How does this work?
We support two Content Management Systems (CMS): Silverstripe and WordPress. Both of these CMS's periodically release Minor updates/Patches to improve security and bug fixes (security being our main recommendation for staying up to date). We can manage this for you through our Managed CMS Updates Service.
In short: to engage in this service, we simply request a prepaid retainer of hours to log time against (for deploying these updates). We log to the minute and keep you posted on the time remaining in your retainer as it gets close to being used up.
- There are a couple important distinctions depending on what CMS your site is in:
- Silverstripe does not automatically update itself, so manual deployments are required. NOTE: Silverstripe uses semantic versioning. In short, this means it organizes updates into 3 distinct categories: Major, Minor, and Patch releases. Major updates generally require a lot more work (and more testing time by both us and you before going live). Minor updates and Patches however, should not introduce new bugs, so they generally can be deployed without any testing by you/your team. It is these Minor updates and Patches that we deploy under our Managed CMS Updates service, as updates become available. In situations where a Major update is released, we treat this as a separate project (working with you to decide its priority, timing, and costs).
- WordPress has a feature to automatically update itself. However, we can configure the CMS such that we can deploy updates manually. This gives us a chance to test and review the update before it goes live. In any case, even if automatic updates are turned on, sometimes the hosting web server requires updates (e.g., to PHP) to remain compatible, so having us manage this is valuable.
- We will notify you when an update is deployed. This gives you a chance to quickly review the site as well. There should not be any regressions but it is still a possibility, so it is good practice to test a few key areas of your site. NOTE: We will test and review ourselves at a high level before going live (knowing these are generally not 'breaking' updates). If a bug is later discovered from one of these updates, we do our best to prioritize a resolution.
- We try and deploy available updates at least once a month. Based on logistics the actual deployment may happen some day[s] after the end of month. There are also months that no updates are released. In these cases, no time is logged to your retainer and the remaining balance is carried forward.
- In some cases, hosting server updates are also required. The applications on the web hosting server are closely tied to the CMS. So in situations where those also require updates, if you are hosting with us, we will deploy these updates too. If this requires any 'downtime' of your website, we will coordinate with you beforehand.
Frequently Asked Questions
- Q: What is the cost?
A: Because there is no definitive release schedule of updates, AND the level of deployment varies slightly between updates/patches, we can’t give a fixed predictive cost. We can however provide reports on time spent as patches are released. For additional information on costs, we’re happy to discuss.
- Q: How important are updates/patches for my website? Can you just let me know when a patch comes out that has a bug fix or security patch?
A: To assess the impact/benefit of a given patch on your website would require a fair amount of time (reading patch notes, and cross-checking your site for relevance). The time/cost to do that would be greater than just doing the update. So, although we can do this, it’s not cost-effective for you.
- Q: What happens if I don’t upgrade?
A: Potentially nothing. Some site owners go months or even years without updating their CMS version. However, this is not recommended. You should upgrade for security reasons if nothing else as there may be vulnerabilities sitting dormant. And to a lesser degree, there may be issues/bugs that you are not aware of. These issues/bugs could be frustrating your visitors and/or administrators. You can read more about the importance of keeping your CMS updated in our blog Why You Should Update Your Content Management System.
- Do these updates guarantee my site is secure - it won’t be hacked?
A: In short, no. Site security is a wide-ranging effort. Keeping the CMS up to date is definitely a major step in the right direction, but there are a number of other factors to consider. For example, maintaining good passwords for your administrators (and secure password usage/sharing), using 2 Factor Authentication (2FA) and keeping the web server up to date are all important security protocols to have in place.