It’s important to note the use-cases here. A lot of this discussion treats "CMS" as a single thing, but the requirements vary wildly depending on scale: one blogger versus a five-person marketing team versus hundreds of authors and contributors. Different arenas.

If you’re spinning up a personal CMS, great. Have fun, you’ll learn a lot.

But once you’re dealing with multiple users (tens or hundreds) it’s a different problem. How confident are you writing auth and password reset flows? How sure are you that the AI got it right? How solid is your approach to roles and permissions? Are you implementing 2FA? Supporting drafts, scheduled publishing, editorial workflows? Now you are also tech support writing the infrastructure as issues come in.

That's a very different scenario.

So please, if you're going to make sweeping statements on a CMS, please clarify if you're talking about a solo site owner situation or a multi-user setup.

> But once you’re dealing with multiple users (tens or hundreds) it’s a different problem. How confident are you writing auth and password reset flows? How sure are you that the AI got it right? How solid is your approach to roles and permissions? Are you implementing 2FA? Supporting drafts, scheduled publishing, editorial workflows? Now you are also tech support writing the infrastructure as issues come in.

And that's only the start of where it gets complicated

- Ingesting data from 3rd party systems

- Translating content to other languages

- Front end user auth and preferences

- Personalized content

- A/B testing

- Multiple sites in the same CMS, sharing the same content

The list of things that add on to make a cms (and the sites it is used to create) more complicated is enormous.

I built a production forum from scratch with thousands of real users.

For years I thought of doing it. Can’t be that hard. You can imagine how every component would work. You just need a few tables, right?

But it turns out a polished forum that people want to spend time on has infinite polish. Every feature explodes into a fractal of micro polish. You could spend your whole life improving it and handling rough edges and making it nicer to use.

The WYSIWYG editor being a good example. You could work on just that full-time and never run out of things to do. Or the daylight between a MVP notification system and a mature one that sends PM/email notifs, tracks high water marks, lets users mute certain threads, infinite polish.

I also thought about this but decided to go with Simple Machines Forum and I'm glad I did. Just looking at the dearth of options in the admin area is enough to make my head spin.

That being said, I probably will embark on a custom form just because I'm highly opinionated and capable.

I suspect that you mean the opposite of “dearth” (figuratively “scarcity; a lack or short supply”) something like “excess”, maybe?

Oh yes, thank you! SMH

There's a new name for all that these days: Digital Experience Platform (DXP)

We used to call them Enterprise CMS: SiteCore, Squix Matrix (now Squix DXP) and Optimizely (when it was EpiServer) are the ones I've built sites with.

85% of Wordpress users are businesses with less than 50 employees [1], in most cases it will be one person who is uploading and managing content and fighting with the config they don’t really understand. There’s a huge number of businesses filling a real need of making simpler versions of products (whether Wordpress, mailchimp, shopping). AI is just the latest version of that

[1] https://enlyft.com/tech/products/wordpress

I think the idea that every body are going to build their own SaaS product is likely wrong.

But that is also not the only was to have impact.

Whatbindo think happens is that everybody already building things will reduce or entirely remove their reliance on other SaaS tools.

So retool and other support products are likely dead.

The people who used these products are already more than capable of rolling Auth.

Yup, even without multiple users I took an open source speed reading app and quickly found myself a month deep in features just to expose it to multiple integrations for maximum accessibility. OAuth, MCP, CLI, API keys, secure and rate limited endpoints for content ingestion, parsing engine, a nice CI/CD pipeline that builds cross platform, a marketing site and it just kept going.

It was a test to see how much work was involved and what vibe coding felt like in one month. I plan on releasing it soon because I feel like it is the best speed reading app available but man it's a lot of work for even what seem like simple cases.

I'd be worried for anyone touching what I did if they did not have experience doing this.

>If you’re spinning up a personal CMS, great. Have fun, you’ll learn a lot. But once you’re dealing with multiple users (tens or hundreds) it’s a different problem.

Is it? Django was just a personal project that started as a CMS for a newspaper. And that's pre-AI, and pre tons of libraries handling all kinds of functionalty like 2FA to offload features to.

And the core backend design and functionality for a CMS is a stable target that hasn't changed in 3 decades, unlike with other software.

For my personal cms I'm using sveltia. But their oath page assumes the repo remote is also the IdP, this means my login button has a GitHub logo instead of Google logo. Now I had spare credits so I forked it. Next weekend I'm fixing their weird support for asset management in R2 buckets.

Agreed, the type of person who can say "I'll just build my own CMS" is not usually the type of person spending a significant portion of their job time using a CMS.

And you might say, well if they're somewhat technical (which is much more likely, think about eg technical writers or product managers or marketing teams) they can use AI to add more features. But when you actually have something at stake security-wise, that means you need to either put them on rails with something much more prescriptive (a "trad-CMS" lmao) or spend a bunch of time reviewing/fixing their code (which, since they're not the same kind of person as you, may not even be something they have any interest in doing, and kind of just gets in the way of them getting their message out on your site as intended).

That said, I think most tech companies will still roll their own internal tools to do this rather than buy it off the shelf, just because buying it through a vendor and fully setting up in a way that's secure and integrated with your business processes involves more work than rolling it yourself, and has a lot of ways it can go wrong.

IMO what you really want is some kind of FOSS CMS that works really well off-the-shelf for a small team, and has a strong ecosystem of integrations to add on SSO and visual editors and stuff like that as you grow, where you can also probably just hire someone to do that part since that would probably coincide with your business getting too busy for spending your time on an internal CMS to be the most effective use of your time. Which is literally wordpress.

It's just that wordpress is a death-by-a-thousand-cuts of mediocre quality/over-complicated stuff, and the core technology has some bad abstractions/shows its age, and that emanates out into everything else it touches. Also, while it's true that a static site is much better for most people, SOMEONE has to actually run a web-server for those files, and that does actually cost money to provide, so I've softened my thoughts on Wordpress doing that. It's not actually free for Cloudflare to do that for you, it's just a loss leader they can afford to give away because they have economies of scale and privileged access to the Internet.

> But once you’re dealing with...

All of this is spot on!

> FTA: One that’s superior to the admin panel of WordPress or Drupal?

When you get to that multi person team, has any one asked them if they LIKE the CMS they are using? Because I assure you that they appreciate the functionality but it isnt a tool that any one is happy about using.

Usable and Usability are NOT the same thing, it is a lesson that was lost in the dot com bubble burst, that we might need to get back to.

Wordpress has an amazing talent pool of experienced people. EmDash is starting from zero - but you have to start somewhere!

I’m very happy with WP, but I’ll be cheering on EmDash if it gets momentum.

WordPress lost a lot of "experienced people" in the last two years, after Matt Mullenweg decided to wage war on WP Engine.

I really do not know how true that is - or to what extent it matters.

I think the security issue is that people trust random plugins without reviewing them.

I’ve been running WP with small and large companies and no big security issues. You either build your own plugins or go with the trusted few you need to augment your operation.

Same. I've been working with and managing thousands of WP sites for over a decade and the only issues I've had have been with sites acquired from 3rd parties with random themes and plugins (and old WP versions) that break if you update something. Those have gotten hacked and have caused many headaches.

Basically no issues with sites built in-house. As you say, only reputable 3rd party plugins (like for SEO, caching, multilang) most others made in-house.

This is the way. WordPress's is so popular because you can get it to do or be anything. I have done some terrible terrible things to WordPress. Need a simple blog? No problem! Want a LMS? Sure why not! e-commerce? Go for it! CRM? Absolutely! Etc etc.

But there are many many "WordPress" developers out there that only know how to glue plugins together, so you often end up with plugin soup.

In the hands of someone who actually knows how to code you don't have any issues.

Huh? That’s not how i think you should be approaching that. I always run local, staging, and production sites. It’s easy to setup and deploy across.

How do you deploy menu changes from staging to production?

Ah. I understand your circumstances better. Short answer - I wouldn’t deploy menu changes. That’s usually low-lift that I would do it manually.

If I was doing it in a recurring basis I would investigate creating a process to export the menu data and import directly using a custom plugin. Or create (via plugin) and endpoint to sync both environments (a bit more work).

I did this one time before for a subset of pages and admin users. There are likely plugins that do this already but you could likely roll your own just for menus in an hour imho.

I’m not the one you asked, but when I did WP work a few years ago I would solve it via a hook that was triggered on Jenkins deploy. The hook would always fire and listeners to that hook would execute migration scripts and similar callbacks. For example used it to migrate some tags to categories and vice versa.

https://developer.wordpress.org/plugins/hooks/custom-hooks/

I remember when I looked at Wordpress for the first time, like 15 years ago, and was baffled that a dev/test/prod workflow involved copying filesystem content, database content, and changing URLs that got saved in the database. I couldn't believe what a steaming pile of garbage architecture it was.

Fast-forward to last year and I'm asked to look at it again. Surely, I think, in the ensuing time somebody would have rectified the architectural stupidity. It's a wildly popular platform, I thought. Surely it can't still be so terrible...

Fool me twice, I guess. >sigh<

> a dev/test/prod workflow involved copying filesystem content, database content, and changing URLs that got saved in the database.

This just sounds like deploying web software. You always have static assets that need to be deployed, the code/binary itself, and database migrations.

The "copying filesystem content, database content" part of that is perfectly sane. I should have phrased that better.

The insane part is the search-and-replace on the database backup to find hard-coded URLs referencing the environment's hostname. That's ridiculous. It speaks to the lack of serious operational experience that went into building the software.

Ah. That’s like a 15-line rite-of-passage plugin you write once and never have to worry about it again. Filter content going into the database and use relative uri for the same site. Configure everything else via environment variables.

I moved away from Wordpress altogether earlier this year because I got tired of babysitting MySQL.

I hate chatbot for situations like this but I get the reasons here. That said, I was hoping to get info on how it actually performed - nothing. There is nothing to suggest there is a clear metric for success and no hint of one either.

It’s just the euphoria of building something, but zilch about impact.

Nope.

CNN, CNBC, NYPost, Guardian all had stories up quickly, or around an hour. There are others too.

UPDATED:

Down-votes happen but disappointing since I'm stating facts. Heres some backup:

The user haunter said media started reporting around ~4 AM EST (based on timestamps).

The accident happened at 11:40 PM EST. Story publish times across a sample of various legacy/mainstream media orgs:

  CNN - 12:47 AM
  NYPost - 12:47 AM
  The Guardian - 12:50 AM
  Associated Press (AP) - 1:31 AM
  Fox News - 1:47 AM
  Newsweek - 2:24 AM

There are others.

The first Harry Potter ebook (with art) was about 1.3mb.

The average news article text (only) is usually less than 20 kb.

Opera Mini used to load many pages in <20kb.

“North America puts man on the moon”

Yes. Yes it is.

Now let's evaluate "America puts man on moon"

“America” has no other meaning? So USA means United States of USA?

Exactly, their name is a zip bomb.

Doing recursive acronyms centuries before it was cool.

> Its a common term for the USA that has no other meaning

Except, you know, the only “other” meaning of “America” is just literally the alternative name for Americas, both continents. Here is an obscure link to the description [0]. Even if you want to refer to North America, what about Mexico and Canada?

The less you know, the less ambiguous it is.

[0] https://en.wikipedia.org/wiki/Americas

A good title is brief and clear.

"'Miracle': European Space Agency reconnects with lost spacecraft" is long.

"'Miracle': ESA reconnects with lost spacecraft" is opaque.

The first four words of the article are, "The European Space Agency..."

ESA is one of the largest space agencies in the world. There’s nothing opaque about calling it ESA especially in a title. We wouldn’t use initialisms if everything had to be expanded all the time.

So is Roscosmos, but in such a situation, "Russia reconnects with lost spacecraft" would be the more accessible title

Personally I would prefer to call it "Roscosmos/ESA connects..." than "Russia/Europe connects". It adds information for free while keeping it short, just put it in the title. ESA is more specific than Europe or EU, so why make the title more generic and opaque than needed? It tells you it's not a random team of "Europeans", it's not an amateur hacker in the backyard, or some intelligence agency.

The expansion isn't really needed when it's a "household name" in the field. If you read a title about space industry there's no need to expand or explain NASA, ESA, Roscosmos, maybe not even for ISRO or JAXA, although I can see how some of these wouldn't be the most familiar for people in the West even when they have some interest in space news.

Chuck Norris doesn't upvote on Hacker News. His presence alone sends posts to the front page. No more.