Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I'm trying to alter my site in such a way so that when people view it, they don't know it's powered by Drupal. So, was wondering if there are any signs that give this away that I should know about?
Some of the giveaways I know of, are:
When adding content, it will say "node/add".
If the following file exists: misc/favicon.ico
etc
I'm looking for similar stuff?
Let's look at a fairly customized page based on Drupal: http://gemini-lights.com/ (a random page from the Drupal sites repository).
There are many giveaways:
if you change www.example.com/link/link2 to www.example.com/?q=link/link2 and it still works and points to the right page
www.example.com/user/1 gives you a profile page
resources (imgs, css, etc) are in /sites/all|example.com/themes/ or sth similar
there are CSS classes applied to many key elements of the site (like body) that do not change appearance - Drupal uses them to provide some info about the state of the page (like <body class="front not-logged-in page-front-page two-sidebars">)
probably many others
My advice is: don't try too hard with hiding the CMS of your website, if a hacker wants to find out what CMS you are running, he/she will find out. I'd focus on keeping the CMS up-to-date (Drupal makes this easy) and also watching out which modules you are installing - they are the most likely attack vectors.
Since this question is still getting many hits, let me update it with an example of a website of a major company (one of the biggest telephone companies in Poland), that, to my (pleasant) surprise ,is using Drupal for its main site, http://dialog.pl/:
The usual giveaway pages like /user/1, /login, etc. redirect to main page, so you can see the creators of the site have done their homework ;)
...but the source of the page contains my favourite give away: the usage of the zen theme: urls like /sites/all/themes/zen-dialog-main-page/../zen/css/page-strona_glowna.php or CSS styles applied: <body class="front not-logged-in node-type-page two-sidebars">
One more give away is the update.php page that has the familiar Garland theme (props to Kevin for this one).
As you can see, it's still possible to tell that the website is using Drupal - and this is a website of a major corporation. So the above advice still holds: don't waste your resources on trying to hide the CMS you used, keep it up to date (that's why the update.php file is probably still in place), monitor security vulnerabilities, use strong passwords, etc.
You're wasting your time:
Obscurity is not a form of security. And trying to hide Drupal may only tempt a hacker to beat you.
If there is a security flaw, you will almost certainly miss it and the hacker only has to try a specific attack vector. He or she is not going to check if it's Drupal or not. Your attack may come from software that won't care.
The changes you make to hide Drupal may actually make your site less secure. Especially if you change the core and are no longer able to tell if your site is up-to-date.
It's very likely that the effort you spend hiding Drupal can, instead be applied to a proven, effective security policy and get better results.
Login page is /user or /user/login
Admin page is /admin or ?q=admin
/node displays a listing of the latest nodes
/node/n where n is a number displays the node with that number (for example /node/1 displays the first node ever created)
The word 'node' or 'views' in objects' classes in view source.
In things which are paginated, page 2 is actually displayed as page/1 or /1 in the URL (Drupal pagination URLs are sort of geeky like that).
Like others have said, don't worry too much about this. It's a waste of time. Just keep Drupal core and all your modules up to date (you can even set it to email you when security releases are released for your installed modules) and you shouldn't have to worry about a thing.
Quick ways to find out if a site is a Drupal site.
Browse the source code and search for or Drupal.settings (appears on all sites using the google analytics module)
go to www.example.com/CHANGELOG.txt if Drupalsite, will show the current version.
There are a lot of other ways that indicate if a site is a Drupal site, but the above is fast and certain.
Other signs would be.
markup:
<div id="node-2020 ... (divs with id node-[number])
<div class="views- ... (divs with a class of views-[something]
class="clear-block" (clear-block is the drupal implementation of the clear-fix CSS trick)
Urls:
node
node/[number]
node/add
admin -> giving 403
admin/build/modules -> giving a 403
HTTP Expires header set to Dries' (the creator of Drupal) birthday
greggles (lead of the Drupal Security team) wrote an article about hiding the fact a site is running Drupal: Hiding the fact your site runs Drupal OR fingerprinting a Drupal site.
Some of the things that allow to know when a site is using Drupal can be altered, but in some cases it is not worth, or it requires resources that would be better spent doing something else, such as making Drupal more secure, or avoiding security holes in the site.
For example, the messages given to the users from the modules are an indication the site is running Drupal (and what version exactly), but altering those messages would mean change them every time a new module is installed, or a new version of a module is installed. The CSS classes is something else that helps understanding when a site is running Drupal, but changing them is not that easy, as some modules depend on a specific CSS class to work. The fact the JavaScript code uses a Drupal object also helps in catching a Drupal site.
New Answer to old question. This site will tell you if a site is built with Drupal, and could give your game away. It does give false negatives though, so it might be worth it to test it out with that website and see how well you can obfuscate.
You can't really escape people's suspicions. To do so, you'd have to change file-systems, stylesheets, markup, etc. This is unreasonable. Why does it matter if you're using Drupal?
I find http://wappalyzer.com Chrome extension an excellent tool for detecting what a site is powered by. This goes beyond detecting just Drupal and lists many of the 3rd party tools and underlying technologies a site uses.
People who knows Drupal may identify it by the source. But Drupal has no Generator Header like Joomla or others.
The expires headers are pretty unique as well. In fact they are set to Dries Buytaert (creator of Drupal) date of birth. As far as I can tell they have been set like the below since Drupal 4.6.
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Dead giveaway:
Try going to update.php, you'll get Access Denied (and the Garland theme).
Chrome has an add-on called Chrome Sniffer that shows what CMS any site is built on.
Related
My company's website runs through a PyroCMS install that was very expensive to build, but downright impossible to maintain. Also, it was built on a platform that did not use tags so the SEO of our blog is very poor.
I have built a replica of the blog on Wordpress and will be iframe-ing it into the Pyro install on the blog page. They are both hosted on the same server and the wordpress install is within the Pyro install.
My question is this: What do I need to do in order to enhance the SEO with the iFrame? Is there a better way to do this that I didn't think of? Basically, there are some good articles being written andI'd like the niche-ness of the topics to get move up on page rank.
Thoughts? Thanks.
~joe
It seems like you've got quite a bit on your plate with this website.
I recently (less then a month ago) signed up a client who's site is built on an equally difficult and very ancient platform. What we did is set up the blog as a page extension www.url.com/blog. The blog was on the WordPress platform and had all of our plugins added in as well (I can send you to a list of these if you would like). Doing it this way has multiple benefits of which the main are:
The blogs PR values is associated to the main index's authority.
Your index gets credit for all of the content being written on the blog.
The clients site I was telling you about, is already on page 2 for a few of their keywords (even though the site itself is no good). Obviously I would like to state that it isn't due to the blog that they are ranking, but it is a key feature as Google wants to see your site growing in pages with relevant, unique, shareable content.
Don't forget about social media and backlinks! Let me know if you have any other questions and please stay away from iFrames for many, many reasons...
Using iFrames will hinder your SEO efforts. Same goes for duplicate content (though dupe content may not apply in this case; I'd need more info). If I were you, I would not pursue this strategy.
I've seen iframed content get indexed as if it was really part of the page it was in, but yuor creating a massive battle for yourself.
One of the biggest issues of using iframes is that every page of your blog will look like it is on the same URL. Have a go. Move around the blog and check the address bar. No change.
This means people cannot bookmark, link to or return to a specific page on your blog. A really bad user experience as well as crippling your ability to acquire natural links to your blog pages.
There are further issues but that should be enough to mean do not use an iframe for a blog.
Answer: to enhance SEO for the iframe, don't use it.
Why do you feel you need an iframe in the first place. Is it to wrap the websites design around the blog. If that's the case, update the blogs template so it naturally looks like the rest of your website.
If it's because you don't like the domain the blog is on. Move it.
For about a year and a half I used Codeigniter to build my sites. Then a client begged me to build theirs in Wordpress. I soon found the joy of using a CMS (if Wordpress can be called that). So for about the last 8 months I have been using Wordpress as much as possible to buld my sites - I made the content fit the design.
Well, I began to grow very tired of the limitations of Wordpress - I needed more control and flexibility over my sites. So, I have recently started using Drupal 7 (not 6.x - I really like the admin panel).
After working with Drupal now for a little under two months - I have begun to feel like I'm using Stone Age Tools to build Space Age equipment.
So my question is: does Drupal get any better? Do you really have to use Views to display your content? Asking for help on the forums is just a shake better than asking a wall. I feel like to do anything requires a module. Why? Is one better off sticking to a framework?
"After working with Drupal now for a little under two months - I have begun to feel like I'm using Stone Age Tools to build Space Age equipment."
Well, my intiial reaction is that this is what you're going to feel like you're doing when you're working with Drupal 7, which isn't out of alpha yet. A good number of the folks who maintain modules haven't started upgrading to 7 yet, and that means that you're missing out on one of the great features of Drupal, which is it's wide and deep space of premade modules.
Try 6.
Do you need to use views to display all content? No, not at all. You can go in, create a new module, and write the sql and presentation that you want. Or you can find a module that will display things for you. Or, depending, you might be able to get the effect you want just by adjusting the theme you're using.
(As a side note, using an admin theme really pretties up the Drupal experience. I'm fond of rootcandy, although Rubik is nice too. Problem with Rubik is that it's not on drupal.org.)
The strength of Drupal is that by using modules, you don't have to re-write code that someone else has written - you can instead take that code and modify it (with hooks) to do what you want. This means you don't have to write an authentication/autherization system again - it's there in core. You don't need to write up openid handlers - it's in core. You don't need to write code to integrate with twitter directly - there's a module that contains an api that helps out. You don't have to write an xmlrpc server from scratch - you can use the services module.
You don't need to write a website from scratch. Instead, you can start with Drupal, add most of the functionality you need, and then spend your time making it fit what your client wants.
Firstly, you can install the Admin module to pretty up Drupal 6 admin. You don't have to use 7. 7 is still in alpha, by the way. Garland sucks, but, Garland is just a theme- its not 'the' admin itself. The Drupal admin can take the form of any Drupal theme, which is useful in its own right, depending on the use-case.
In Drupal, you can create content types clicking through the interface in Drupal 6 or 7. As far as I can see in WP3, you have to script it. A few clicks vs scripting, the choice for me is not hard there. The first way is a lot more efficient, and a task you can hand off to a non coder to get done.
You don't HAVE to use Views to display content.
You -can- use Views to make the display of content easier, by telling Drupal to gather data and provide a Page, Block, or Feed to display . This lets you create specific sections of content for areas of the site. Otherwise, you would have to create a node, and hijack its template, run a direct sql query yourself AND write the pager functions just to show something easy like the latest 10 "Press Releases" content type. Then, if someone added a new field to that content type, you have to update all that SQL code and display code. Views makes your life easier in that respect. In minutes you can flesh out site sections and arrange content in a myriad of ways. In Wordpress, this method of arranging content without functionality of Views is/was a modern nightmare and a reason I do not want to use it at all unless its a blog and nothing more.
The Drupal Support Forum is tricky. Not all modules are as active as say, Views or Pathauto (being two of the most popular modules). However, SO is also at your disposal. I answer a lot of Drupal questions here. The trick to the Forum there is you have to ask it in the right spot. True, sometimes you may have to wait a few days to get an answer, then again no one -owes- you an answer for a free product. Thats the nature of open source.
Every developer has their favorite modules to use with Drupal, and more often than not, its the same 20 or so modules. It depends on what you are doing, what you are trying to implement. It's not that 'everything needs a module' its that Drupal is such a vanilla install because Drupal does not want to assume your purpose nor overwhelm with options. The UX is something they are trying to improve anyway, and popular modules are making their way into core.
Well, I began to grow very tired of
the limitations of Wordpress - I
needed more control and flexibility
over my sites. So... I have recently
started using Drupal 7
Why not go back to CI? Drupal certainly has it's strengths, but I don't think Drupal will give you any more "control and flexibility" than Wordpress.
If the standard modules/plugins, themes/templates, from WP, Drupal, or Joomla, fill your needs, then using a CMS can be a lot faster than building a site from scratch. But, if those CMSs do not fill your needs, you could find yourself "fighting the framework" and never really getting what you want.
You're just coming out from WordPress, which has great support and is relatively easy to extend to overcome what you call its limitations, if you know basic PHP, HTML, CSS & JavaScript. Every framework has its own potential/limitations.
As a user of WordPress my humble opinion is that you should have stayed with it.
As of you last question, It depends, to stick with one and only one framework has its advantages and disadvantages, the best of all is that you get to know it very well and eventually learn how to extended it. The bad part is that very often frameworks lose popularity and you are left to you own without an active user community and support.
Regards.
All of the popular CMS products (I'd maybe add Expression Engine to the mix) are great for 80% of what you want to accomplish and a huge pain to handle the other 20%.
That's just the nature of the beast.
On the plus side, it's OS so there's lots of people hacking away at it just like you which opens up the potential for someone else already having invented the wheel.
And with bulky enterprise CM solutions like SharePoint I find that you have to reverse the equation to 20/80 (ugh!).
If you're discouraged with Drupal and prefer to stick with WP, WordPress has many thousands of plugins, including ones that can overcome the limitations you're running into and make WP behave more like a normal CMS.
Just do a Google search for "top Wordpress CMS plugins." There's a lot of articles out there that can recommend ways to get WP to do exactly what you want.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
I am planning to build a training site which will accommodate multiple users. It will also have lots of custom pages with videos in them. Which CMS/CMF is better suited for this project? Please advise..
Wordpress is designed from the ground up to be a blog, but also to be modular. Drupal is designed to be a complete CMS out of the box, but there are also extensions for Drupal too. Both are CMS systems, but again, Wordpress is really designed to be a blogging platform. Also, Drupal is a little more complicated at first and has a higher learning curve.
However, you can do what you are trying to do with either one. In addition to out of the box functionality, you can customize both Drupal or Wordpress. People tend to specialize in one or the other, and the choice comes down to personal preference (people make a living off of being Drupal or Wordpress developers, that's what's great about open source!). Once you become proficient in PHP and the CMS platform of choice, you can build your own extensions/modules and have a very custom website, but I would minimize customization to only what you absolutely need. If you are creative in using the framework and freely available modules, you may not need to write any code.
Lastly, Drupal is getting a complete re-write with version 7, which people have been waiting a long time for! If you want to get into Drupal, you may want to look into the newest version.
Edit: Personally, I prefer Wordpress, I think the admin section looks great, gives you a lot of control, but without being overwhelming (however, my opinion doesn't really matter). I really think Wordpress has a lower learning curve. I'm also pretty sure, although you haven't given many details, but if you are planning on having simple pages with videos on them, and want access to those pages to be restricted only to authenticated users, I'm pretty sure you can do that without any custom PHP coding, just some HTML.
Here's a couple helpful links for Wordpress:
Restrict Page View to Authenticated Users
Setting your Posts or Entire Blog to Private
It can be confusing trying to decide which CMS to dive into; I hope that helps a little!
The answer is Drupal.
I've been running various websites, and few years ago I decided to use Drupal as my main CMS engine and I never looked back.
I used Joomla, phpNuke, Mambo and WordPress before and nothing is as flexible, as maintainable as Drupal.
My biggest website – www.mugen.pl has 14853 registered users so I can confirm Drupal is just perfect for big, heavily used web portals.
Drupal has few wonderful 'social-networking' modules I make an excellent use of to make sure my users are keen to stay on the website, sneak preview: (sorry, I've got only screenshots in Polish):
(source: mugen.pl)
Unfortunately for Drupal, sometimes it takes a while to understand this system. Some theming stuff is not that obvious at first, but the online community is huge and always helpful.
Additionally, Drupal has excellent support for SEO. It’s built-in “path” module allows to set custom URLs for every item on the page, and other available modules (i.e. Nodewords) allow to set custom meta data for every subpage.
When you decided to go with Drupal, you should have a look at the following modules:
Content Construction Kit - http://drupal.org/project/cck
Views - http://drupal.org/project/views
Custom breadcrumbs - http://drupal.org/project/custom_breadcrumbs
Last Node - http://drupal.org/project/last_node
Nodewords - http://drupal.org/project/nodewords
Fivestar - http://drupal.org/project/fivestar
Go with Drupal ;-)
With the new release of WordPress 3.0, I would have to say WP. Many useful updates just came around the bend (menu system et al) that make it even easier to create a "site" out of a WP installation instead of just a "blog".
Drupal is extremely powerful and accommodating to the time-allowed developer, but falls short on the ease-of-use-side of things (at least from my experiences.
In short, if you're looking to make a site that's easy to install, update, and maintain - especially for posting media, go with WordPress.
Hope that helps.
Read both JohnB's and Lance May's answers. The choice is quite tricky so the only way you can make a good decision is to do your own feature comparison/score matrix.
List all the features that you need and assign importance score to them - then objectively go through both systems (or ask again on so) to get their scores.
This will also help you if you have to justify your decision later.
In the end both are good, both have quirks and both will get the job done.
WordPress is just easy to understand, for both the developer and the content editors.
WordPress is best suited for sites with:
1) Typical CMS needs - Pages, Posts, Menus - I would also include embedded videos in this list
2) Low to Moderate Traffic Loads - I know there are sites like Smashing Magazine that user WordPress under high-load, but I am sure there is some custom code added to introduce a better caching architecture and multiple servers
3) Hand off to Client for Content Editing - In my opinion, the best feature of WP is the admin user interface. The sleek visual design, smart use of ajax controls, and the simple layout makes it possible to hand off content editing to "non-technical" people
When I start a WP site, I create a new theme with two files, index.php and styles.css. Then I build my own, custom theme, that is uniquely designed for my project. Examples of my work are http://perqworks.com, http://janemonheitonline.com and http://generalordersno9.com. As you can see, these are not blogs, but CMS sites. I agree, WP was a blog platform, but it has proven itself as a CMS-lite application.
I prefer WordPress because of its extensibility and easy install and modifications.
Version 2.0 has introduced a bunch of features (like custom post types) that makes using it as a CMS easy.
Wordpress is mostly use for blogging and Drupal is used for creating websites. YOu should consider using drupal for that ;)
You may be lured to WP immediately from how quick it is to get started. But in the long term, do yourself a favor and use Drupal. It's a proven CMS framework and less prone to security issues from contributed modules. I can count on two hands how many times a WP plugin has bit me in the ass, even highly rated ones. It has very granular security also, so you know exactly what your users can and cannot do.
I've used both and Drupal is just easier to extend and configure. I don't get why people think it has a huge learning curve.
I also think a big deal breaker is the end user experience - WordPress makes it just so damn easy to manage your website, all whilst looking (in my opinion) rather beautiful at the same time.
Every client I've handed a WP site to has been impressed with it's simplicity - as the iPad put it;
You already know how to use it!
I prefer Drupal over Wordpress . Drupal is made for flexibility . But you must know how to do it , ie all . You may need some time to read how to do with that module x and how to with module Y . But once you have learned you will be comfortable to do any site.
The main advantage of Drupal is CCK and Views . Wordpress 3 have come with CCK , but Drupal has it from version 5. Now we are moving to 7, and it still misses Views :) . Yes ofcourse wordpress is a wonderful tool for blogging with ease. But when talking other than blog, you may want to opt for Drupal . Once you have learned how to do with drupal , you will never say wordpress .
If some one is against Drupal then he may have not used or learned it to the extent :) . So my suggestion for you to checkout Drupal 6 for now , as Drupal 7 is still in alpha for the present time.
I'm going to be moving my website to a CMS in the coming months I'd I need some help on choosing an appropriate CMS. Many of the websites I've seen tend to say "use Drupal, hands down". However, my website truly doesn't have a need for commenting or community features. Its pages will need to be modified occasionally, but not extensively. My website will also consist of many programs, each with their own sub-pages and menus.
There are probably 25 people that will need access to the content on my website and will need the ability to update it.
I do like the idea of being able to tag and categorize the content, and the modular aspect of Drupal but is it really right for my website? If not, which CMS may fit my needs better?
It sounds like Drupal would be an excellent solution to your company's needs. I used to recommend WordPress for smaller, single-blog type sites, but now, even for those, I recommend Drupal because you can start small and scale up as your needs grow. It has a very dedicated community and there is a module for just about any need you may have.
I would agree with Drupal. The thing about Drupal is that you start out very small and add on as you need things. There is a ton of documentation, it is well coded, always being expanded on, good forum support, and free. It's the easiest to install, most problem free, and most maintainable CMS system I've seen so far.
You can turn Drupal commenting off with the press of a button, and if/when you decide to add onto your website, perhaps you want an ad rotator, more extensive user permissions, etc, etc, it is all already developed for you and ready to go.
I am not sure if Wordpress supports multiple users on a site.
The smallest you can go for a CMS is something like 10kCMS or the more popular TinyMCE
If it is something small I will go with WordPress as it is easily themed and extensible. There are a lot of community plugins and support. Their documentation is also fairly simple as they don't have a thousand of functions and stuff you need to remember and understand. With some creativity the basic functionality of WordPress is sufficient to solve almost all problems that might arise in small to mid-size website.
I also like Drupal, but you may consider Umbraco as well. http://umbraco.org/ I'd use Umbraco over Drupal if your team is stronger in .Net than PHP. (Really, I think that's a larger concern - what are your organization's strengths? Play to suit them. You are making a decision that will pave the way for many developers besides yourself, and business decisions of your company.) Both are extendable and open source so you can write your own modules/components to customize. It may be cleaner to import into Drupal tables than Umbraco, since it goes down to xslt files. (EDIT: This looks to be no longer the case in the new version - http://umbracohosting.com/umbraco-4---get-excited/one-cms-any-database) From a front end dev perspective, both offer great control of the final output.
From working on legacy stuff a lot, you may end up hiring interns to do the gruntwork. There's bound to be tons of inline tables and all sorts of un-reusable code in there, it may be easier to scrape the content manually and start w/clean markup for the content portions.
I'm searching for a way to put widgets from several services (PicasaWeb, Yahoo Pipes, Delicious bookmarks, etc.) on the community site I host on Plone (currently 3.2.1). I'm looking for a way to allow a group of users to use dangerous html tags.
There are some ways I see, but I don't know how to implement those. One would be changing safe_html for the pages editors own (1). Another would be to allow those tags on some subtree (2). And yet another finding an equivalent of "static text portlet" that would display in the middle panel (3). We could then use some of the composite products (I stumbled upon Collage and CMFContentPanels), to include the unsafe content on other sites.
My site has been ridden by advert bots, so I don't want to remove the filtering all together. I don't have an easy (no false positives) way of checking which users are bots, so deploying captcha now wouldn't help either.
The question is: How to implement any of those solutions?
(I already asked that on plone mailing list without an answer, so I thought I would give it another try here.)
Solution (3):
Use TAL portlet to add non-filtered HTML/JS snippets
Use ContentWellPortlets to show these portlets above or below your content.
I haven't used Plone 3.2 but there were some tools in the root directory of the Plone site when using the ZMI that allowed this. I can't remember if it was in "portal_transforms" or not, but I think so. It allows you to specify what tags in the HTML are allowed. I don't remember if it was something that you could control using the security settings (e.g. role based) or whether it was just a site wide setting.
Sorry for the vagueness but I just figured since you haven't gotten an answer that I'd tell you what I knew (little as that may be).
In Plone Site Setup there is a configlet for HTML Filtering. That may be useful.
PS: SO makes it so hard to help if your points is less than 125. May be I will just stick to the plone users mailing list.
PPS: That should make the answer "more complete"