Welcome to CMS Made Simple

Main Navigation

Personal tools

Log in / create account

Views

How to

From CMSMS

This page in: English - Deutsch - Français - Svenska - Русский - Norsk - Polski - Nederlands - Español - Lietuvių

How to Tutorials

Here's the place for tutorials. If you have created such one please post it here or a link or ask in forum for uploading to main server.

How to motorize your old plain html static site with CMSms

This tutorial originates in a forum thread asking for moving a 70 page .html site over to cms without losing search engine rankings.

You have a site of 10-100 web pages. These pages are plain static HTML. You update them with a text or HTML editor and upload them to the hosting location with your favorite FTP tool.

Over the time, you have tried to keep some harmony among your pages. A templating feature in your HTML editor may have helped. But this tool has reached its limits : you can't easyly reorder the navigation, nor add new web features. Your pages begin to visualy diverge and it is a pain to maintain links.

Now you want a 21st century web site : a content management system taking care of templates, menus, links and other things like sitemap and RSS for you. You would like content updating be easy without knowledge of FTP or HTML/CSS. So you would like to motorize your old site with CMSms, strengthem its visual rendering and keep its search engines' rankings. Welcome, read on.

Step 0 : Discover, try and select CMSms

Firstly you should select CMSms among other CMS products. CMSms must fit your needs and you need to feel it suitable for you. In order to do this :

Review its features and compare with other products. Read some product advocacy from happy users.
Make your own opinion about it : try it on a fake hosting (may be play with it on your laptop with XAMPP). Install the sample content, which includes a tutorial. Try to modify/add pages content, templates/layout, menus, themes... Do you find it simple enough ? Is it intuitive for you ?
After you have choosen CMSms, check its hosting requirements and select an approriate hosting provider.

Step 1 : Install CMSms on your production hosting

So you have a internet domain for your site, say domain.net. Your old plain HTML pages are available at domain.net/aboutus.html, domain.net/products.html, domain.net/solutions.html etc. And your old home page is domain.net/index.html. This name "index.html" is the default of the webserver as its configuration states :

DirectoryIndex index.html (example with Apache)

You are going to install CMSms which is PHP software. The webserver now needs to respond to it. Update your webserver configuration like this :

DirectoryIndex index.html index.php (still an Apache example)

This means that when domain.net/ is requested, the webserver will first look for domain.net/index.html (and still serve your home page) then for domain.net/index.php and then answer 404 not found if none is available. Hopefully your hosting provider already has set up this for you. As you are moving from the HTML site to the PHP one, it is important to have the indexes in this order, so you can build your CMSms PHP site while still broadcasting the old HTML one. When you are finished building, deleting (or renaming) your old index.html will switch your webserver to the new PHP powered site.

The idea is to migrate in the background and to switch when ready :

Once you meet the hosting requirements, install CMSms following the guide.
Keep your static pages along for the moment.
Check the CMSms install is working. (you can copy/add a page/template/style sheet and modify it...)
Check the old HTML site is still available. (domain.net/aboutus.html, domain.net/products.html, domain.net/solutions.html etc are still available)
You can start to customize the dynamic site with themes.
You need to activate external (webserver's mod_rewrite) pretty URLs. See the optional settings in the install guide.

Step 2 : Move your content

Now it is time to start "replicating" one simple static page and then to treat all of them.

For example domain.net/aboutus.html :

Log in the admin.
In the content, create a new page.
Important : give it the "aboutus" alias.
Set its title from the old static page's title.
Copy the content of you old static page and paste it in the new page.
Assign a template to the new page.
(Backup and) delete the old aboutus.html file on the webserver.
Browse to domain.net/aboutus.html to see the new dynamic content responding.

Check that links like domain.net/products.html still serve old static files and that links to and from the new dynamic page works. Then you can wait 2-3 weeks and see how search bots have responded to the change. If they treat it like the static file it has replaced, you can go on moving the content while keeping your URLs (and your ranking) thanks to aliases.

Lastly you move index.html's content, delete the file and thanks to pretty URLs the Net still sees your home as index.html.

Step 3 : Enjoy new features

You have now a dynamic site. You are able to manage more pages (and several editors) and keep harmony thanks to templating. But you get more than that :

Menus are dynamic. You can customize them with Menu Manager.
The map of your site is generated by a simple {sitemap} in any template.
Play with the News module and export an RSS feed.
Try other modules : RSS, Front End Users, AdSense...

How to install on a non dedicated database

You have web hosting with PHP and a database. You need to share your database with some other software you'd like to host along with CMSms.

No problem : CMSms prefixes its tables/objects in the database. You can even change the "cms_" prefix during installation to have several installations of CMSms sharing your database. Each installation has its own "config.php" file with reflects the prefix and other settings.

How to install CMS Made Simple using cPanel

cPanel is a control panel used by many hosts, this guide is intended to provide a basic start for newbies using it.

Step 1: Configuring a database

First of all, you need a database, and the rights to use it:

go in MySQL Databases
create a database (Current Databases section)
create a user (Current Users section)
assign to the user all database privileges (Add Users To Your Databases section)

Step 2: Preparing files

Now it’s time to use the cPanel File Manager. There are some things you should know about it:

the “CMS Document root” (as seen from the webserver) is different form the “Path to the Document root” you type in the browser, this means the writing /public_html/ won’t appear in the URL
you have to upload pages in the /public_html folder if you want browsers to be able to see them
to display options for a file (or folder) you need to click on its name
to enter a folder, you need to click on the icon on its left

Let’s upload the .zip (or .tar.gz) file downloaded on your PC from the CMS Made Simple website:

open the File Manager
enter the /public_html/ folder
click the Upload button
click Browse... and select the file
click Open and...wait some minutes
when the file is uploaded, a message will appear.

Well, decompress the archive:

click on its name, options will appear on the right
click on the Extract option
as decompression is finished, a log window appears (close it)
refresh the File Manager page to see the new folder (click on the / public_html / link at the top)

As you can see, the new folder has a pretty complex name (public_html/cmsmadesimple-1.x). You'll better give it a simpler name:

click on its name to display options
click on the "Rename this folder" function
use "cms" as the new name

You are almost ready to install your CMS:

go into the folder we just renamed (public_html/cms)
click on the the "Create new file" link (it’s between folders and files)
name the new file config.php

Step 3: Running the installation

What's left ? Well, running the installation:

open a new page in your browser
type the URL to run the installation, it will be something like www.sitename.hostname.com/cms
follow the steps (on a step you'll be asked for some MySQL details: if you don’t remember them, look in the MySQL Database section of your cPanel)

How to move your CMSms installation to a new server

It is a simple, four step process to move your installation from one server to another.

Step 1: Clear the Cache

Login to admin, go to Site Admin/Global Settings and clear the cache. This reduces the number of files you need to copy.

Step 2: Move the Database

Using PhpMyAdmin, or any other database management software, create a backup/export of your CMSms database. Use this backup/export to create/import a new database on the new server.

Step 3: Copy the Files

Using your FTP software, copy all of the files from your old site to your new site. Remember to check the permissions for the folders on the new site to ensure they are set correctly, i.e. all cache, uploads and any other folders or sub-folders that need to be writeable, are writeable.

Step 4: Modify config.php

In the config.php file, find the Database Settings, Path Settings and Image Settings sections and update them with the paths and settings applicabe to the new server.

How to Secure CMSMS system - Small Guide

This guide is a brief summary of all security hints found digging in CMSMS forum, wiki and other website. This guide won’t be exaustive, is open to wide contributions, and could be subject to errors, please add your feedback.

System Settings: (unix like)

Keep your system always update (use cron to notify new system update via mail).

Run your apache system in chrooted-jail mode.

Use strong password for root, and never login as root, use sudo.

Login remotely to server only via secure tunnel (SSH).

Protect your server with a firewall/DMZ and monitor all access with SNORT.

Install only needed software and remove all unneeded services/software/daemon.

Expose only needed ports (80, 443), not others.

If you want to install a db manager tools like phpmyadmin, rename default program directory with a fake name (eg. "/pma39xRlklkLK3d") and protect directory with .htaccess and .htpassword (find more on apache website and other nice site.

Check often apache logfile (access.log and error.log) and system log files.

Backup is your last chance. So backup, backup and then backup again.

Make a full backup of your system. You can use a tools that build a bootable image of your HDD (or a copy of your virtual server image file). Backup often your mysql dump and your CMSMS files (/images, /uploads and other specific). Use a rotate schema for backup

Note for paranoid users: create mutiple backup copy and keep the medium in separate places far away from each other.

PHP settings:

Use these minimal security settings in your php.ini

disable_functions = exec, show_source, shell_exec, system, popen, proc_open, proc_nice, ini_restore, passthru,dl
expose_php = Off
display_errors = Off
log_errors = On
register_globals = Off
allow_url_fopen = Off
allow_url_include = Off

Note: The first row should be commented out only during some particular module operations that require to use those functions.

If you haven't special needs while running PHP, you can uninstall all unnecessary/additional PHP modules (e.g. CLI). Some functions (like GD) will stop to run, so make some tests before removing all.

Remove unused extension directive in php.ini

Check php.ini file permission and file owner for your specific system.

Apache Settings:

Create if not exist a file in your root CMSMS installation named .htaccess with this section:

RewriteEngine On

#option to remove directory listings in all folder (avoid publishing unwanted contents)
Options -Indexes


# Deny access to config.php
# This can be useful if php ever breaks or dies
# Use with caution, this may break other functions of CMSms that use a config.php
# file.  This may also break other programs you have running under your CMSms
# install that use config.php.  You may need to add another .htaccess file to those
# directories to specifically allow config.php.

<Files "config.php">
    order allow,deny
    deny from all
</Files>


# URL Filtering helps stop some hack attempts
#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]

#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]

#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]

#OR if the URI contains a "<script>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#OR if the script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

#OR if any script is trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]

#OR if the URI contains UNION
RewriteCond %{QUERY_STRING} UNION [OR]

#OR if the URI contains a double slash
RewriteCond %{QUERY_STRING} // [OR]

#OR if the URI contains a *
RewriteCond %{QUERY_STRING} \*

#then deny the request (403)
RewriteRule ^.*$ - [F,L]

# End URL Filtering


# No sense advertising what we are running
ServerSignature Off

# HTTP response header forced to be "Server: Apache" only
# Sometimes this istruction must be saved inside httpd.conf or apache.conf or sites-enabled instead of .htaccess
ServerTokens Prod

CMSMS Settings:

Use a strong password for admin login

Never use "admin" or "administrator" as CMSMS admin username. Use a different nickname. Pay attention if you post some news article with admin account, the name is exposed.

Rename admin directory with a fake name (e.g. "admin39xRlklkLK3d"). Don’t use a name easy to guess. Remember to change also /config.php with your new name $config['admin_dir'] ="admin39xRlklkLK3d"

Protect admin directory with a password.

Many host provider offers a way to do this in their webpage. If you are enabled by your host provider modify apache SSL config using this setting:

<Directory /var/www/ admin39xRlklkLK3d>
     AuthName "Protected Area"
     AuthType Basic
     AuthUserFile /var/www/ admin39xRlklkLK3d /.htpasswd
     require valid-user
</Directory>

here /admin39xRlklkLK3d /.htpasswd

youruser:yourencryptedpassword

Force logging in your CMSMS system using SSL

To achieve this use this settings: in your admin directory create this file

/admin39xRlklkLK3d /.htaccess

# force all access to /admin to SSL protected page
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Check permission of config.php file.

While installing or upgrade should be 777. As soon as these tasks end, lower file permission to 444 or if it works to 440. If you haven’t SSH access to your server use your FTP or Filemanager via Control Panel (e.g. Plesk)

Check permission of /tmp directory.

Try to lower permissions of this directory and related subdir. You can try step by step from 775 to 755 to 750.

Check permission of /uploads directory.

Same as above. Check if your website works fine uploading some images and trying to display in your browser In Global Settings of CMSMS use 002 as umask for creating thumbnail.

Don’t expose your CMSMS release number in your site expeciallyin homepage!!!

If you forget to upgrade your system to latest release all the world will know (thanks google Smiley

Protect your /lib directory

create an /lib/.htaccess file with this code

order deny,allow
deny from all
allow from 192.168.0.0/24 #your admin network
# allow files .js in /lib avoiding errors related to js calling e.g. tag {startExpandCollapse}
<Files ~ ".*\.js$">
 Order deny,allow
  Allow from all
</Files>

Another option for that could be

order deny,allow
deny from all
<Files ~ ".*\.css|.*\.js|.*\.gif|.*\jpe?g|editor.php|thumbs.php|images.php|editorFrame.php$">
Order deny,allow
Allow from all
</Files>

Protect your /tmp directory

create an /tmp/.htaccess file with this code

<Files *.php>
    Order deny,allow
    Deny from All
</Files>

Protect your /uploads directory

create an /uploads/.htaccess file with this code

<Files *.php>
    Order deny,allow
    Deny from All
</Files>