3aIT Blog

We often refer to a CMS (Content Management System) in relations to websites that we build, but what is a CMS?

In this case, the name is a pretty accurate descripton of its purpose. A content management system is something that is usually installed as the back-end of a website (although a website isn't the only application) that provides a user-friendly way of managing the content on that website.

When we mention a CMS, we are invariably referring to Joomla or Wordpress - the back-ends we usually install to allow our clients to manage their website. There are other website CMSes available (Drupal is the other major player), but we find Joomla fits most big projects, and Wordpress is the right fit for a few of the smaller sites.

In a website context, the main purpose of the CMS is to allow you to create and edit the text and images that make up the bulk of almost all websites. However, there's many other things these systems enable you to control. For example:


A CMS can provide an interface that allows you to provide multilingual versions of content. For example, Joomla has a language option that you can set for every article, menu item and many other elements that allows you to publish that content to a version of the site in that language only.

Revision Control

Both Joomla and Wordpress save the last few changes made to page to enable you to roll back to a previous version if changes have been made that need undoing.

Access Control

Users of the CMS can be set up with differing levels of access. This means, for example, you could give a user a login that allows them access to create blog posts, but doesn't allow them to change the website menu or install extensions that could adversely affect your website if not configured correctly.

Template Selection

Allows you to apply varying templates to your pages at the click of a button rather than having to code each new page from scratch.

The one downside of using a major CMS like Wordpress or Joomla is that attackers are always on the lookout for ways to compromise these systems so they can hijack many websites at once. This means you always have to stay on top of updates (and is the reason we provide a CMS maintenance contract for people that are not comfortable performing these updates themselves). While smaller / bespoke CMS systems are certainly not immune from attack in this way, these are generally not worth the time to try and compromise, as the number of sites that could be affected by this will be minimal, so not worth the effort.