Why you shouldn't trust your clients to install plugins and why it's worth to learn Kirby

There’s no way on earth id let a client install a plugin! That’s just asking for trouble!

Which is an interesting commentary on the status of Kirby. Definitely not ready for the ‘masses’ unless they just want a plain, basic DIY site. In WordPress it is assumed that clients will install plugins left and right.

I don’t think so. Wordpress might assume that clients do install plugins but the question is if anybody should be allowed to do that.

1 Like

I think the problem is that “the masses” in Kirby case means, masses of developers (or at least people with some knowledge of web development) not masses of people who have no idea what a site is (like most of the clients in my experience).

Also, the fact that in WordPress a client CAN install plugins doesn’t necessarily means that it should nor that is a good thing.

1 Like

And one more thing: Most plugins do not make sense if you have no idea of how to modify a controller or template. If you add an additional field plugin, for example, you have to include it in the right blueprint for it to appear in the Panel page form. Then, to output the contents of the field, you have to echo the field in your template. What good would come from letting a user (in the sense of editor) install such a plugin? This gets even worse if the user/editor would be allowed to uninstall a plugin. A broken site will most likely be the result.

But comparing Kirby to Wordpress does not make sense anyway. The whole philosophy is completely different.


I couldn’t disagree with that statement more. A Wordpress site I built in the past was taken over by vast waves of malicious content injected because of a flaw in a poorly written plugin that a client had installed. Still, I got paid to fix it so not all bad, apart from the site being down for a couple of hours and loss of business.

As @texnixe says… you cant compare the two systems. Kirby is for crafters… Wordpress, for the most part, and in my opinion, is for template hackers and lazy dev’s who install plugins instead of doing some work.

An easier system for installing plugins and themes in Kirby would be welcome and a potential time saver - but that should be down to me as a developer to use. There is no way I would give clients the ability to install plugins again, in any content management system.

I agree in that Kirby seems designed for devs while WP is/was designed for end-users. At least originally.

For comparison - I’ve installed hundreds of WP sites for clients. I expected most of them to install various themes and/or plugins. If the plugin or theme was coded well, it mostly didn’t break things. The users expect that. It’s also a good path to becoming a front-end developer, as eventually something will break or need troubleshooting. Next thing ya know you’re noodling around with PHP scripts…

If Kirby isn’t going down that path, then yeah - 99% of the installs will be from devs.

One reason I’m not on WordPress any more (myself) is the time requirements. Updates galore, breaks and fixes, tweaks, security, backups. A typical scenario would be a client who had hired a dev who installed a Themeforest theme which included every known plugin on the planet. A vulnerability would be discovered in a plugin and would be patched, but the theme dev would not update it, nor would any client get a notification of an update. Site hacked. Multiply times thousands and thousands. That type of infrastructure/setup started to get really, really tiresome after awhile, money or no.

So you can imagine my reaction when my current employer revamped their site and had a local firm charge them through the nose for a site which they threw together using WordPress and a ThemeForest theme. The devs were probably from fiverr (slight exaggeration). Now I put together how-to PDF files explaining to non-devs how to copy/paste raw HTML for every page edit, even though there is a massive page-builder plugin. The cut and paste is inside the page builder. Thirteen more days and I am out of here. That is what I keep telling myself.

I am still wrapping my mind around Kirby, but I do agree that for me, as a simple site owner (no more dev work for me - retired!) I value having certain functions in plugin form. I love drag and drop and automation. So I love the plugin installer. There, I said it. :slight_smile:


Agreed. Wordpress is far too brittle and that gung-ho attitude they have with plugins is just silly :slight_smile:

But seriously… is it that hard to install a plugin via git submodules or Kirby CLI? Got easy updating built right in.

Theres only 2 or 3 plugins and fields I use on average anyway so I have a boilerplate theme with all the plugins configured in a git repo. I just clone that out when i start a new site.

define ‘easy’ :wink:

Of course I installed this plugin using Kirby CLI. But I generally don’t like git. I don’t use it enough to remember all the steps so I’m constantly unsure if I’m doing it right. I generally just use it to clone things then drop it. And I’ve never tried submodules either. Maybe, someday.

I hope to dig into blueprints and such soon, just to tinker with fields and get my brain wrapped around all that. Either that or get a better CLI workflow going so I’m not so dependent on the panel…

Stick with it :slight_smile: Kirby is awesome after a couple of days of pain. Start out with Plainkit and build up to you have something workable. I can’t share my own setup to give you a hand unfortunately.

I went from a brief period with Wordpress before quickly falling out of love with it, then Drupal made me cry, then i went with Textpattern for years, then moved to mainly Kirby. Theres always a learning curve with anything. Just hang in there and in a day or two you will get the AH HA! moment.

1 Like

Recommend you look into Global Field Defintions. Very useful.

And you can ask anything here…

1 Like

My word… thats the best topic title in the world :slight_smile: love it @texnixe


I have to say I don’t like the idea behind the Plugin Installer that Jens made. I really like how Kirby forces you to make deliberate decisions when it comes to plugins. You actually have to browse Github and look at the code before you decide if you want to use it or not. In Wordpress all you have to do is go to the admin panel, search for ‘embed’ on the plugin tab and install the one with the most stars. If that doesn’t work you try the next, until something does. It’s a broken system where the dev isn’t making a researched choice.

All we have to do is add search and a rating system to this installer plugin (which may sound like nice features) and we’re already in the same alley Wordpress plugins are.

1 Like

I’d personally disable anything that was allowing plugins to be installed. Stripping/cleaning code and “features” is one of the things I hated most about WordPress.

Apologies. I had a couple of beers last night and had had some bad news. I have deleted the post.