-based content management systems hold a strong attraction. Indeed, in the enterprise space, those platforms are more likely to be the first choice. Though it is certain that The Big Three — Joomla!, WordPress and Drupal — continue to improve their offerings and are more capable of supporting robust websites, I think it is fair to state that at this point in time few enterprise clients put them on their shortlist.

THE JAVA CMS RACE

We included 4 Java-based systems in the survey: Alfresco, Jahia, Liferay and OpenCMS. Of the four, Alfresco topped the set in virtually all the metrics, in many cases ranking behind only The Big Three PHP systems. It was a very strong showing for a system that is not normally thought of in the context of web content management.

Alfresco had a strong lead in brand recognition and brand familiarity ratings. While Alfresco lead Liferay in many metrics, it did not do so across the board; Liferay also performed very well. Liferay showed significantly greater strength in third party support, website popularity metrics and social media prominence. Both Alfresco and Liferay ranked highly in the brand sentiment metrics, with Alfresco coming in third overall in the survey — one of the clear leaders in this key metric. Liferay was not far behind, coming in sixth overall.

Alfresco and Liferay lead OpenCms by a large margin in almost all categories and Jahia not only lagged relative to the other Java based systems, but was one of the weakest performers of the entire survey group. Most troubling for Jahia has to be the brand sentiment data which showed Jahia fourth from last in the survey set, with negative sentiment running very close to 50%.

In sum, from my perspective those interested in implementing Java-based open source content management systems for their web sites have a lot to cheer about. There exist several viable choices and at least two strong, growing players. This is a space that is set to grow and remain competitive in both the short to medium term.

The chart below shows the results of our query on brand familiarity to the survey group:

brand familiarity

THE .NET CMS RACE

.NET is not a platform most people traditionally associate with open source, but over the last couple of years that has begun to change. A large part of that credit has to go to DotNetNuke, who have been waving the open source flag and investing heavily in marketing to get that message out. Perhaps no other system in the survey has shown a more concerted marketing effort than DotNetNuke. That marketing has paid off in brand recognition and has opened the door for .NET as an open source alternative in the minds of many consumers.
This year’s survey found that DotNetNuke leads the .NET open source CMS race over the nearest rival, Umbraco, by a significant margin. However, the good news for DotNetNuke seems to stop right about there.

Our survey found an ongoing deterioration in DotNetNuke market interest; a slide that has continued across the last several years. The system also had one of the worst ratios of trial usage to actual usage, in other words, while they were successful in getting  prospects to try the system, they were less successfully in converting them into actual users. Most troubling of all were the numbers relating to brand sentiment. DotNetNuke finished last of the entire survey set in brand sentiment and was one of only two systems to show more negative than positive responses to the question “What is your general feeling about these companies or projects?” Further corroboration of this conclusion can be found at the Windows Web App Gallery which lists user rankings for four .Net-based content management systems. Of the four, DotNetNuke is ranked the lowest, lagging behind Umbraco, mojoPortal and Kentico CMS.

The chart below shows the results of the query to the survey group on brand sentiment: Do you feel positive or negative about the following brands/products?

brand sentiment

Aside from the brand sentiment metric, DotNetNuke lead Umbraco across the board. However, when you look at the trend in interest levels, there is a sharp contrast: Interest in Umbraco is strengthening. The improvement is slow but steady and the gap between the two systems seems to have closed significantly in the last 12 months. One has to wonder what would happen if Umbraco could match the marketing might of DotNetNuke.

In conclusion, the .NET-based open source CMS market is still wide open. DotNetNuke was certainly the early mover but seems struggling now to hold on to that advantage. The arrival of competing systems like Umbraco, and even more recently mojoPortal, shows that there is plenty of room for competition in this space and that things are only going to get more challenging for DotNetNuke.

 

The data underlying these conclusions can be found in the 2009 Open Source CMS Market Share Report, from water&stone and CMSWire. Download a free copy of the report at:http://www.cmswire.com/downloads/cms-market-share/
Note: This article originally appeared, in slightly different form, on CMSWire.com: http://www.cmswire.com/cms/web-cms/open-source-cms-market-lights-beyond-lamp-005849.php

Changing the Way We Work

Context

It wasn’t so very long ago that companies who wished to employ content management technology for their websites were faced with only two choices: Either build it, or purchase a proprietary platform.

Building a CMS was not to be undertaken lightly. It required an experienced development team working in either ASP, Java, or Cold Fusion, and a good grasp of database architecture. Each language presented its own strengths and each had its own weaknesses and between license fees, development expense, and lead times, none were particularly cost-effective.

The proprietary system space was occupied by big names with even bigger price tags. In an arena dominated by Broadvision, Interwoven, and Vignette, prices in six figures (US$) were not uncommon. Per user licenses, consultant fees, server licenses, database licenses, and customization fees assured that proprietary systems were for the Enterprise – well out of the reach of SMEs.

With the high ground held firmly by the big brands, new players began to appear in the mid-priced market. With the appearance of these new more affordable solutions, price pressure began to be exerted on suppliers. Allaire, and much later Microsoft — relative new-comers — pushed market prices down more with mid-priced CMS products.

As the market matured, viable products started to emerge form the proprietary development field. (The Ektron products being a prime example.) Clients started to face an growing array of choices and began to look to their local vendors to provide viable CMS solutions. Many of those local market players received a major boost with the appearance of ActiveX features in Internet Explorer, which allowed WYSIWYG editor implementation through the browser interface. Almost overnight it seemed that server-side content management systems were both plentiful and affordable.

LAMP Shines

The CMS market really took wing with the liftoff of the LAMP stack and the growth of a supportive development community. Suddenly it seemed everyone was producing LAMP-based CMSs under Open Source licenses.

phpNuke set the pace early on and is largely responsible for inspiring others to follow suit. In the past several years, out of a very large pack of contenders (somewhere in the neighborhood of 85 active projects from my count!), some Open Source “brand names” have emerged as market leaders: Drupal, Zope, Plone, Mambo, Midgard, Typo3, and OpenCMS, in particular stand out.

All these names have produced multiple versions, with regular updates and a solid patch history. All have produced a wide set of features and have managed to achieve sizeable installed bases.

Of that group of market leaders, few have the support of a reliable vendor behind them. One clear exception is Mambo, which is backed by a non-profit Foundation that promotes and protects the intellectual property and the developers. The Foundation stands behind Mambo, offering support from their development resources, assistance with PR and the added assurance of the backing of a corporate presence in the event of legal problems, major meltdowns, or team instability.

Backing by a reputable vendor is unusual in the loose Open Source development community, but it becoming more common, as major players start to release software under the FOSS model and move their companies towards service-based business models.

While I would think that it is obvious that it is extremely desirable to have the support of an established and stable player, let’s look at an example: Drupal, though a very good and popular system with wide adoption, went through a major embarrassment in July of this year when the Drupal community servers went down for two days, leaving the Drupal team to post a one page website on a borrowed server asking the community for monetary donations to get them going again! This is the sort of incident that will send the typically conservative CIO scurrying for brand name cover.

Blogs, Wikis, And Other Niches

The Blog phenomenon is great example of how the proliferation of easy to use content management technologies has trickled all the way down to individual users. Blogging is a direct by-product of the presence and accessibility of CMSs employing WYSIWYG content editors.

One of the interesting by-products of the blogging phenomenon is the vitality of what I would call non-standard content management approaches. For example, we see hosted solutions, like Blogger, doing exceptionally well. We also see the client-side application Radio Userland developing quite a loyal following. I label those two approaches as “non-standard” in the sense that those approaches to content management have never been taken seriously for large scale content management. (Yet, when you consider the sheer volume of data handled by something like Blogger, you have to give credit to the system for being very robust!)

Blogging has also given rise to unusual features like content management via email and even voice mail. It’s innovative. How much of this will migrate into future mainstream content management tools, it is hard to say, but it is worth watching.

As a result of the popularity of blogging, some blogging platforms are gaining real strength in their own right: RadioUserland, Serendipity, and WordPress being leaders in the field.

Wikis are another example of how content management has become such a ubiquitous feature of the Internet landscape that specialized tools built for particular purposes are not unrealistic. (How many Wikis are there floating around on the Web these days?) Many of these Wiki systems are specialized in some manner to accommodate different formats / tasks / file sizes / etc. It is a remarkably robust community – and unheard of 3.5 years ago.

Dangers In The Road

The Open Source CMS market’s strength is not too different from its weakness: The large number of projects, indicative of the vitality of the movement, also brings with it the danger of fragmentation. Of all the various scripting communities only the Python community has solidified around one core product – Zope (and now that solidarity too is threatened by the emergence of Django). In contrast, PHP developers have an amazing choice of systems to devote their attentions and development skills.

The rapid pace of updates is similarly a double-edged sword. While we all appreciate improvements and enhancements, the simple fact is that every upgrade carries with it a cost in terms of maintenance overhead and the possibility for problems. As a Mambo user who manages more than a dozen Mambo sites, I let out a groan each time a new upgrade hits.

Ironically, a final danger we see emerging from the Open Source market is the marriage of certain to systems to particular technologies – the loss of platform independence and interoperability. Mambo and Midgard require MySQL (though Mambo claims that will change in the next version). Bricolage only uses PostgreSQL. Zope requires an obscure database hardly used outside the Python world.

While betting on the continued vitality of a technology like MySQL or PostgreSQL is probably a pretty safe strategy, you have to agree that the ability of a system to handle alternatives is a better long-term survival strategy.

The Bleeding Edge

Open Source Content Management is now moving into a leadership position in the field. The rapid pace of Open Source development is generating innovations and advances in the underlying technology at an amazing pace.

Open Source systems are now moving beyond creating out-of-the-box CMS solutions and into the field of web application frameworks. The framework approach is much more powerful and allows for the creation of much more complex and customized solutions.

To a certain extent products like Mambo and the xNuke family are frameworks, offering a great deal of flexibility in the creation of a website, but they come nowhere close to new technologies like Ruby on Rails or Django.

Rails is a full-stack, open-source web framework in Ruby for writing real-world applications. Ruby is an object-oriented, highly dynamic “scripting” language. The system is very young, but with out of the box support for MySQL, PostgreSQL, SQLite, SQL Server, DB2, and Oracle, it shows a great deal of promise.

Django is a framework built around the Python language. It enjoys many of the benefits offered by Rails, but also the added advantage of the support of the larger Python community. Django also has the advantage in the content management arena as the system is designed to create administration interfaces with ease. Django is also very young.

While the jury is still out on these two new technologies, they clearly signal the way forward. From a developer’s perspective, the emergence of these frameworks also begins to provide alternatives to the .NET and J2EE development environment.

The bottom line is that this is a very dynamic area of the Internet technology. The CMS market is moving so quickly less nimble players are finding it hard to keep the pace. One has to wonder if market consolidation in the face of competition isn’t on the horizon.

How To Choose

Evaluating a content management solution for a firm, or for personal use, is largely the same exercise. Begin with a needs analysis. Define your goals, prioritise them, and then assess what features or tools are needed to help you reach those goals. At a later point, once cost research is under way, you can then assess the cost of features relative to the priorities of the goals and come up with the basis of an intelligible cost-benefit analysis.

Start by examining the nature of your site. Is it a portal? A marketing exercise? An e-commerce site? A blog? An Intranet? These questions will set the outer boundaries for defining the type of system you need. Intended use will shape the decision process significantly.

Consider not only your short term needs but also your long term goals. Many of the systems that are in the market today are modular. This allows you the flexibility to start with only the features you need to meet your short term goals, then to expand the system as justification (or necessity) develops.

Accordingly, look at the modules offered by the vendor and assess whether the system will suit your planned future expansion. It is foolish to try to build it all at once, as the cost will be high and the time line extended. It is better to start conservatively with a modular system that you can grow into.

When shopping for systems, it is best to approach the vendor/developer with a shopping list of features that you require/desire. Mature systems will offer more modules, but make sure you demo the modules you are interested in, as implementations of similar functionalities tend to vary more than you might expect.

While many systems support basic modules, like membership tracking or online polls and surveys, there are other features which are harder to find and which may narrow your choices significantly if required. Key features you should be aware of include multi-lingual support, archiving and roll back, and syndication. If your site requires one or more of these more advanced functions, you will find the number of choices left for your review has dwindled (and you may be locked into a proprietary solution).

Another factor to consider is dependencies on other software packages. Some systems, like the Microsoft CMS, require you to license not only the CMS product, but also a number of other related products which are required for the CMS to work properly. Make sure you check database requirements, server and OS requirements, and whether third party components are needed to create templates or maintain the site in the future. And of course, never forget those frequently shocking consulting fees that are often part of any major implementation. Add it all up and you will find that some systems which may initially appear to be attractively priced are, in fact, quite expensive.

One issue many companies fail to consider is how well the CMS can be tailored to fit the firm’s existing work flow. Most systems will give you some flexibility in assigning roles and permissions. Systems vary in complexity from offering only a set of pre-defined roles to completely customisable user systems. Permissions, editorial review, and scheduling are related concepts: Does your firm need to put content through a review and permissions phase and does your firm need to schedule start/stop days or pre-schedule content (load the content before the start date)? Look for a system that matches, or can be tailored to match, your existing structure and work flows, otherwise you will face challenges in modifying offline processes and training staff.

There’s no magic formula for finding the right CMS. The market is very fragmented and many systems use similar labels to provide widely disparate levels of functionality. It is essential that you be proactive about approaching vendors and go in the door knowing what you need — put the burden on them to show that they can meet your needs. Have clear requirements and research best practices so that you are equipped to deal with this (sometimes expensive) decision.

How to Select a CMS

There’s recently been a lot of discussion and considerable interest in content management systems. Buyers are starting to ask for these solutions from vendors with greater regularity and the buyers are clearly better informed than in the past. Still the issue that comes up again and again is, how do you know which content management system (CMS) is right for you?

Begin with a needs analysis. Define your business goals, prioritise them, and then assess what features or tools are needed to help you reach those goals. At a later point, once pricing research is under way, you can then assess the price of features relative to the priorities of the goals and come up with the basis of an intelligible cost-benefit analysis.

Start by examining the nature of your site. Is it a portal? A marketing exercise? An e-commerce site? These questions will set the outer boundaries for defining the type of system you need. A marketing site will demand far less from a system than a portal. Moreover, security, support, and data integrity issues will be dominant concerns for any firm involved in e-commerce.

Consider not only your short term needs but also your long term goals. Many of the systems that are in the market today are modular. This allows you the flexibility to start with only the features you need to meet your short term goals, then to expand the system as justification (or necessity) develops.

Accordingly, look at the modules offered by the vendor and make an assessment of whether the system will suit your planned future expansion. It is foolish to try to build it all at once as the cost will be high and the time line extended. It is better to start conservatively with a modular system that you can grow into.

When shopping for systems, it is best to approach the vendor with a shopping list of features that you require/desire. Mature systems will offer more modules, but make sure you demo the modules you are interested in, as implementations of similar functionalities tend to vary more than you might expect.

While many systems support basic modules, like membership tracking or online polls and surveys, there are other features which are harder to find and which may narrow your choices significantly if required. Key features you should be aware of include: multi-lingual support, archiving and roll back, and syndication. If your site requires one or more of these more advanced functions, you will find the number of choices left for your review has dwindled (and prices have crept up, too).

Another factor to consider is dependencies on other software packages. Some systems, like the Microsoft CMS, require you to license not only the CMS product, but a number of other related products which are required for the CMS to work properly. Make sure you check database requirements, server and OS requirements, and whether third party components are needed to create templates or maintain the site in the future. And of course, never forget those frequently shocking consulting fees that are often part and parcel of any major implementation. Add it all up and you will find that some systems which may initially appear to be attractively priced are, in fact, quite expensive.

One issue many companies fail to consider is how well the CMS can be tailored to fit the firm’s existing work flow. Most systems will give you some flexibility in assigning roles and permissions. Systems vary in complexity from offering only a set of pre-defined roles to completely customisable user systems. Permissions, editorial review, and scheduling are related concepts: Does your firm need to put content through a review and permissions phase and does your firm need to schedule start/stop days or pre-schedule content (load the content before the start date)? Look for a system that matches, or can be tailored to match, your existing structure and work flows, otherwise you will face challenges in modifying offline processes and training staff.

There’s no magic formula for finding the right CMS. The market is very fragmented and many systems use similar labels to provide widely disparate levels of functionality. It is essential that you be proactive about approaching vendors and go in the door knowing what you need _ put the burden on them to show that they can meet your needs. Have clear requirements and research best practices so that you are equipped to deal with this sometimes and often expensive buying decision.

Powered by WordPress. Designed by Woo Themes