WordPress as CMS (was: wordpress security)

> Note:  This email repeats a lot of things I said in another email, for the
> benefit of those who are not following the Security thread.  For those who
> *are* following that thread, please skim to the bottom, as I pose a new and
> separate question from the security issues discussed elsewhere....
>
> On Oct 21, 2009, at 9:03 AM, Otto wrote:
>
>  A site that the admin has not visited in 2 months is, IMO, a dead
>> site. No new content, no readers, nobody caring for it...
>>
>
> In the past, I've asked for advice on using WordPress as a straight CMS
> rather than a blog platform.  Such questions are routinely answered with
> remarks along the lines of, "It is a CMS, Dummy."
>
> Fine it's a CMS.  But as such we must accept that many users are using
> WordPress to set up their sites, and edit them when needed, but are NOT
> routinely adding new content, /a la/ a blog.  In such circumstances, a site
> can **easily** go two months without being updated.
>
> I just don't understand this "screw 'em" attitude.  The attitude toward
> people asking about "WordPress as CMS" is widespread and wrongheaded
> (including coming from one developer with whom I've had a very friendly
> relationship.)  As long as the "blog post" aspect is front and center,
> people will -- legitimately -- consider it "blog software".
>
> Personally I would love to see a plugin that entirely removes or conceals
> the post/comment areas of the admin, and I'm considering making one.
>
> The Big Question:  What would a "CMS" plugin have to do?  Pots and comments
> are woven throughout the Admin, and I'd like to remove all aspects of them
> from the menus.  My "to do" list is below -- if I'm missing something, or if
> you have advice as to how to do some of this, I would appreciate.
>
>        1) Remove "Posts" and "Comments" from main menu.  (Am I correct that
> direct links will still work?  Is there a way to remove those areas entirely
> rather than just hiding the menu items?)
>
>        2) Remove "Recent Comments" and "QuickPress" from Dashboard.
>  (Again, can it be removed entirely or merely hidden?)
>
>        3) Remove "Press This" from Tools page (how?)
>
>        4) Writing Settings page -- remove/hide/turn off "Remote
> Publishing", "Post Via Email", and "Update Services" settings
>
>        5) Reading Settings page -- remove "Front Page Displays" option.
>  Set it to "static page".  Still must allow user to set the static page
> though.
>
>        (Since we're changing those two pages so much, perhaps remove them
> entirely and replace them with a new consolidated page?)
>
>        6) Remove "Discussion" settings page entirely.  Set default
> preferences to no comments or notifications.
>
>        7) Remove "Discussion" meta box from Edit Page page.
>
>        8) Remove Tags/Categories from Permalink Settings page
>
> Also, in general, I think WordPress itself should do a few things to lessen
> the "blog assumption".  Nothing major, but a few small things to consider:
>
>        1) On General Settings page, change "Blog Title" and "Blog Address"
> to "Site Title" and "Site Address"
>
>        2) Ditto "Privacy" page.  "Blog" s/b "Site"
>
> Good idea?  Bad?  Discuss!
>
> Stephen
>
> --
> Stephen Rider
> http://striderweb.com/
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

> Note:  This email repeats a lot of things I said in another email, for the
> benefit of those who are not following the Security thread.  For those who
> *are* following that thread, please skim to the bottom, as I pose a new and
> separate question from the security issues discussed elsewhere....
>
> On Oct 21, 2009, at 9:03 AM, Otto wrote:
>
>  A site that the admin has not visited in 2 months is, IMO, a dead
>> site. No new content, no readers, nobody caring for it...
>>
>
> In the past, I've asked for advice on using WordPress as a straight CMS
> rather than a blog platform.  Such questions are routinely answered with
> remarks along the lines of, "It is a CMS, Dummy."
>
> Fine it's a CMS.  But as such we must accept that many users are using
> WordPress to set up their sites, and edit them when needed, but are NOT
> routinely adding new content, /a la/ a blog.  In such circumstances, a site
> can **easily** go two months without being updated.
>
> I just don't understand this "screw 'em" attitude.  The attitude toward
> people asking about "WordPress as CMS" is widespread and wrongheaded
> (including coming from one developer with whom I've had a very friendly
> relationship.)  As long as the "blog post" aspect is front and center,
> people will -- legitimately -- consider it "blog software".
>
> Personally I would love to see a plugin that entirely removes or conceals
> the post/comment areas of the admin, and I'm considering making one.
>
> The Big Question:  What would a "CMS" plugin have to do?  Pots and comments
> are woven throughout the Admin, and I'd like to remove all aspects of them
> from the menus.  My "to do" list is below -- if I'm missing something, or if
> you have advice as to how to do some of this, I would appreciate.
>
>        1) Remove "Posts" and "Comments" from main menu.  (Am I correct that
> direct links will still work?  Is there a way to remove those areas entirely
> rather than just hiding the menu items?)
>
>        2) Remove "Recent Comments" and "QuickPress" from Dashboard.
>  (Again, can it be removed entirely or merely hidden?)
>
>        3) Remove "Press This" from Tools page (how?)
>
>        4) Writing Settings page -- remove/hide/turn off "Remote
> Publishing", "Post Via Email", and "Update Services" settings
>
>        5) Reading Settings page -- remove "Front Page Displays" option.
>  Set it to "static page".  Still must allow user to set the static page
> though.
>
>        (Since we're changing those two pages so much, perhaps remove them
> entirely and replace them with a new consolidated page?)
>
>        6) Remove "Discussion" settings page entirely.  Set default
> preferences to no comments or notifications.
>
>        7) Remove "Discussion" meta box from Edit Page page.
>
>        8) Remove Tags/Categories from Permalink Settings page
>
> Also, in general, I think WordPress itself should do a few things to lessen
> the "blog assumption".  Nothing major, but a few small things to consider:
>
>        1) On General Settings page, change "Blog Title" and "Blog Address"
> to "Site Title" and "Site Address"
>
>        2) Ditto "Privacy" page.  "Blog" s/b "Site"
>
> Good idea?  Bad?  Discuss!
>
> Stephen
>
> --
> Stephen Rider
> http://striderweb.com/
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

> it's hard to get around that blog stigma when working in a group  
> environment
> with Wordpress.
>
> Perhaps my favorite suggestion in your email is the switch from Blog
> Title/Blog Address to Site Title/Site Address. I've always been  
> surprised
> that the "Blog" terms have stuck around as long as they have. I'd be  
> all for
> a switch.

> Note:  This email repeats a lot of things I said in another email, for the
> benefit of those who are not following the Security thread.  For those who
> *are* following that thread, please skim to the bottom, as I pose a new and
> separate question from the security issues discussed elsewhere....
>
> On Oct 21, 2009, at 9:03 AM, Otto wrote:
>
>  A site that the admin has not visited in 2 months is, IMO, a dead
>> site. No new content, no readers, nobody caring for it...
>>
>
> In the past, I've asked for advice on using WordPress as a straight CMS
> rather than a blog platform.  Such questions are routinely answered with
> remarks along the lines of, "It is a CMS, Dummy."
>
> Fine it's a CMS.  But as such we must accept that many users are using
> WordPress to set up their sites, and edit them when needed, but are NOT
> routinely adding new content, /a la/ a blog.  In such circumstances, a site
> can **easily** go two months without being updated.
>
> I just don't understand this "screw 'em" attitude.  The attitude toward
> people asking about "WordPress as CMS" is widespread and wrongheaded
> (including coming from one developer with whom I've had a very friendly
> relationship.)  As long as the "blog post" aspect is front and center,
> people will -- legitimately -- consider it "blog software".
>
> Personally I would love to see a plugin that entirely removes or conceals
> the post/comment areas of the admin, and I'm considering making one.
>
> The Big Question:  What would a "CMS" plugin have to do?  Pots and comments
> are woven throughout the Admin, and I'd like to remove all aspects of them
> from the menus.  My "to do" list is below -- if I'm missing something, or if
> you have advice as to how to do some of this, I would appreciate.
>
>        1) Remove "Posts" and "Comments" from main menu.  (Am I correct that
> direct links will still work?  Is there a way to remove those areas entirely
> rather than just hiding the menu items?)
>
>        2) Remove "Recent Comments" and "QuickPress" from Dashboard.
>  (Again, can it be removed entirely or merely hidden?)
>
>        3) Remove "Press This" from Tools page (how?)
>
>        4) Writing Settings page -- remove/hide/turn off "Remote
> Publishing", "Post Via Email", and "Update Services" settings
>
>        5) Reading Settings page -- remove "Front Page Displays" option.
>  Set it to "static page".  Still must allow user to set the static page
> though.
>
>        (Since we're changing those two pages so much, perhaps remove them
> entirely and replace them with a new consolidated page?)
>
>        6) Remove "Discussion" settings page entirely.  Set default
> preferences to no comments or notifications.
>
>        7) Remove "Discussion" meta box from Edit Page page.
>
>        8) Remove Tags/Categories from Permalink Settings page
>
> Also, in general, I think WordPress itself should do a few things to lessen
> the "blog assumption".  Nothing major, but a few small things to consider:
>
>        1) On General Settings page, change "Blog Title" and "Blog Address"
> to "Site Title" and "Site Address"
>
>        2) Ditto "Privacy" page.  "Blog" s/b "Site"
>
> Good idea?  Bad?  Discuss!
>
> Stephen
>
> --
> Stephen Rider
> http://striderweb.com/
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

> [edited for clarity]
> Note:  This email repeats a lot of things I said in another email, for the
> benefit of those who are not following the Security thread.  For those who
> *are* following that thread, please skim to the bottom, as I pose a new and
> separate question from the security issues discussed elsewhere....
>
> ---
>
>
> The Big Question:  What would a "CMS" plugin have to do?  Posts and
> comments are woven throughout the Admin, and I'd like to remove all aspects
> of them from the menus.  My "to do" list is below -- if I'm missing
> something, or if you have advice as to how to do some of this, I would
> appreciate.
>
>

> From: Mike Schinkel <mikeschinkel@...>
> Reply-To: <wp-hackers@...>
> Date: Wed, 21 Oct 2009 16:12:17 -0400
> To: <wp-hackers@...>
> Subject: Re: [wp-hackers] WordPress as CMS (was: wordpress security)
>
>> You're most likely about to be told either:
>>
>> 1) If you want a website CMS (non-blog) then try drupal/joomla/EE
>> 2) If you MUST use WP as a site CMS (non-blog) just tell your client
>> to
>> ignore the blog stuff.
>
> You are probably right. And if you are, it's a real damn shame.
>
>> FWIW, I like the idea of a lightweight plugin that does nothing but
>> remove
>> all references to blog posts, comments, etc. I think it's a fine idea.
>
> I too really want to use WordPress as a CMS first and a blogging tool
> second. I run into 5 people who want the former for every one who
> wants the latter.
>
> -Mike Schinkel
> WordPress Custom Plugins
> http://mikeschinkel.com/custom-wordpress-plugins/
>
>
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers

> 2009/10/21 Stephen Rider <wp-hackers@...>
>
> > [edited for clarity]
> > Note:  This email repeats a lot of things I said in another email, for
> the
> > benefit of those who are not following the Security thread.  For those
> who
> > *are* following that thread, please skim to the bottom, as I pose a new
> and
> > separate question from the security issues discussed elsewhere....
> >
> > ---
> >
> >
> > The Big Question:  What would a "CMS" plugin have to do?  Posts and
> > comments are woven throughout the Admin, and I'd like to remove all
> aspects
> > of them from the menus.  My "to do" list is below -- if I'm missing
> > something, or if you have advice as to how to do some of this, I would
> > appreciate.
> >
> >
>
> Stephen,
>
> Take a look at a plugin like Adminize
> http://wordpress.org/extend/plugins/adminimize/
>
> which allows you turn do things like turn off the posts menu for individual
> levels of user, and turn off lots of other things at a fairly fine-grained
> level.
>
> You can also use the translation capability to 'translate' the names of
> things into something else. I know of one person who simply created a
> language pack that changed all references to 'post' to be 'news' or
> something similar.
>
>
> Mike
> --
> Mike Little
> http://zed1.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

> I don't get it. Why would anybody want to use WordPress, but disable
> all the useful features?
>
> I'm a strong believer in the right tool for the right job. If you're
> not making a blog (by which I mean a stream of continuing content of
> some type), then WordPress is not the right tool to be using.
>
> If I wanted an easy-to-edit but semi-static site with no discussion or
> feedback from other users, hooked to a templating and theming
> mechanism, then I'd look at Wiki software instead, with editing being
> limited to the registered users (and registration turned off). I'd
> certainly not look at WordPress or any other "CMS" type software, nor
> would I recommend any of these to a client for such a case.
>
> My advice would be to make a plugin that erases WordPress and installs
> some other piece of software more suitable for their needs. WordPress
> is great, but it is not the end-all be-all of software packages. It
> was never intended, and is not now, suitable for all cases. No
> software is ever going suitable for all cases when the "case" is so
> broad as "web site".
>
> -Otto
> Sent from Memphis, TN, United States
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

> I don't get it. Why would anybody want to use WordPress, but disable
> all the useful features?
>
> I'm a strong believer in the right tool for the right job. If you're
> not making a blog (by which I mean a stream of continuing content of
> some type), then WordPress is not the right tool to be using.
>
> If I wanted an easy-to-edit but semi-static site with no discussion or
> feedback from other users, hooked to a templating and theming
> mechanism, then I'd look at Wiki software instead, with editing being
> limited to the registered users (and registration turned off). I'd
> certainly not look at WordPress or any other "CMS" type software, nor
> would I recommend any of these to a client for such a case.
>
> My advice would be to make a plugin that erases WordPress and installs
> some other piece of software more suitable for their needs. WordPress
> is great, but it is not the end-all be-all of software packages. It
> was never intended, and is not now, suitable for all cases. No
> software is ever going suitable for all cases when the "case" is so
> broad as "web site".
>
> -Otto
> Sent from Memphis, TN, United States
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

> -----Original Message-----
> From: wp-hackers-bounces@... [mailto:wp-hackers-
> bounces@...] On Behalf Of Stephen Rider
> Sent: Wednesday, October 21, 2009 1:00 PM
> To: wp-hackers@...
>
>
> 1) Remove "Posts" and "Comments" from main menu.  (Am I correct that
> direct links will still work?  Is there a way to remove those areas
> entirely rather than just hiding the menu items?)

> Me and my company are rapidly using WordPress to replace large
> corporate CMS'es, usually without using the blog functionality or by calling
> it the "news section". We do so for a couple of reasons:
> - because it's easy to develop for, and thus easy to hire people for,
> - there's a slew of plugins available making a lot of the work that's
> otherwise custom work as easy as flipping a switch,
> - the interface is user friendly
>
> And, more importantly: a lot of people KNOW WordPress from their blogs. It's
> much like why most of the world uses Microsoft Word, even when they're
> writing a book. Yes there are probably tools that, architecturally, are
> better suited for the job, but because everyone knows how to use WordPress,
> it's actually easier to implement. (this analogy is poorly written but hey,
> i'm jotting it down quickly)