> But once you’re dealing with multiple users (tens or hundreds) it’s a different problem. How confident are you writing auth and password reset flows? How sure are you that the AI got it right? How solid is your approach to roles and permissions? Are you implementing 2FA? Supporting drafts, scheduled publishing, editorial workflows? Now you are also tech support writing the infrastructure as issues come in.

And that's only the start of where it gets complicated

- Ingesting data from 3rd party systems

- Translating content to other languages

- Front end user auth and preferences

- Personalized content

- A/B testing

- Multiple sites in the same CMS, sharing the same content

The list of things that add on to make a cms (and the sites it is used to create) more complicated is enormous.

I think the idea that every body are going to build their own SaaS product is likely wrong.

But that is also not the only was to have impact.

Whatbindo think happens is that everybody already building things will reduce or entirely remove their reliance on other SaaS tools.

So retool and other support products are likely dead.

The people who used these products are already more than capable of rolling Auth.

Yup, even without multiple users I took an open source speed reading app and quickly found myself a month deep in features just to expose it to multiple integrations for maximum accessibility. OAuth, MCP, CLI, API keys, secure and rate limited endpoints for content ingestion, parsing engine, a nice CI/CD pipeline that builds cross platform, a marketing site and it just kept going.

It was a test to see how much work was involved and what vibe coding felt like in one month. I plan on releasing it soon because I feel like it is the best speed reading app available but man it's a lot of work for even what seem like simple cases.

I'd be worried for anyone touching what I did if they did not have experience doing this.

>If you’re spinning up a personal CMS, great. Have fun, you’ll learn a lot. But once you’re dealing with multiple users (tens or hundreds) it’s a different problem.

Is it? Django was just a personal project that started as a CMS for a newspaper. And that's pre-AI, and pre tons of libraries handling all kinds of functionalty like 2FA to offload features to.

And the core backend design and functionality for a CMS is a stable target that hasn't changed in 3 decades, unlike with other software.

For my personal cms I'm using sveltia. But their oath page assumes the repo remote is also the IdP, this means my login button has a GitHub logo instead of Google logo. Now I had spare credits so I forked it. Next weekend I'm fixing their weird support for asset management in R2 buckets.

Agreed, the type of person who can say "I'll just build my own CMS" is not usually the type of person spending a significant portion of their job time using a CMS.

And you might say, well if they're somewhat technical (which is much more likely, think about eg technical writers or product managers or marketing teams) they can use AI to add more features. But when you actually have something at stake security-wise, that means you need to either put them on rails with something much more prescriptive (a "trad-CMS" lmao) or spend a bunch of time reviewing/fixing their code (which, since they're not the same kind of person as you, may not even be something they have any interest in doing, and kind of just gets in the way of them getting their message out on your site as intended).

That said, I think most tech companies will still roll their own internal tools to do this rather than buy it off the shelf, just because buying it through a vendor and fully setting up in a way that's secure and integrated with your business processes involves more work than rolling it yourself, and has a lot of ways it can go wrong.

IMO what you really want is some kind of FOSS CMS that works really well off-the-shelf for a small team, and has a strong ecosystem of integrations to add on SSO and visual editors and stuff like that as you grow, where you can also probably just hire someone to do that part since that would probably coincide with your business getting too busy for spending your time on an internal CMS to be the most effective use of your time. Which is literally wordpress.

It's just that wordpress is a death-by-a-thousand-cuts of mediocre quality/over-complicated stuff, and the core technology has some bad abstractions/shows its age, and that emanates out into everything else it touches. Also, while it's true that a static site is much better for most people, SOMEONE has to actually run a web-server for those files, and that does actually cost money to provide, so I've softened my thoughts on Wordpress doing that. It's not actually free for Cloudflare to do that for you, it's just a loss leader they can afford to give away because they have economies of scale and privileged access to the Internet.

> But once you’re dealing with...

All of this is spot on!

> FTA: One that’s superior to the admin panel of WordPress or Drupal?

When you get to that multi person team, has any one asked them if they LIKE the CMS they are using? Because I assure you that they appreciate the functionality but it isnt a tool that any one is happy about using.

Usable and Usability are NOT the same thing, it is a lesson that was lost in the dot com bubble burst, that we might need to get back to.