What is Plone Hosting?
Plone is an open-source Content Management System (CMS). Characterized as powerful and flexible, it comes with excellent support and security. Plone is driven by the non-profit Plone Foundation, which strives to preserve the integrity of the CMS.
Why Use a CMS?
Websites use CMS applications to manage and update their content, and create pages that reflect their unique brand. Generally, the CMS is designed to enable users who are relatively unfamiliar with coding, such as HyperText Markup Language (HTML), yet fully capable of maintaining the content of the site. Common CMS features include content editors, revision control, Web-based publishing, format management, search, and retrieval. A CMS allows administration of a site without coding.
The versatile functionality of Plone drives it as an intranet and extranet server, portal server, and a groupware tool for remote collaboration. Installation takes just a few minutes with a click-and-run installer, and usability experts ensured the CMS would offer an aesthetically pleasing experience to content managers.
Further, Plone's interface is available in 40 languages, and multilingual management tools are also available. Plone is extensible, with many add-ons for new features and content types. More than 300 international developers provide technical support, and several companies also specialize in Plone development. Users are free to improve upon Plone without a license fee.
The backbone of the Plone system is the "Z Object Publishing Environment" (Zope) framework. This community driven project in the early 2000's became one of the first object structured web frameworks, and established Python as a major web language. Zope's attention to object technology allowed for data storage and retrieval methods, page templating and use of markup languages. This makes it easy to create content localization, which is one of the strong suites of Plone and has allowed for great international support.
What makes Plone competitive today is it's commitment to security, and it's foundation on Python. The National Vulnerability Database has registered over 18,000 vulnerabilities with PHP, but only 111 with Python. This corresponds to only 13 vulnerabilities ever detected in Plone, while PHP driven rivals often have several hundred.
Beyond just relying on the security of Python and Zope, Plone itself uses 10 key techniques for dealing with common vulnerabilities:
- Validated Input - all input data has it's type validated, which makes for zero compromise with unwanted injections.
- Code Level Access Control - based on the well proven ACL/roles based security of Zope, end-users never have access to view or change security settings. This means developers set privileges in code, which protects against user misconduct.
- Authentication & Session Confirmation - The encryption techniques used when confirming a user login uses a hashed secret that is reflected in each session, and this secret can be refreshed at regular intervals to ensure extra security.
- Avoids Cross-Site Scripting - Inserted content is stripped of malicious tags which can prevent a third party from impersonating the HTTP POST requests, using the secure session key to confirm privileges.
- Buffer Overflow - Python does not have issues with buffer overflow, which is more common for lower level languages.
- Injection Protection - These are common for SQL database driven CMS systems. Plone does not use SQL by default. However, when configuring SQL connectors, injection is neutralized by the connector.
- Error Handling - Almost all errors are logged on the server logs rather than on the client DOM. The client still is provided with error log entries though, making debugging possible.
- Secure Storage - the cryptographic methods used by Plone have been tested by public use for years, which include HMAC-SHA-1 and other deeper methods.
- Denial of Service Prevention - putting Plone behind a caching proxy like Squid, Varnish, Apache or IIS makes for more available content distribution, which makes it more difficult to overload on requests.
- Configuration Management - Plone is very secure as soon as it is installed, there is no additional configuration needed to make the site function in a more protected way. The security is just ready to go!
Who is Using Plone?
With such a proven track record in security, Plone is one of the ideal candidates for government agencies and high profile institutions. Here is just a few of the groups using Plone:
- Amnesty International
- Brazilian Government
- Discover Magazine
- NASA Science
- The Free Software Foundation
- University of Wisconsin Oshkosh
- Yale University
- NRAO - National Radio Astronomy Observatory
Alternatives & Hosting Considerations
What sets Plone apart from other CMS platforms? Why should I use it?
What sets Plone apart from the competition is how secure it is. Plone requires more developer involvement than other frameworks, but the benefit is that less time will need to be spent fixing or updating software to patch emerging vulnerabilities.
- Django-CMS - Python based with the Django stack, it is easy to integrate with other Django Apps, but that makes security more challenging.
- Wordpress - PHP based, one of the most popular in the world. It has a vast plugin and theme marketplace, but it also one of the most targeted for malicious behavior.
- Joomla - also a PHP driven CMS, Joomla has an emphasis on e-commerce and business application.
- Drupal - a popular CMS with deep customization through it's "Modules" repository - which can deeply customize the function of the platform.
Ultimately, Plone is great for groups and agencies who want a low maintenance site solution with deep security precautions. While it does have a few hundred powerful add-ons, the extension market is much smaller than other CMS platforms which have thousands of plugins. Using Plone might take more initial work to customize, but has long term payoff from added security and a strong open source support community.
What is needed or recommended for hosting?
Numerous hosting companies are ready to support your use of Plone, whose website features a list of potential providers. If you choose not to go with a Plone consulting shop, a hosting provider with plans that feature Virtual Private Servers (VPS), dedicated hosting, or cloud hosting is recommended.
Any provider with support for Ubuntu 11.04 or above is recommended, especially providers with dedicated machine images pre-configured and optimized for the Zope platform.
Here's What Your Plone Hosting Needs To Offer
A private hosting environment with SSH and root access to the server are required for a Plone installation. A suitable server can be running virtually any OS, but a minimum of 2GB of RAM, and 40GB of disc space are recommended. Not all hosts are suitable for hosting a Plone installation, as a matter of fact most of the big-name shared hosting providers aren’t candidates. In our experience, BlueHost is a provider worth taking a serious look at.