Welcome to WebmasterWorld Guest from

Forum Moderators: ergophobe

Message Too Old, No Replies

Tips Before I Hire a Firm

Looking for tips from those who've been there when building a custom CMS.



8:18 pm on May 1, 2008 (gmt 0)

10+ Year Member

I think I'm going blind reading so much about CMS here at WW, lots of great stuff and I've learned a lot of great ideas. At this point I'm about searched out and was looking for some feedback on something specific.

Basically, our network is to the point we need to move to a custom CMS. We're just spending too much time writing content in Adobe GoLive and we need a lot of dynamic work from DBs and haven't been happy in our current environment.

So I've got a budget, and I've drawn up a pretty good list of specs. I'm about to place an ad in some classifieds and start researching some firms. I've used some freelance auction sites before and had some horrible experiences with some overseas companies, so I'm going to stick to someone either local or within the laws of the United States (where I live).

I was hoping for some tips anyone out there has learned about doing this process. Questions to ask, things to avoid, what not to short, etc. type issues would be greatly appreciated. I have a bad habit of learning things the hard way and I was hoping I could go into this process with my eyes wide open.

I really appreciate the opinions of the community.



10:44 pm on May 1, 2008 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Make sure that absolutely everything can be customised on a per-page basis.. Don't settle for fixed titles and fixed footers for example.


4:00 pm on May 2, 2008 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

>> Questions to ask

"Can I see a demo site of something you've done?" And make sure you see the admin end and it makes sense to you.

- set requirements for basic server stuff - pages that are not found send a valid 404 for example (it's surprisingly common for custom 404 error pages to return 200 OK).

- decided in advance how granular your need permissions to be. What is the lowest level (page edit or possibly partial page edit)?

- maybe hire a third party to do a security audit and write it into the contract that changes required by 3rd party audit are part of the spec. You might even be able to agree on who that third party is in advance. There are some "default" choices that should be acceptable to any developer (personally, if I were the developer, I would consider this free education in hardening my code and would *love* to see this requirement... unless I was told to start over because there's no way to patch the holes I've created).


4:36 pm on May 2, 2008 (gmt 0)

10+ Year Member

Good point on the 404/200 error issues, I didn't have that in my specs.

Also, I really like the security audit idea. One of the main reasons I'm building my own is because I don't trust Open Source CMS platforms in terms of security. It's okay for forums, not for my core.


5:38 pm on May 2, 2008 (gmt 0)

WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Frankly, an Open Source app will likely have better security than a custom app that is not audited or written by someone who doesn't know how to make it secure.

The problem with the open source apps is
- open architecture that allows for many attack points (i.e. poorly written modules).

- huge user base and identifiable signatures that make it worth mass random attacks.


12:52 pm on Jun 29, 2008 (gmt 0)

5+ Year Member

Hi Chris,
Ask them to make a small demo.
Demo should display 2 to 3 ways how to add/modify content and how to change boiler templates and how to make specific page customization.

Then take some pages from the your existing website and tell them to customize right in front of your eyes. Play with the tool in the demo. see your comfort level. I am sure you will meet plenty of gaps and expectation mismatch.

Go in the next round with the firm to improve.


2:50 pm on Jul 20, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Things I would ask:
- What are the key issues to manage with custom cms solutions
- Why would you use the technologies you have selected for this project
- How do you solve complex application design problems
- Who will you use to secure the application when its being deployed.
- How do you manage scope creep to get a win/win
- When I am close to signing, can I meet or talk to 2 or 3 cleints that you have deployed very similar (size, features, sector) projects for
- what are your rates for each area of the project
- what methodology or approach will you use to ensure its a success for both parties

I wouldnt insist on going local for this, you need the best a for custom CMS.

[edited by: ergophobe at 8:10 pm (utc) on July 21, 2008]
[edit reason] Minor edits [/edit]


1:31 am on Jul 28, 2008 (gmt 0)

10+ Year Member

Some sort of automated document management system if you have a large amount of documents (magazine/publication back issues) to upload or you will have to do it yourself manually or spend $$$ on hiring a contractor for weeks on end.

Featured Threads

Hot Threads This Week

Hot Threads This Month