Content Management is important

If you’re not a strong programmer, or don’t have a strong programmer working for you, your best route for a content management system is to just use one off the shelf. There are now tons of really good open source systems out there that can do just about everything. The only drawback with using pre-made over using a custom system, is that you won’t have as much control over the interface, specifically the backend. When I write a custom system, I draw from a basic framework that I have put together over the years, but customize the variables, database tables, and menu’s, so it’s specifically for only that site.
To make things easier for myself though (save time & money) I set all the variables at the top of each page. This way while each page stands alone, if they want to add/edit/remove a field, it can be added quickly and easily.

Security! This is a very important part of your cms. If it’s at all possible, I highly recommend never running this directly on a production server. This makes it harder for disreputable people to find it in the first place, leaving less room for brute force or other attacks.
This being said, if it’s going to be a well known site, you can protect your CMS in two ways, sometimes both. You can use the server (if it’s *nix use .htaccess) so that they can never even get to a login screen. Alternately you can use DB/server side scripting to protect your site. There are positives and drawbacks to both, so this decision should be made at the outset, as to what the security requirements will be.

BFN