This article covers a Hippo CMS version 11. There's an updated version available that covers our most recent release.

Quick Wins

The following quick wins are easy to implement and benefit usability, performance, maintainability, security, etc.

  • Use Open Document and Edit Menu buttons in your page components to enable easy editing from within the Channel Manager.

  • Lets (admin) users insert an HTML snippet into a page template, for example in a header or footer component. This is useful for Google Analytics, temporary surveys, etc. However, make sure to implement a content security policy to prevent security exploits through the HTML snippet!

  • When you check in new hst:pages, hst:components or hst:configurations, make sure to sort their child nodes alphabetically.

  • Optimize SEO value using the  SitemapSEO Support, and Robots.txt plugins.

  • Make sure that all feedback to the end-user (form feedback, error messages, subscribe mail etc.) is configurable via the CMS or console.

  • Make sure components that make calls to external systems are loaded synchronously so they don't block page loading.

  • Correctly configure the delivery tier users and set up the required permissions for polls, form data, etc. NEVER use admin/admin for the site.

  • Check all input boxes for XSS and don't allow (all) wildcards in search. For example "e" will crash your site with an OOME.

  • Page not found (a.k.a. "404") pages MUST return a 404 HTTP status code (not 200 (ok) or 500 (error)).

  • All pages and CSS should be W3C valid.

  • Use and/or extend the standard delivery tier components as much as possible. They are based on best practices and optimized for performance.

  • Use setLimit for HstQuery equal to pageSize. Use HstQueryResult#getTotalSize() and HstQuery#setOffset(int) for paging.

  • Make smart use of logging in debug level.