I need to give client 6 reasons to choose Kirby

I’m guessing this conversation crops up a lot when talking with potential clients – “why are you suggesting Kirby CMS, when I’ve heard of WordPress?”.

If we need to give six good reasons why the client should use Kirby, what are they? (This is obviously different from why a web designer would use Kirby.)

I’ve had a look around, and come up with the following pros for clients:

• Security. Wordpress being so popular is targeting by hackers.
• Kirby can do most things without the need for plugins and having to keep them up-to-date and secure.
• The admin Panel is bespoke to them and their site and is intuitive to use.
• Their site is bespoke to them, unlike Wordpress sites which are often template based.
• Speed. Kirby sites are fast to load, so good for visitors and SEO.
• Paid for software is reassuring and great support.

Sound about right? Have I missed anything?

We have a special page with more reasons for clients:

3 Likes

Yes, I think that are some main points.

While this is true, that argument alone is probably not convincing. We care a lot about security, and Kirby has been professionally penetration tested by clients. When we learn about security issues, we fix them as fast as possible. See also Security Policy | Kirby CMS

Modern code base that doesn’t have to stick with support for outdated PHP versions.

From this page Security | Kirby CMS I understand that Kirby needs to be kept up to date.

Would I / the client be notified of updates, or is it a case of manually looking for updates? Where do I look for updates?

On average are we talking every few weeks, months, years? I have no idea.

I guess there isn’t a way for Kirby to update itself automatically / we wouldn’t want this to happen in case the site breaks?

I assume most clients will need to have an on-going maintenance and security contract with a developer to ensure the security updates are done?

Would I / the client be notified of updates, or is it a case of manually looking for updates? Where do I look for updates?

As far as I know there’s now way to get a notification. But it might not be a bad idea as a future option.

On average are we talking every few weeks, months, years? I have no idea.

You can check the past release cycle here: Releases · getkirby/kirby · GitHub
I think I read somewhere that biweekly releases are aimed at.

I guess there isn’t a way for Kirby to update itself automatically / we wouldn’t want this to happen in case the site breaks?

No, Kirby has no autoupdater.

I assume most clients will need to have an on-going maintenance and security contract with a developer to ensure the security updates are done?

That’s the best way in my opinion. For small sites which are not updated frequently you can also disable the panel completely for even more security.

You can check the past release cycle here: Releases · getkirby/kirby · GitHub
I think I read somewhere that biweekly releases are aimed at.

Yikes, so I’d have to visit this GitHub page every two weeks just in case there is an update and if there is, update Kirby? That sounds very onerous. Could I just update Kirby if there is a security patch / fix? What do other developers do?

So we’re not notified by Kirby of a security fix?

Where do I download the latest version from? The GitHub page (I have no idea what GitHub is and I’ve never read a clear explanation of what it is), or the Kirby website?

There aren’t bi-weekly security updates. See the security page for how often this actually happened in the past.

And not all security fixes actually affect everyone.

So in practise I’d need to check every couple of weeks for security updates (because we don’t get notified of security updates)?

And we only need to update Kirby if and when there is a security update (the other updates we could choose to ignore as I don’t fancy having to update my Kirby websites every couple of weeks)?

You can subscribe to the releases.rss feed to get informed about new releases automatically. We also inform here, on Twitter, LinkedIn, Discord, Insta and Kosmos newsletter.

1 Like

Okay, that’s good to know

Do developers update their Kirby every couple of weeks? Or is it okay to only update when there is a security update? Or will that lead to problems? What do other developers do?

While I don’t know what the majority does, I do know that there are many installations out there that don’t get updated regularly or at all. Keep in mind that many projects are one-time developments with no maintenance contracts in place.

And regarding the security updates: Many of these incidents don’t affect all users. Like when you have only one admin who is also the owner of the site, then some security issues are not overly relevant.

I don’t think we had many hacked sites over the years and if there were some, they were usually due to user inflicted stuff like using FTP and weak passwords. Or a Wordpress installation in the same root folder that got hacked.

Having said that, it nevertheless makes sense to update the installation when your client pays for maintenance. It also makes it easier to keep track of necessary changes over time.

We have some sites who receive updates regularly, other sites are still on older versions.
Depends on the client, the website and the budget.

It might also depend on if and which plugins you use. Some of them might not be regularly updated and could break (but that’s a general problem, not only Kirby related).

To be honest: I would rather have an outdated Kirby page than an outdated Wordpress installation. That’s for sure.

1 Like

:100:

1 Like

I update Kirby as soon as an update/security patch becomes available.

However, compared with something like WordPress, security patches/updates for Kirby are fairly rare. I think the lack of database makes Kirby inherently less vunerable and much more stable.

We have plans to integrate an update check into the Panel. You will be able to configure it to just check for security updates. There won’t be automatic updates though, only a notification in the System view in the Panel.

Absolutely. If the site works as expected and is not affected by any bugs and if you don’t need any of the new features of the newer versions, you can certainly stay on older Kirby versions. For security releases (which we had a total of six of in the last 3.5 years!) it makes sense to at least check if your sites are affected. As Sonja wrote, many security fixes are only necessary in certain use cases/circumstances. We describe those in detail in the security advisories of our security releases. If you are not affected, you can safely skip these updates as well.