Solved

Choosing a web platform

Posted on 2014-01-12
16
441 Views
Last Modified: 2016-03-20
I am trying to pick a set of tools for building web sites.  Please help me avoid spending a lot of time messing around with tools that won't work out.  Here are my relevant details:

1. My coding experience is mostly with Delphi (which, because it is amazingly similar in language and rules, allows me to work with C# quite easily).
2. I am not very familiar with HTML, CSS or JavaScript
3. I like the .NET MVC URL readability and I have no experience with code behind pages
4. I have Windows hosting at HostGator
5. I do not know php
6. I am good with databases but I've avoided SQL so far
7. I know a great deal about security technologies but I have little experience knowing all the doors I need to lock on a web site.  I need the sites to be secure by default so that I just focus on not creating security holes rather than doing an exhaustive security audit.

Here are some of the details of the various sites I need to build:

1. Most will require authentication
2. Some will require a shopping cart, credit cards, etc.
3. The sites will all need to look sharp and seem modern
4. The security of the sites will need to be solid because real spending gets triggered when a sale is made.

That's pretty much the essentials.  Here are some thoughts I've had in case the above is not clear or complete:

1: I like the fact that Joomla! let's me install a site with authentication and a cart yet I don't have to know HTML in order to get a gorgeous site. BUT, I don't like Joomla! because I don't know how to integrate my own code for custom logic (i.e. I comb the product database and put a list of items on a page based on identity or a query or a click).
2. I like code builders like Parallels Plesk CodeBuilder but I'm not sure how to integrate my own code, I am not sure it would end up secure without me bringing in an expert to close the holes and I won't get something as pretty as, say, Shape 5's Design Control Joomla! template.
3. I love the easy code integration is CMSes like Composite's C1 and I feel like I could manage identities well with it.  It does, however, seem like it will force me to become an HTML+CSS+Razor veteran.  I don't mind learning things and I do it fast BUT looking at the forums there makes me think that the veterans are always being forced to work around lots of little implementation issues that differ from the conceptual model.  Effectively, they have to become experts in the idiosyncrasies of the CMS.

Priorities:
1. End up with a site that works and I'm confident is secure
2. Minimize the learning curve. I know I have to do a lot of learning therefore I cannot do a lot more than necessary.
3. Avoid spending more than $2000 on tools, prefer free until sites have revenue
4. Access to freelancers who can save me when I get in over my head
5. Do not talk to me about Linux. I go way back with it but I am not going there.

So... what should I build my first site on? What should I invest my time and effort in learning?

Thank you.
0
Comment
Question by:Kenny Hopton
  • 6
  • 4
  • 3
  • +2
16 Comments
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 350 total points
Comment Utility
Wow, there is a lot to do.

1) Spend a day on webfundamentals http://www.codecademy.com/learn
Even if you don't wan to do a lot of coding, spending some time getting basic html, css under your belt is essential.   Learning a bit of javascript/jquery is helpful.  But get familiar with html and css.

2) Realize you are great at being technical.  This means you probably will not be such a hot designer.  For the front end, start with templates.  

3) Decide if you want a stand alone traditional site or CMS.  There is going to be a learning curve either way.  If your is going to be mostly ecommerce, don't reinvent the wheel here, there are other options.  

One option is http://www.opencart.com/.  It can run on your windows server if you have php installed and I believe it will work with mysql or mssql.  Even  if you don't  know php, this is fine, you are not programming the thing, just using it.  Being technical, it is easy to figure out.

If you go the cms route such as wordpress, there are plenty of options for plug ins and themes.  You can use sites like http://www.woothemes.com/woocommerce/ with your wordpress.  You can also use opencart in a different folder or subdomain for that matter.

If you really don't want to get up to speed coding html and go right away, consider an all in one solution like http://www.squarespace.com/ or http://wix.com or http://www.weebly.com/.  These 3 sites do all of your handholding.  All you need to do is add content and there are themes ready to go.  They all have ecommerce available.

>I like code builders like Parallels Plesk CodeBuilder
Stay far away

4) It is good that you understand security.  When it comes to ecommerce, you will not be storing any customer data.  You only capture name, address, items purchased etc.  The CC number will go to your 3rd party gateway/merchant account.  A popular gateway is http://www.authorize.net/ but it will primarily be up to your merchant account as which gateway you can work with.  When searching merchant accounts, it is good to make sure the can work through authorize.net as integrations for them are already baked in to most shopping carts.  There are plenty of others too.  I have a lot of answers here on ecommerce, carts and payments http://www.experts-exchange.com/Microsoft/Development/Q_28177597.html#a39305140

If you use wordpress, your biggest security threat will be in your ability to upgrade WP and now the newest version upgrades itself. Make sure plug ins are always updated as they are the number one reason for hack attacks.  Research the plug ins as well.  Look at the changelog and notice if the last time it was updated was 2009 or Jan 2014.

Overall, I think you should take look at squarespace or wix as a hosted solution to get you up and running the fastest.  

My 2nd choice is going with open cart.  There are plenty of cart systems out there where you pay a monthly fee; http://www.volusion.com/,  http://www.shopify.com/ and http://www.3dcart.com/ are also options for paid.  They all have themes/templates and also will happily take your money for custom design.   If you take  a look at the layouts vs opencart, you will see the visual experience can be similar.

There are open cart themes too.

I am sure there will be a lot more input on this.  If you like something you heard or not, please feel free to comment.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
Comment Utility
If you are going to be taking credit cards and doing financial transactions, you will be Required to do periodic security audits.  If you fail them, credit card processors will stop doing business with you.  And you have to hire an approved auditing service to do it.
0
 

Author Comment

by:Kenny Hopton
Comment Utility
To Scott -

Thanks for the thoughtful response.  Some specific comments:

"get familiar with html and css"
I have done some online tutorials and understand the syntax and most of the tags.  I get through most things but it takes longer than it would for someone who has ingrained familiarity. I know I have to develop that but I guess that will happen as I build and maintain these sites.

"start with templates"
I completely want to do this. It minimizes the html/css-intensive part of the work and all that mobile/responsive expertise.  I feel, however, that this kinda disqualifies everything except WP, Joomla! and Drupal.  C1 and other .NET CMSes seem to have a dearth of templates and focus on "customized websites and content." If I had the html/css expertise, I might be able to cook up something nice looking to use with C1 but that extends my schedule to put on that expertise.

"Prallels Plesk CodeBuilder                     Stay far away"
I tried Weebly and like it but it is Linux-only.  I have Plesk because of HostGator. I've not used it enough to discover the reason to run away but I am not married to it.  You've provided a lot of leads around builders and carts and payments so it will take me some time to run them down so that I know how to utilize your advice.

The thing that jumps out at me reading this is "are there builders (meaning Weebly competitors) that run on Windows, allow me to ring fence content for logged-in users and which allows me to somehow drop my own logic in?"  I'll start my reading with the ones you mentioned.

Again, I greatly appreciate your sharing this knowledge with me.
0
 

Author Comment

by:Kenny Hopton
Comment Utility
To Dave -

Your information about mandatory audits is very helpful, thanks.  Have you had an experience that taught you that transactions should be done off-site by a third-party? Or is it reasonable to integrate a cart into my site and just deal with the audit requirements as they come?

I am happy to learn from people like you who know the trade-offs and know how to avoid hassles.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
Comment Utility
It does not matter what platform weebley, wix or squarespace use as you don't have direct access anyway.  They are cloud services that would either take the place of your hosting with hostgator or you would use them in tandem in a case where you wanted to have some of your own function run as a webservice of sorts.  

I would embrace the squarespace or wix.

One of the first things you should do is sketch out the process of what you are doing.  See if you can make a compromise to what you have planned vs what you can do out of the box.  It will be a matter of getting up and running in a week vs months.  

If you like having your own server, make it a subdomain.  Let's say you know how to run your own email program and you want to play with that.  Then tinker with that on  your hostgator account.  By the way check out http://mandrill.com/ and http://sendgrid.com/. I use them both but mandrill is free for the first 11,000 monthly emails if you don't get a dedicated IP.  The dedicated IP is $30 per month and will help keep you white listed.    You can also use mailchimp as well.

Getting out of your .NET comfort zone a little may allow the process to go faster.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
padas mentioned OpenCart and another one to look at is PrestaShop

Accepting credit cards directly on your site would be a no go for you - it requires a level of expertise well beyond basic knowledge of html - there are serious implications for mismanagement of this.  Stick with PayPal, Moneybookers etc, check out the list here
http://www.searchenginejournal.com/top-12-alternatives-paypal/70297/
Some of them offer a transparent payment methodology (like Moneybookers and Stripe) so it doesn't look like the visitor is leaving your site.  And this moves the PCI compliance away from you.

Most of the popular shopping carts have a rake of plugins available, chances are if you want something then someone has already written it.
And if no one has written it they usually have several companies they will recommend for ad hoc programming.

Sticking with shared hosting will take care of security holes in regards to hosting.
Do not use Wordpress.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
Comment Utility
If you are on a fully managed site like wix/squarespace, they should already have the PCI compliance taken care of as far as the quarterly scans go.   If you have your own dedicated box, you will need to do quarterly scans.  The merchant provider will either take care of this for you or in some cases insist on somebody like www.controlscan.com.  

This is not something to worry about at this stage unless you are going to use dedicated hosting and have some old programs that are out of date on your server.  

Part of this depends on how you integrate your payment processing. If you temporarily send the customer to the processors site (like paypal) the pci compliance is on their end. If you accept the card data and it transfers through your server, then it is on you as well.
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
Moneybookers is now Skrill
(Their old name just keeps sticking in my memory)
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:Kenny Hopton
Comment Utility
I will definitely want to have the cart and IPC be external but look local.

Cathal, I actually came across that list when I was trying to familiarize myself with the basics and thought Stripe looked like the most attractive.  It sounds like they might be able to achieve the above.  Thanks.
0
 

Author Comment

by:Kenny Hopton
Comment Utility
Scott, I looked at Wix and found a knowledgebase note that shows that I could add a user login for controlling content access.  I couldn't find something that directly addresses that issue at squarespace but they mention that you cannot add an SSL cert to your site so perhaps that is their way of denying user logins.

I understand that Wix and others self-host and in that regard are agnostic to my hosting. The interface is shifted from the OS API to the wire API but I guess I can still create the appearance I want. I agree that a builder like Wix could save me a ton of time and work and I'm practical enough to go there.

I do have to create some custom logic and the means by which I could use a Wix-based user identity to filter results from my custom logic is not looking obvious to me right now.  Some sort of mutually validated token scheme? Hmmmm....
0
 
LVL 58

Expert Comment

by:Gary
Comment Utility
One other thing...
You are saying no to Linux - problem is most of the good software (meh at free .net software) is written for PHP running on Linux and you tend to have jump thru hoops a bit to make it work as good on Windows (running PHP).
So don't rule it out - and the hosting costs are far cheaper...
Linux may seem harder to work with but soon you realise CLI is actually still a good thing (I would never go back to Windows hosting unless it was a .net project and then I would be convincing the third party against it...)
0
 
LVL 9

Assisted Solution

by:Rowby Goren
Rowby Goren earned 50 total points
Comment Utility
Hello  khopton,

If you decide to use Joomla...

I've only run Joomla on linux servers, but Joomla can run on a windows server per this link:  Jooml technical requirements

For security you would use admintools PRO version.  Admin tools pro

And to customize the visitors experience based on certain criteria (google search, etc), you would consider using the joomla extensions "Chameleon". Here's a link to Chameleonand this video  which describes Chameleon's capabilities.  Chameleon video #1  and Longer video on Chameleon

And for a shopping cart, Hikashop is pretty good!  Tons of plugins for customizing Hikashop hikashop on JED


Rowby
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 100 total points
Comment Utility
Here https://www.pcisecuritystandards.org/ is the website for the PCI Security Standards Council which was founded by "American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.".  They have written a set of Data Security Standards that you are expected to comply with.  They are actually fairly stringent which is why companies like Authorize.Net and Paypal take care of credit card transactions so you don't have to store credit card info on your servers.

Their standards cover not just the web site but also servers and computers in your office and the physical security that is required to limit access to private information.  In the process of setting up credit card processing, you have to agree to pay fines for any loss of credit card information.
0
 

Author Comment

by:Kenny Hopton
Comment Utility
Thanks rowby, the Chameleon extension is really powerful.

I can see that WiX is powerful enough to get me functional with a short learning curve.  That is a big deal to me.  Joomla! seems to offer me more impressive UI but at the expense of a bit more learning curve.

I think I'll try building my first site in WiX and see when and if I discover limits that would justify my shifting to Joomla!

Now I have to sort out the cart stuff from within WiX. Not sure where to start on that one.
0
 
LVL 52

Expert Comment

by:Scott Fell, EE MVE
Comment Utility
It is somewhat backed in http://www.wix.com/upgrade/ecommerce

I'm sure cathel can comment more on https://stripe.com/docs.  

Anytime you are posting to a 3rd party site, the ssl is required on their side.

Sounds like you have a good direction now.
0
 

Author Closing Comment

by:Kenny Hopton
Comment Utility
Thanks for the thoughtful advice.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now