On 03/26/2017 04:28 AM, Peter Humphrey wrote:
Pelican looks interesting; I may follow it up. I didn't say this before (one
thing at a time, eh?) but I need to build a site that another choirman can
take over from me at some time. That seems to rule out anything that smacks
of script writing, because as far as I know, nobody else has the slightest
interest in computers, never mind programming.
I notice that no-one has mentioned WordPress. I had a look at it, but was
scared off by the Gentoo devs' waving around of garlic and crosses.
Choosing a CMS is a textbook example of "pick your poison." We usually
go with either Wordpress or Drupal.
The design of Drupal is much better, technically. Every feature is part
of a "module" that you can turn off. The API is well-documented, and
it's easy to write new modules. A "content type" in Drupal is a thin
abstraction over a database table, and you can build pretty much
anything you want by creating the right content type and then creating a
"view" to display it how you want.
The end result can be nicer for end users; for example, you can give
them a button to create a new employee, or a newsletter, or a blog
entry... and each one of those content types will have separate fields
and a separate UI. The trade-off is that nothing works out-of-the-box in
Drupal, and it will take you two weeks to get all of that set up.
With Wordpress, you get a nice, clean, easy-to-use site in about five
minutes. If that site will work for you -- i.e. if all you need is
pages, menu items, a contact form, and whatever else you can get from
pre-existing plugins -- do that!
Wordpress is made for non-technical users but I don't mean that in a bad
way. I've been doing Wordpress updates on some sites for over five
years, and it's never crashed and made me stop what I was doing to fix
it. Plugin updates are similarly easy, but I can echo what Mick said:
you need to pay attention to the update notifications, and they come
frequently.
All CMSes have terrible security records, so the fact that Wordpress
gets hacked all the time shouldn't lead you to believe that another CMS
would fare any better. You can make any CMS a lot more secure in two
simple ways:
1. Always update ASAP.
2. Don't make your website writable by the anonymous web user.
The second one means that you will have to update over SSH, at least as
long as you maintain the site, but severely limits the damage that a
hacker can do with a tiny exploit.