I have been building a Kirby website for a client; now a request came from their side that they want a fully managed hosting solution — basically, they don’t want to have anything to do with maintenance or updates to the relatively simple website. Is there such a solution out there for Kirby?
(I’m imagining a package that automatically updates the latest releases and security patches for the website, as well as for the PHP/server environment.)
No, there is no official managed Kirby hosting. But some devs here offer that to their clients. IMO, that would only make sense if you manage a VPS yourself and offer managed hosting as part of the deal.
Where are you planning to host it? If you put it somewhere like Fortrabbit, that would take away the server maintenance, since they manage that. It is not the same as shared hosting, it’s pretty close to having a VPS. Then it’s just a case of updating Kirby occasionally as you see fit, which you could probably automate. They have both composer and git installed.
Alternatively, I do have a UK based VPS that I host select clients on, and I manage that side of things for them. I charge annually for that. If you want to discuss this, feel free to send me a DM.
Is there a need for this at all? Of course you can update Kirby 3 but there is no need at all if the site works fine with the currently used version and there was like rarely ever any case of a security issue (I just found one case in the forum) so it’s not a must have like with WordPress or Drupal. If you don’t want to earn money with this (and have more work for nothing), you should suggest your client that it’s not needed and explain the reason for it.
If I’m wrong (which could be likely!) please tell me.
Thanks for your replies! Yes indeed, I explained about the low risk because it’s a more stable environment; however, they are being a bit ‘absolute’ and want verifiable, guaranteed stability; thinking in terms of SLAs rather than talking in ‘probably’ and ‘maybe’. And when I look at the Security part of the guide (https://getkirby.com/docs/guide/security), it does state that (of course) to guarantee security as much as possible, Kirby always needs to be up-to-date.
So the only solution I see here is hosting via a managed PHP environment, as @jimbobrjames suggested, and then working with some Kirby developer that periodically logs in and updates the Kirby environment… but I would be curious if more people have this issue, I can imagine that a fully managed Kirby hosting environment can be quite a useful package for more enterprise-oriented clients…
Which is too simple said to be correct. You can be at more risk if you update, especially if your current version has no known security risk (which you would be told about by the Kirby devs) and older versions get less attention, especially if it’s unknown which version you run.
This is a problem because new updates introduce new bugs or incompatibilities. If you update your site, you have to test it. This is nothing a third party can do properly (or will do properly). If you provide this in a productive usage scenario with SLAs quality, this is for sure “not just updating” but quite an afford like with any other update process in IT systems. That’s why I moved from CMS’ where I have to update frequently to a more stable CMS.
That is something you would have to take up with Bastian — again, I’m currently going on the recommendation in the Kirby guide to always update to the latest version, for best security.
Yes, that is generally recommended. However, we never recommend to simply update a production server without making sure in dev/staging that the new version works with your code, your plugins etc. So you would need someone who you can really trust with checking this responsibly. That is exactly the reason why we have never implemented automatic updates like the ones you get with WP and the like.
Thanks for explaining/clarifying the original meaning of that; can we get this short additional info into the proper paragraph at https://getkirby.com/docs/guide/security#always-update-your-kirby-installation? I think way too many people take it too serious to “always update” without proper prechecks or checks if it’s a real improvement. This too short to be true wisdom is something that should die as a general internet rule - not only for CMS’ 
.