Custom Admin CMS
Web presence has become axiomatic for any business. More and more functionality is added to the company websites via web applications. From some point, the administration user interface (Admin UI) is necessary to handle this specificity. The site owner has two main options here: adapting a pre-built or building an individual solution. It usually comes down to a choice between open-source and customized software.
A custom solution is not necessary for a basic website – there are many (free) website management systems providing also admin area. For larger sites, front and back offices are treated separately, both requiring front-end and back-end support. There will be a need for a centralized administration tool to manage securely the web content and related data that must be consolidated, exchanged and properly presented.
Typical business areas are covered with generic solutions like CRMs, ERPs, e-shops, bookkeeping etc. These are usually full-featured packages including Admin UI to control own activity and integration with other systems. But companies may also deal with specific areas requiring ad hoc admin solutions: scheduling & booking, data analyzing, IoT management and many others.
Customized platforms are usually run at the enterprise level. All things considered, it is only slightly more expensive to develop a custom proprietary solution versus adapting open-source one. It is important to keep in mind that often these expenses pay off during exploitation in every way.
Large companies can afford investments into full proprietary solutions. SMBs would need something in between: generic administration tool adjusted for specific requirements for an affordable price. Of course, enterprises may need special admin implementations too.
There are two main kinds of the software packages to build the website from: content management systems (CMS) and web application frameworks (WAF). Although CMS can also be seen as a framework, the main difference is that it is based on the modules rather than code. CMS is essentially a database with a web interface built on top of some WAF.
Frameworks supply developers with a source code (classes, libraries) to realize different programming tasks. The code is usually created on very common basis like PHP and MySql. Popular PHP frameworks are Zend, Laravel, Codeigniter, Symphony, Yii, which provide numerous scripts for every event of life. Using this power presumes experienced programmers.
Many free front-end admin templates are available to complement the frameworks back-end with UI. These are realized on known libraries (jQuery, Bootstrap) and have adaptations to particular frameworks (Laravel, Yii, Angular,…). However, they are just the shells that developers must fill with real functionality.
CMSs allow non-technical persons to modify the content: describe the views, add the pages, modify the menus and much more. Well-known systems are WordPress, Joomla, Drupal, TYPO3, Magento. These are usually oriented to some area while allowing to solve specific tasks too. For example, WordPress is often used for blog posts, Drupal for social community, TYPO3 for enterprise-level content management, Magento for e-commerce.
These platforms have been developed over time and really made the life of website owners much easier. However, the more demanding the website is, the more programming skills are required for the enhancements. The CMSs provide developer interface (basing often on PHP again) to add specific functionality. There is a contradiction here: reconciling universality with specificancy leads to complexity and vulnerability. And multi purposeness tends to be insecure.
WP is the most popular open-source CMS to build websites. Because it’s free and easy. The content can be mostly handled without knowing the code. A vast theme and plugin library and a wide international developer network have been formed. The basic weblog functionality is extendable by the plugins. Applying the themes allows to create desired views.
WP terminology is still based on “posts” and “pages”. The login panel and admin area are customizable via plugins and themes, the custom data definitions are available. But all this requires good programmer skills and knowledge of the WP developer interface. There are many Admin UI plugins available but again – they need to be refactored for specific needs.
Numerous plugins from different authors must be able to correspond with each other. The hooks concept to add the custom actions and filters does hack and bloat the code. It forces WP to do something it was not originally intended to do. By adding functionality beyond the blogging makes the code more and more complex and unclear. The site becomes difficult to understand and develop further.
Enormous popularity and open-source code mean that WP is well-examined for security gaps and can be and often is mass hack attacked. User extensions from different authors and frequent updates add the vulnerabilities. If dealing with sensitive information, security should be important, and WP has too much risk.
The difference between open-source and customized solution can be compared to the difference between tailored suit and suit from a shopping center. One is comfortable and secure, the other is rough-and-ready. Of course, there is no need to build all the web system from scratch. CNN, for example, is using WP backend to power its author blogs, the rest of the site works on custom software.
Several web administering solutions are Custom CMSs and should be bespoke. Instead of “hooking” the WP Administration Menus, have a separate solution and bind it to the rest of the site. Advantages:
- Customization – makes things simpler for all parties (owners, staff, users) because fits business needs;
- Flexibility – you get only what you need and it works; 3rd party integrations are easier;
- Speed – maximized, as the code is optimized for your needs, not to cover wide range of applications;
- Easy to use – tailored for a specific business is always simpler to use than modified generic platform;
- Security – little hack possibilities because the core source code is accessible in-house only;
- Support – the issues are solved by the vendor; you are on your own after downloading open CMS.
Bespoke systems are more demanding for development. That could seem disadvantageous, however, tailoring:
- takes a longer lead-time for development, but your behavior is analyzed more thoroughly and you don’t need to change your business processes due to the software restrictions;
- the process requires more participation from the customer, but it gives a better view to existing business model and its bottlenecks;
- lacks ready modules, but nobody will take responsibility for free stuff issues;
- needs the SEO, but if you want to go beyond standard SEO then you’ll still need a developer;
- cost of planning and development is higher, but the free platform can end up costing more over the long run due to hidden expenses (see about WP above).
So, many advantages, but one remarkable drawback: lack of freedom. Choosing the custom platform creates a permanent dependency with the development partner who maybe disappears at some time, while common platform would allow to take the whole site with you to another developer. The properly designed basic solution is needed to overcome excessive dependence and necessity to start from scratch. Admin CMS realizes this by following certain principles.
vRegistry Admin CMS solution is designated to fill the gap between the open-source and fully-customized CMSs. The custom administrator interfaces are basing on two core principles:
- providing standardized basic support extendable for specific features
- following certain design and coding techniques to simplify further development
Back-end supports both front- and back-office activities with related background operations. Front-end is supplied with the modern Admin UI.
The basis concerns both client and developer side. There are common features necessary for a typical administration tool:
- user management (handling names, passwords, permissions);
- staff management (handling personnel data);
- permanent data maintenance (miscellaneous attributes, countries, currencies etc.);
- clients management (handling personal data);
- activity logging (what is done by whom and when);
- reporting (querying, viewing and outputting results);
- specifying settings and preferences (several processing modes);
- messaging (emails, SMSs);
- documenting (help, manuals);
- multilinguality, internationalization, localization;
- convenient UI with the menu system and command set.
The developer is supplied by the PHP/JS classes to program certain tasks, like:
- configuring system;
- accessing database;
- receiving requests and forming responses;
- securing client-server communication;
- handling the menus, tables and forms;
- validating input, reacting to UI events.
The basic features are extended by the functions for particular applications. For example, receptions application includes the schedule forming, receptions’ booking and SMS-reminding. In this way, developer can avoid programming of standard activities and focus on the customer’s specifics.
The system design follows OOP MVC principles. The code is organized into classes leading to effective and well-structured programs. MVC prevents mixing of the control and view parts, database access is ORM multi-layer. The source is commented and the product is documented.
Username and password are asked and checked for validity and enablidity during the login. The server-side creates an authorization token and every subsequent request of the authenticated user is authorized to protect against interfering from outside.
Client-side can save the login credentials in the encrypted cookie if required by the user (Remember me). The passwords are stored encrypted one-way. Password Reset panel allows to reset the forgotten password via email.
The database is accessed using the prepared statements preventing the hacking. The application files are held in the private folders accessible by the program only. The public assets and user files are readable only.
vRegistry Admin CMS is built on the LAMP stack using original PHP/JS micro-framework. It does not require any WAF with thousands of scripts and versioning problems. All functions have been embedded on the most common platform, thus resulting in very lightweight and transportable applications. The core principles mentioned above give freedom in choosing development partners.
The software companies push open source CMSs because it’s profitable for them to do so – it’s free and easy to reproduce. This gives the obvious nod for the lower upfront cost. Governments exploit free packages to demonstrate the cost savings. But there are hidden costs for the customer: incomplete planning due to ready modules, maintenance (keeping up-to-date, fixing broken components), changing business processes to meet the software restrictions (“sorry, the program doesn’t allow that”), security risks. This can end up costing more over the long run.
Creating a full-featured solution is much more demanding task than “theming” some free CMS. Higher ownership costs outweigh the “ease of use” and “low cost” benefits of open source packages. For example, I would caution from choosing WordPress “just because” you saw a popular site using it. I’d bet that if they were to do it over again, they’d probably build it custom from the ground up.
Be based on open source CMS if you have little to no money, you’re a casual blogger or run a single-person business, and maybe security is not that important to you. Look for customized CMS if your business can afford to hire someone else to design and develop your web solutions.
Choosing between the open source and the customized solution is a strategic decision. Development is development – it costs regardless of whether modifying open source or creating from scratch. This flowchart helps to consider pros and cons.
The open source solution can be inexpensive and easy to use if you need relatively simple out-of-the-box functionality. They are flexible and can be adapted if you have development skills and budget available.
The customized solution addresses unique business requirements, both current and future ones. It is created to satisfy customer’s business model, rather than an ISVs. You pay for applying the latest technology relevant your processes and people.
Custom CMS is back! Customization, Speed, and Security are priorities for more and more website owners to administrate their back-office. Although open-source frameworks and CMSs offer a full range of functionality, their adaptation to particular needs often does not justify itself in the long run. Of course, some balance should be kept between proprietary and open solutions depending on the field of application.
Developing from scratch is resource-intensive. Lightweight CMS with embedded basic functionality is an alternative here. It should contain typical features that are no longer needed to create, and development can concentrate on the specific features. The source code must be clear, compact, well structured and documented, so any qualified developer can quickly enter into it to develop further.
When your website extends beyond the basic or your all-in-one site becomes cumbersome – consider customized web administering solutions!