Plone Hosting In 2020: Who Does The Best Job? Read The Verdict

Disclosure: Your support helps keep the site running! We earn a referral fee for some of the services we recommend on this page. Learn more

by Tom Riecken

Last updated: August 16, 2019

What is Plone Hosting?

Plone is an open-source Content Management System (CMS). Characterized as powerful and flexible, it comes with excellent support and security. Plone is driven by the non-profit Plone Foundation, which strives to preserve the integrity of the CMS.

Why Use a CMS?

Websites use CMS applications to manage and update their content, and create pages that reflect their unique brand. Generally, the CMS is designed to enable users who are relatively unfamiliar with coding, such as HyperText Markup Language (HTML), yet fully capable of maintaining the content of the site. Common CMS features include content editors, revision control, Web-based publishing, format management, search, and retrieval. A CMS allows administration of a site without coding.

About Plone

The versatile functionality of Plone drives it as an intranet and extranet server, portal server, and a groupware tool for remote collaboration. Installation takes just a few minutes with a click-and-run installer, and usability experts ensured the CMS would offer an aesthetically pleasing experience to content managers.

Further, Plone’s interface is available in 40 languages, and multilingual management tools are also available. Plone is extensible, with many add-ons for new features and content types. More than 300 international developers provide technical support, and several companies also specialize in Plone development. Users are free to improve upon Plone without a license fee.

Technical Overview

The backbone of the Plone system is the “Z Object Publishing Environment” (Zope) framework. This community driven project in the early 2000’s became one of the first object structured web frameworks, and established Python as a major web language. Zope’s attention to object technology allowed for data storage and retrieval methods, page templating and use of markup languages. This makes it easy to create content localization, which is one of the strong suites of Plone and has allowed for great international support.

What makes Plone competitive today is it’s commitment to security, and it’s foundation on Python. The National Vulnerability Database has registered over 18,000 vulnerabilities with PHP, but only 111 with Python. This corresponds to only 13 vulnerabilities ever detected in Plone, while PHP driven rivals often have several hundred.

Security Measures

Beyond just relying on the security of Python and Zope, Plone itself uses 10 key techniques for dealing with common vulnerabilities:

• Validated Input – all input data has it’s type validated, which makes for zero compromise with unwanted injections.
• Code Level Access Control – based on the well proven ACL/roles based security of Zope, end-users never have access to view or change security settings. This means developers set privileges in code, which protects against user misconduct.
• Authentication & Session Confirmation – The encryption techniques used when confirming a user login uses a hashed secret that is reflected in each session, and this secret can be refreshed at regular intervals to ensure extra security.
• Avoids Cross-Site Scripting – Inserted content is stripped of malicious tags which can prevent a third party from impersonating the HTTP POST requests, using the secure session key to confirm privileges.
• Buffer Overflow – Python does not have issues with buffer overflow, which is more common for lower level languages.
• Injection Protection – These are common for SQL database driven CMS systems. Plone does not use SQL by default. However, when configuring SQL connectors, injection is neutralized by the connector.
• Error Handling – Almost all errors are logged on the server logs rather than on the client DOM. The client still is provided with error log entries though, making debugging possible.
• Secure Storage – the cryptographic methods used by Plone have been tested by public use for years, which include HMAC-SHA-1 and other deeper methods.
• Denial of Service Prevention – putting Plone behind a caching proxy like Squid, Varnish, Apache or IIS makes for more available content distribution, which makes it more difficult to overload on requests.
• Configuration Management – Plone is very secure as soon as it is installed, there is no additional configuration needed to make the site function in a more protected way. The security is just ready to go!

Who is Using Plone?

With such a proven track record in security, Plone is one of the ideal candidates for government agencies and high profile institutions. Here is just a few of the groups using Plone:

• FBI
• Amnesty International
• Brazilian Government
• Discover Magazine
• NASA Science
• Nokia
• The Free Software Foundation
• University of Wisconsin Oshkosh
• Yale University
• NRAO – National Radio Astronomy Observatory