Content management system

from Wikipedia, the free encyclopedia

A content management system (short CMS , German  content management system ) is a software for communal creation, editing, organization and presentation of digital content (content) mostly for use in Webseites , but also in other forms of media. This content can consist of text - and multimedia - documents exist. An author with appropriate access rights can operate such a system in many cases with little or no programming or HTML knowledge, since the majority of the systems have a graphical user interface.

CMS places particular emphasis on media-neutral data storage . For example, content can be called up as a PDF or HTML document, if desired ; With fully dynamic systems, the formats are not generated until the query. A classic relational database is usually used to store content (such as MySQL, PostgreSQL; which databases are supported by a CMS is listed in its system requirements). There are also some complex enterprise CMSs that do without a classic database. There are also flat file content management systems in which the content is saved in files . In addition to proprietary CMS, open source systems are also widespread. In the years 2010-2020, WordPress had a market share of over 50% among web CMSs. The best known and most widely used web CMS in the same period also included Joomla , TYPO3 , Drupal , and Shopify .


Although the term web content management system ( WCMS for short ) would have to be spoken precisely in technical terms, the more global term CMS is used in widespread parlance for systems or modules that are used exclusively for creating websites . Desktop CMS do this on a local computer with subsequent upload, other systems directly on a delivering web server.

To distinguish it from systems with content used offline, the above systems are also referred to as WCMS . This shows the difference to those systems in the publishing sector, for example , which serve other output media in addition to the web, such as print or radio. Web content management can also be seen as a component in enterprise content management .


Content management systems have to do the following, for example:

  • Possibility to assign different roles and responsibilities to different users and content categories / types.
  • Identify the potential users and their roles
  • Definition of the manufacturing processes as a workflow
  • Ability to send messages (e.g. by email ) to those responsible as soon as something changes in the content of certain documents
  • Keeping track of and managing different versions of a document
  • Semantic ordering of the content
  • Publishing the content in a repository (e.g. a database ).
  • Export of the content to or import from another work environment .


The main task of a CMS is the administration and target group-oriented as well as barrier-free presentation of text or multimedia content for web browsers on different devices. Technically, content management systems separate the presentation with skins from the data sources. In addition to the display on personal computers, the smaller formats and different operating options of smartphones and other alternative devices must also be taken into account. Content management systems use skins in responsive web design or offer a dedicated mobile website . In addition, content should be easy to print with a print version .

In addition to the main content of a page, other content is included, such as B.

In addition to displaying individual content, the CMS automatically offers alternative content aggregation:

  • Groupings to categories,
  • temporal changes and newly created content,
  • machine-readable output of content for web feeds (e.g. Atom , RSS ), microformats or programming interfaces for integration into other services (e.g. as JSON ),
  • similar content that may be of interest to the reader as well

Thanks to the integrated content life cycle management, content can be automatically published or archived for a limited period of time.

Integrated search engines also enable the user to search the contents of a website. These search engines are either already integrated in the software or are integrated as external services. OpenSearch also allows access to the search function from outside the website. These possibilities are not to be confused with those of so-called meta search engines .


The creation and editing of content is usually done via an online word processing module (so-called inline editing or in place editing) or files directly on the web host; older systems still offer separate client software for processing.

Backend of WordPress 3.3 in 2012

With online word processing, either a separate backend is offered or authorized persons can edit directly in the display. Depending on the level of knowledge of the editor or the scope of the content management system, the text is entered either using a WYSIWYG or a text editor. Content can be stored in a simplified mark-up language ( e.g. Markdown ) or pure HTML . To see the content in its final version, a preview function is usually offered. In addition, assistants for the dynamic integration of hyperlinks , computer graphics and other elements are offered.

With an integrated version management, the creation process is archived and logged at the same time . Certain versions can be restored in the event of an error .


In order to prevent unauthorized changes and to be able to understand changes, editors must authenticate and are assigned user roles based on an authorization concept . Users are usually differentiated hierarchically, for example certain editors can create articles, but must be activated by administrators. A vertical role system then allows certain user groups to work only in certain areas (e.g. department). This role and rights structure can map simple releases according to the four-eyes principle or complex workflows . Several people with different tasks can participate in such workflows, e.g. B. Authors, editors and webmasters who create, approve or activate content. Here one speaks of editorial systems .

User interaction

Especially social media websites, such as B. blogs are characterized by the possibility of content integration of the user. Users can leave entries in guest books , comments on special content or set external trackbacks . With user-generated content to user interaction and content creation mix.

In addition to user-friendliness , functions for user interaction must above all be effective against search engine spamming . This is mainly achieved with captchas , nofollow and DNS-based blackhole lists .

Technical functions

In cooperation with the web server , CMS can also partially take on tasks of transmission and URL structure. In particular, redirects , clean URLs and permalinks are configured in the CMS. Error pages ( 404 ) can also be delivered by a CMS.

Multiple independent websites can be operated through multi- client capability .

In order to be able to expand the CMS as individually as possible, plug-ins are usually offered.

If other more complex functions are mapped, one speaks of a web application .


Content management systems are largely platform-independent since they are written in scripting languages . All common scripting languages ​​such as PHP , Ruby , Perl , Python or JavaScript are supported by the most common web servers (Apache, IIS, nginx). ASP.NET also requires the .NET Framework or mono as a runtime environment . The actual content is often stored in databases , as these allow faster access and provide database indexes for categories, lists and feeds. Smaller CMS can also save content in text files. MySQL as a database is supported by practically all CMS, but PostgreSQL or Microsoft SQL Server are also often used. Content management systems link the stored content with format templates and transfer them to the delivering web server . In terms of software architecture, the Model View Controller design pattern is mostly used . Due to the close connection and dependency between these software elements, they are usually installed together. There are bundles LAMP for open source CMS and XAMPP for development environments . CMS physically run on hosts , which are offered by hosters as web hosting or as an application service . Open source CMS in particular do not try to offer all possible or desired functions natively, but rather to enable the integration of plug-ins through server-side hooks and client-side standard libraries (e.g. jQuery ).

Content management framework

A content management framework (CMF) is a framework for developing content management systems. Within the framework (= regulatory framework) there are software components such as access protection, a database interface, a template engine or various search functionalities. Most of the CMF are mapped using scripting languages ​​and are mainly used to develop network-based content management systems.

Examples of content management frameworks are ProcessWire , SilverStripe , Apache Cocoon , BlueWonder, DbXwebApp, Drupal , eZ Publish , Midgard , MODX , Nuxeo EP , Orchard , TYPO3 , Zikula and Zope .


The widespread use of CMS on the Internet on the one hand and the multitude of functions and the associated complexity mean that security gaps are constantly being uncovered. Many of them are registered as Common Vulnerabilities and Exposures : In the years 2002–2015 143 holes were found in Drupal, 179 in TYPO3, 170 in Joomla! and 205 registered in Wordpress. These often serve as a gateway during hacker attacks .

In 2013 the BSI carried out a security study of the Drupal, Joomla !, Plone, TYPO3 and WordPress systems. In addition to the security of the software, correct configuration and appropriate system management are also seen as important for safe operation. Different recommendations are given for four different usage scenarios.

"... the open source projects examined [have] demonstrably implemented a security process. The software has a product character with a published release plan, a transparent bug tracker, etc. "

"However, none of the systems examined can be operated 'as is', unobserved or by the inexperienced user."

"Scenario 1:" Private Event Site "[...] For this scenario, the recommendation is not to set up your own website, but to use a service from the now wide range of professional service providers."


Structure of a complex CMS

Dynamics and statics

CM systems differ in the type of delivery of the created pages to the user:

Fully dynamic systems

Fully dynamic systems dynamically generate the requested documents anew each time they are called, that is, templates and content are only interpreted or merged and output when they are called up. Advantages: The page is always "up to date"; a personalization for web users is very easy in general or even already exists. Disadvantages: The recalculation for every page delivery can lead to a delayed delivery of the pages under high load (e.g. high visitor rush) or, in the case of insufficient equipment / configuration of computing capacity in relation to the number of simultaneously served users, to server overload and, in extreme cases, to system downtime. One measure to reduce the load is caching .

Static systems

Static systems generate the individual websites from the templates and content as statically stored files in the file system or, if necessary, in a database. The end product is thus documents that are not interpreted in any way by server technology such as B. ASP, JSP or PHP need more and can therefore be output directly by the web server, which is reflected in the output speed. This has the advantage that even simpler web hosting products can be sufficient as a basis. The disadvantage may be that increased requirements due to greater complexity in connection with the desire for very short update cycles turn out to be unsuitable for such a system.

Purely static systems form the historical origin of the CMS, but - in this original form - are only rarely used.

Hybrid systems

Hybrid systems combine the advantages of static and fully dynamic page generation. Only the content that has to be generated dynamically from a database (e.g. news, search queries, personalized content or shop data) is read from the database at runtime. All other content that is not continuously changed (such as the page structure, navigation, but also certain texts and images) is static.

Semi-static systems

Semi-static systems generate the content so that it is static, but at the same time dynamic, i.e. In other words, all data is saved directly in statically generated files, which are then output immediately when called up. The dynamic content is generated when a code in the program language is incorporated into the file or individual data records are changed or newly created.

See also


  • Markus Nix et al. (Ed.): Web Content Management. Understand and choose a CMS . S&S Pockets, 2005, ISBN 3-935042-64-7 .
  • Jörg Dennis Krüger, Matthias Kopp: Managing Web Content. Professional use of content management system . Markt & Technik, 2002, ISBN 3-8272-6002-7 .
  • Stefan Mintert: Market overview Web-CMS: Indivisible . In: iX , August 2010, pp. 104-109. ( Link list )
  • Stefan Spörrer: Content Management Systems: Conceptual structure and practical example . Kölner Wissenschaftsverlag, 2009, ISBN 3-937404-74-0 .

Web links

Wiktionary: content management system  - explanations of meanings, word origins, synonyms, translations
Commons : content management systems  - collection of images, videos and audio files

Individual evidence

  1. a b Market share yearly trends for content management systems ,, reference date: January 1st; accessed on May 30, 2020.
  2. Usage of content management systems for websites
  3. The Right CMS , PC Magazin, published September 27, 2007, accessed September 8, 2016
  4. - ErrorDocument
  5. Drupal Drupal: CVE security vulnerabilities, versions and detailed reports. In: CVE, accessed March 25, 2016 .
  6. ^ Typo3: Products and vulnerabilities. In: CVE, accessed March 25, 2016 .
  7. Joomla Joomla: CVE security vulnerabilities, versions and detailed reports. In: CVE, accessed March 25, 2016 .
  8. Joomla Joomla !: CVE security vulnerabilities, versions and detailed reports. In: CVE, accessed March 25, 2016 .
  9. Wordpress Wordpress: CVE security vulnerabilities, versions and detailed reports. In: CVE, accessed March 25, 2016 .
  10. Linux Mint was hacked through WordPress - twice. heise Security, February 24, 2016, accessed on March 25, 2016 .
  11. Infected Joomla servers distribute TeslaCrypt blackmail Trojans. heise Security, February 22, 2016, accessed on March 25, 2016 .
  12. PHP developers wiki server hacked. heise Security, March 21, 2011, accessed on March 25, 2016 .
  13. Background to the break-in at the US security company. heise Security, February 16, 2011, accessed on March 25, 2016 .
  14. Security study of content management systems. Retrieved August 11, 2020 .
  15. BSI takes WordPress, Typo3 & Co. under the microscope. heise Security, June 21, 2013, accessed on March 25, 2016 .