Speed, Database handling and security
Permalink
Hi C5 folks,
I recently built a quick site for a client. It consisted of 5 pages with numerous graphics loaded to the file system. I used the dark chocolate theme as the starting point to creating my theme.
After creating the site here's a few issues that I found:
1) I initially installed the "addthis" plugin. However I found that it was generating a database connection error that was crashing the site. I have since de-installed it.
Gives me a bit of pause on how some of the other plugins are constructed.
2) The speed of the page loads. This could be increased a little bit if you gave the option to asynchronously load javascript or load it at the end of the pages, depending on the function. I found the page load time to be pretty slow when considering the small size of info being pulled from the database.
3) In terms of delivering mobile compliant CSS and HTML, I used the page editor to construct a few layouts. Granted I just banged out this site and didn't spend the full time developing a real mobile template, but I despite this I would expect that some compliant HTML be formed by the editor. the pages I constructed look fine in a browser or an ipad, (however the Vimeo plugin fails to load even when specifying iframes) but when it comes to smartphones, Iphones, androids , etc. --the CSS constructed by the CMS in the editor loads incorrectly, if at all.
4) My other major issue with Concrete5 is in terms of security. I find that when you try and set up a CDN to serve files to speed loads, and the only way to make it work well is by changing folder permissions to 777, to be a possible security risk. Another area for security concerns: The lack of a security lock out for log on attacks. Plus the front page link log on is a minor concern as well. Although that can be easily removed in the template.
My main concern though is the robustness of the database handling. I have a site that needs to redeveloped that has roughly 1000+ articles in it. And based on the small 5 page site I've made I'm worried that Concrete5 will never handle that.
So of course I welcome your input.
I recently built a quick site for a client. It consisted of 5 pages with numerous graphics loaded to the file system. I used the dark chocolate theme as the starting point to creating my theme.
After creating the site here's a few issues that I found:
1) I initially installed the "addthis" plugin. However I found that it was generating a database connection error that was crashing the site. I have since de-installed it.
Gives me a bit of pause on how some of the other plugins are constructed.
2) The speed of the page loads. This could be increased a little bit if you gave the option to asynchronously load javascript or load it at the end of the pages, depending on the function. I found the page load time to be pretty slow when considering the small size of info being pulled from the database.
3) In terms of delivering mobile compliant CSS and HTML, I used the page editor to construct a few layouts. Granted I just banged out this site and didn't spend the full time developing a real mobile template, but I despite this I would expect that some compliant HTML be formed by the editor. the pages I constructed look fine in a browser or an ipad, (however the Vimeo plugin fails to load even when specifying iframes) but when it comes to smartphones, Iphones, androids , etc. --the CSS constructed by the CMS in the editor loads incorrectly, if at all.
4) My other major issue with Concrete5 is in terms of security. I find that when you try and set up a CDN to serve files to speed loads, and the only way to make it work well is by changing folder permissions to 777, to be a possible security risk. Another area for security concerns: The lack of a security lock out for log on attacks. Plus the front page link log on is a minor concern as well. Although that can be easily removed in the template.
My main concern though is the robustness of the database handling. I have a site that needs to redeveloped that has roughly 1000+ articles in it. And based on the small 5 page site I've made I'm worried that Concrete5 will never handle that.
So of course I welcome your input.
To tag on to what Kirk mentioned on the robustness. C5 really shines on larger sites that the small ones. Now I have many smaller sites I did for clients and I have some basics I do in the .htaccess file to speed some things up via caching.
However what I have found is C5 scales extremely well. While it may be a tad slower when compared to others at the 5 pagers it maintains speed through well over 1000+.
I am working on a global non-profit site for Entrepreneurs where we expect to have 50k members and several thousand pages, forum posts, blogs, etc. Obviously we had to test to make sure that was going to work. So I generated using a script, 10k pages of content. Many different types. We then using several load testing scripts and people to hammer the life out of it.
What we found is a very robust system, that is capable of a lot of content and a lot of interactive users. We chose C5 at first because I was a big fan of it, but it held up against a lot of other systems out there.
As far as the CDN piece I would have to ask how your PHP is setup. Are you using suexec? Even if so there are ways to secure a folder that is chmod 777 to help avoid issues. So simple, some not so simple.
Don't understand your question on CSS.
However what I have found is C5 scales extremely well. While it may be a tad slower when compared to others at the 5 pagers it maintains speed through well over 1000+.
I am working on a global non-profit site for Entrepreneurs where we expect to have 50k members and several thousand pages, forum posts, blogs, etc. Obviously we had to test to make sure that was going to work. So I generated using a script, 10k pages of content. Many different types. We then using several load testing scripts and people to hammer the life out of it.
What we found is a very robust system, that is capable of a lot of content and a lot of interactive users. We chose C5 at first because I was a big fan of it, but it held up against a lot of other systems out there.
As far as the CDN piece I would have to ask how your PHP is setup. Are you using suexec? Even if so there are ways to secure a folder that is chmod 777 to help avoid issues. So simple, some not so simple.
Don't understand your question on CSS.
I wish I could tweet this reply. a feature request C5 team! :-)
Regarding #4 - we do have an IP banlist feature that you can enable. It won't disable a person from browsing your site but if a particular IP fails to login at a certain threshold they will be blocked from logging in. This doesn't attach itself to a particular account, however – just to that IP.
And regarding 777 permissions – we typically tell people to do this because it's easier than saying "make the folder writable." However there shouldn't be any checks in concrete5 that assume 777 permissions. We should be using is_writable() to check the folder (which will work with setups like php suexec.)
We do create the file subdirectories in the files/ directory with 777 permissions – but I could see us instead creating those directories with the permissions of their parent. That way on a shared server you could setup phpsuexec with 755 permissions on the files/ directory and we'd inherit those down the tree.
And regarding 777 permissions – we typically tell people to do this because it's easier than saying "make the folder writable." However there shouldn't be any checks in concrete5 that assume 777 permissions. We should be using is_writable() to check the folder (which will work with setups like php suexec.)
We do create the file subdirectories in the files/ directory with 777 permissions – but I could see us instead creating those directories with the permissions of their parent. That way on a shared server you could setup phpsuexec with 755 permissions on the files/ directory and we'd inherit those down the tree.
Thanks for the info all.
I think the problems from the site arose from ADD This
and from my client's lousy webhosting company.
I warned them to find better, but they are cheap--so that's what you get.
But I still have a couple things that would be nice to add to Concrete5 which I'll post in the wish list.
Thanks for the input all.
I think the problems from the site arose from ADD This
and from my client's lousy webhosting company.
I warned them to find better, but they are cheap--so that's what you get.
But I still have a couple things that would be nice to add to Concrete5 which I'll post in the wish list.
Thanks for the input all.
I might get roasted for this, but if you're building a really small site and locked into bad/slow hosting then c5 might not be the best choice. For that type of situation I've become a big fan of Perch:http://grabaperch.com
2) My experience is that c5 performance can be spotty on certain hosting setups, particularly lower budget ones. Make sure you have page caching turned on and do regular page loading optimizations (check out Yslow or Google Page Speed for suggestions).
3) Not sure what you mean by "the CSS constructed by the CMS in the editor loads incorrectly, if at all." The CSS is part of your theme or block. This issue may actually be tied to #1. That's the behavior I experienced on my other site with the AddThis kerfuffle.
4) Someone else is going to need to answer this one.
> My main concern though is the robustness of the database handling.
I'd say that the robustness of c5 makes it a better choice for the 1000 page site than the 5 page one. c5 can certainly power tiny sites, but it's probably overkill.