Own CMS vs Open Source

Over the last 4-6 year I’ve developed my own CMS. Most of my clients are agencies and what we’ve been doing is branding the CMS as their own and building sites for their clients. This has been working well so far as we have full control over the CMS and find it very easy to modify it to suite the needs of each individual client.

Recently however we’re getting more and requests from our clients to start using open source solutions like Wordpress. Many of my agencies clients are being warned against bespoke content management systems and advised that open source solutions are by far the best and preferred option.

I’ve always kept my distance from things like Wordpress, to be fair, I don’t really know why. I have this idea (maybe wrongly) that I’d be shoe horning websites into Wordpress rather than moulding the CMS around the needs of that client. I also have this idea that each time a client request a site and wants different functionality that I’d be constantly researching existing plugins to see if someone already does the job, and/or finding a similar plugin and making modifications to it t get it to do the job required.

My problem is at the minute I think our CMS gives us a unique selling point, we’re not just churning out Wordpress sites. On the flip side however I think we might be about to lose business or at least a client if we don’t start doing Wordpress development and custom plugin development.

If I’m honest, at the minute I don’t want to do it. There’s a million and one different businesses out there churning out sites built on Wordpress, how do you compete with that? What can you do differently. My problem is persuading my clients (and their clients) that using our CMS isn’t a bad thing, and that it has it’s benefits. This is where I struggle because technically anything our CMS can do you can do in Wordpress, and Wordpress can probably do more.

I don’t really know what I’m asking, but am I wrong for wanting to continue pushing our own CMS, or should we (like most other people) be investing time into looking to scrap our CMS and start working with an open-source solution?

Is there anything I can say to clients that would persuade them that open-source isn’t always the best way? Surely my clients want to be different to their competitors, but on the other hand is seems using a bespoke CMS is seen as a bad thing.

To give you an idea, here’s some of the benefits I think our CMS has;

  • We developed it, so we have a good understand of how to build in custom functionality, even right down into the framework should it be needed. So there’s excellent support
  • It’s currently delivering 4 differently styled administration interfaces, each styled to match each agencies branding.
  • There’s plenty of built in functionality, pages, menu, panels (selecting which panels to show on which page), e-commerce, blog, case studies, form builder, control which users access which modules, galleries, slideshows, testimonials, events etc. At one point it did have some multi-lingual functionality, but found 99% of sites didn’t need it so we dropped it to make things easier to manage. We only turn on functionality that each site needs to keep things simple.
  • If they have a problem there’s someone of the end of the phone or an email to fix it.
  • We’re not currently charging for the use of the CMS, but instead we charge for creating the HTML, integrating it and installing the CMS etc, plus any bespoke functionality.
  • If it’s felt that new functionality could be build in that would benefit other clients, we’re footing the bill for it.
  • We understand one site doesn’t fit all, and we can make changing the admin interface to improve usability, even if one client has different needs to another.

My problem is, I could probably apply those same benefits to Wordpress.

  • A good developer should have a good understanding of Wordpress, so should have no problem integrating custom functionality
  • I’m sure a good develop could apply different styling to Wordpress.
  • Wordpress has plenty of plugins available for it to do almost anything.
  • A good developer should be able to provide a reasonable amount of support for Wordpress, although bugs within Wordpress itself could take time to resolve as you’re waiting for someone to fix it.
  • Wordpress is free.
  • Wordpress is very usable.

I really don’t know how to proceed.

You could pursue the security angle. Since Wordpress is open source, it means that hackers have access to the same code and can exploit that knowledge to hack sites. Do a Yahoo or [URL=“http://www.google.com/#hl=en&tbo=d&sclient=psy-ab&q=wordpress+hacked&oq=wordpress+hacked&gs_l=hp.3…0l4.1454.3062.0.3190.…0.0…1c.1.ZPHWGvU_V_g&pbx=1&bav=on.2,or.r_gc.r_pw.r_qf.&fp=a1b10ddcb3a6a158&bpcl=38897761&biw=1154&bih=623”]Google search for “Wordpress hacked” and show that to your clients. Thousands of Wordpress sites have been hacked over the years.

I’ve had Joomla and SMF open source scripts hacked and another site was hacked that was running Wordpress as an add-on blog. In each case I didn’t check for updates regularly and security vulnerabilities were found and exploited. In the case of the site with a Wordpress blog as an add-on, I failed to check for Wordpress updates for 13 days or something like that during which time a security hole was found. My web host suspended the account until I contacted them at which time they proceeded to clean up the account, remove the exploit, and change some permissions.

That isn’t to say that your own in-house CMS can’t be hacked. But it isn’t going to be as easy for a hacker to find a vulnerability when he has no access to the code. When a vulnerability is found in an open source script like Wordpress, automated hacker bots scan the web looking for vulnerable sites. They can hack a lot of sites in a short period of time. If a client of yours has any sensitive information on the site like customer names, addresses, or even credit card numbers, an open source script with a track record of security exploits may not be a good choice.

If I was running a site where security was crucial, I would never use an open source script. While I have had three open source scripts hacked (due to my not checking for updates), I have never had any of mine own code hacked. The client should be told that Wordpress requires babysitting. They have to check for updates regularly, preferably every day. Not every client is going to want to worry about their site being hacked if they forget to check for updates.

Demand for Wordpress-based sites is growing and may continue growing. Instead of fighting the trend, you should embrace it and consider mastering it and offering it as a service. Whether you want to or not, you have to change with the times and adapt to changing market conditions. The market is demanding Wordpress, so you should seriously consider offering it.

It seems like you already know the answers to your questions, littlened, but that you’re just trying to come to terms with it.

From a business perspective, your best bet is to offer both options. “Want a Wordpress site? We can do that. Prefer a custom solution? We can do that too.”

Well, we had a really nice fast and capable in-house CMS some time ago but we too started getting requests for WP/Drupal/Joomla.

Initially, I had the same idea as you, that offering our own CMS was something that set us apart from other firms but eventually I took the plunge and started looking at open source offerings. It took me a while to decide which one I liked and then a while longer to get really comfortable with it but since then I’ve moved all my CMS sites except for two onto Drupal which I’m in the planning stages with so they too will become Drupal sites.

The main reason I switched to a well supported open source solution is because over the years I have seen numerous examples of in-house CMS’s lock the end users into systems that become unsupported due to rewrites that don’t provide an upgrade path or become unsupported because the originator moves on and hasn’t anyone in place to take over. I probably see this about once every year or two. This doesn’t mean all open source CMS projects are the be-all-end-all. There are lots of CMS projects that have horrendous code bases and poor vetting processes to ensure that contributions from the community are secure but the ones I’m interested in are pretty good in that regard.

As far as fitting the website into a CMS shaped box goes, that was one of my first concerns as well but I have found that the one I chose to pursue (Drupal) has a flexible enough theming system that allows me to replicate pretty anything that comes my way. It wasn’t always this way… Five years ago it was not as evolved and neither was my knowledge of its API but now I’m at the point where I can envision how it will work with a particular requirement and fill in any holes with custom code.

With regard to security, if it’s on the web, it has security vulnerabilities. The good thing about a well supported system (supported by developers) is that you have an entire community poking at it to see if it leaks and then when a leak is found it gets patched extremely quickly. It’s not to say that you won’t find vulnerabilities with a project like Drupal, but the first line of defense is keeping the core and modules updates current.

The only downside I see to using an Open Source CMS like Drupal is that memory footprint that it might require. My CMS was very conservative with regard to memory and didn’t expose any objects or hooks into the API at runtime whereas a CMS like Drupal exposes a lot more in the way of developer hooks. It’s never really been an issue with my sites but it i something to keep in mind; more db queries and more objects created and exposed than a single purpose custom CMS.

I think these guys have all contributed well.

  1. Be security conscious and choose your platform wisely. Keep it updated.
  2. Offer both your CMS (which you are obviously invested in and passionate about) and an alternative Open Source. Be able to explain benefits of both.
  3. Know the limitations of both and be able to advise your clients accordingly.
  4. Remember that you have experience and are a web professional. If you have built your own CMS, picking up and learning another open source CMS will be much easier for you. You should be able to wield it effectively in the marketplace against others who are less skilled.

I’ve had disastrous experiences with an in-house CMS that was intentionally dumbed down for the companies ease of use. By the time I had arrived they had invested hundreds of thousands into a system which was written by 2 guys. In the space of a couple of years the marketplace outpaced their production and they couldn’t compete with mainstream features of off-the-shelf products, but our company was invested and held hostage by the high cost of switching systems. There was minuscule development of requested features and no way for a third party to inject anything useful into the website. Highly frustrating and in the end damaging of the companies progress. Not saying this is everyone or your CMS, just my experience with one in-house CMS.

To be short, if I were you, I will not use wordpress.

1, Security should be the most important thing for a commercial site. If you use wordpress, you need to upgrade it frequently to keep up with the newest version for security issues, which seems to be a big problem.

2, Some of your customers wanted wordpress just for their own conveniences. I believe more of your customers would prefer your own cms system.