Logo

Welcome to BlackBox Development!

BlackBox Development operates as a contractor to fulfill development needs, specializing in robust web applications.

For example, this site is not a WordPress site. This site is built with a custom CMS built with Laravel as its foundation.

We call it Laravel Launchpad. Still in its early stages, it is usable, but there are still many features we plan on implementing.

It is intended to be a base starting point for a CMS-controlled website that doesn’t use WordPress. The front-facing of the site will be able to have its own custom design and functionality while the admin has one primary job: manage content. No plugins. No extra features where the site administrator, whether tech savvy or not, can mess up the design or the build, while also beefing up some core aspects that WordPress still, in my opinion, hasn't gotten quite right.

If you are interested in using this base for a web application you are planning, please contact us and let's work something out!

Secure File Structure

Security Image

One of the greatest security flaws in WordPress is that the location where files are stored is outside the web root. Laravel, by default, stores all uploaded files above the web root. In fact, most of its files are above the web root, which helps maintain security in other ways, but right now we are focusing on file uploads. While Laravel allows you to create a symbolic link to the upload location, I don't recommend it. Launchpad provides access to files in its library through a Controller to act as a gateway. This helps prevent uploading PHP scripts to the upload directory and definitely blocks running such scripts, avoiding a common WordPress hack.

Admin Location

uncertain

Another security issue with WordPress is that the location of the admin login is well known. Laravel Launchpad will have this functionality built in. By default, it will be at a normal /admin location. However, this can be easily changed in Laravel’s configuration file to be whatever you want. So, when we launch, we can just say that the admin is at /pigeon, for example.

Code-Controlled Templates

Coding Image

Page templates are managed using a JSON file. Since template fields are not controlled in the database, there is less chance that it content errors will crop up without you realizing it before deploying. Also, if you need to make an adjustment to your templates, they will update once you deploy your updated code. You won't need to worry about updating database content to catch up with changes to your design. At some point, I would like to build a command to export your content and re-import it so that content can be easily updated from a staging location to your live location without having to wipe out your entire database.