Sep 12, 2013

Developing a CMS the right way

Hey guys and welcome to my blog again.

This week I'd like to address an issue real quickly - Which things to take into account before developing a CMS. These things apply to a self-built CMS for your product, for your in-house company or as a freelance. In all cases you should aspire for the best possible product done in the shortest time.

So here are the tips:

1. Understanding the needs - it is not enough to get a list of demands or even an elaborated PRD (we will touch that next). If you don't understand the true needs, how the site should visually appear (even if you do back-end work only), what purpose does it serve and what is its business line, you increase your chances of inadequacy. 

2. Specific per-page-type PRD including a mock up - yes with clients it could be a little rougher as they don't want to work, but explaining your client intelligently that without that you might end up working twice the time and he will pay twice the $ can help. Obviously if you don't get a clear understanding of what each page should consist in terms of elements and data, you wouldn't be able to make it.

3. Keep flexible - even if you know the page types top to bottom and you hard-coded yourself a wonderful page template, you are doing it wrong. Keeping a certain flexibility (element shows on page yes/no, modular building blocks per page that are easily replaceable even by admin, etc.) can help you make adjustments if your client needs them very quickly. It can also help him get MORE than what he wanted and keep him happy. When you're building the CMS for internal needs that is even more important, you don't tie the business to the technical limitations of the CMS.

4. Don't build from scratch - well this is sort of high level programming 101 thing, but still I see too many people make this mistake and create their own features that are already in existence, or even build it from the ground up (I've seen people do it without a framework even).

5. Secure your CMS - even if this is not a demand from client or in-house, keep CMS'es secure. If the site will pick up, it will get some crackers trying to brute force it or do some other small nasty things. 
I like securing CMS with IP login limitations. If there are several people who should work on it that ain't physically sitting together, just make a proxy or a VPN. That doesn't eliminate the need for a proper password, by the way.

If you need EXTRA security, processing payment etc. - it's fine to skip clause 4 and build shit (wisely) from scratch. You should know that ready-made plugins/ features / CMS'es have their vulnerabilities, and not only that - they are readily available for any 14 y/o online terrorist on any forum.

This was real quick and I will add a bunch more tips over the course of time.


No comments:

Post a Comment