One question we often hear people ask if they can update everything on their website. Our answer is yes but there's a bit of an asterisk with that and it has to do with security.
The more you open up a website through a web interface (a Content Management System), the more you risk with security. This is because you have to set the permissions of certain files and directories to be very open since someone using a website to update files on the server is the website user ("apache" user on most Linux servers) but the files are actually owned by the FTP user.
And then when we set up a CMS website, we think about what kind of users will be using the site and updating it. One nice thing about a CMS is that the templates it uses can be as restrictive as you want. So someone updating a page on a site can only mess up so much - there are boundaries and that's a good thing.
Alternatively, we can set up a CMS template so that people can update practically everything on it. It just depends on the user.
Keeping security in mind is vital. There may be situations where we say something can't be updated but there are definitely good reasons behind saying that. A website that's down or has been hacked doesn't do anyone any good. 🙂