Abstract of the article

I strongly recommend that you read the entire article. But if you are short on time, here is the most important information for you:

  • Legal requirements: Among other things, German data protection authorities require proof of active patch management, including documentation of when updates were installed or why not.
  • Ensure secure operation: Maintenance contracts ensure that Contao sites are secure and up to date by providing regular updates and monitoring.
  • Predictable income: Maintenance contracts offer you, as a service provider, a stable and predictable income.
  • Competitive advantage: Offering maintenance contracts sets you apart from other providers and makes your offer more attractive.
    Build long-term customer relationships: Maintenance contracts promote customer loyalty and enable you to build long-term relationships, resulting in recurring business.
  • Proactive error prevention: Regular maintenance allows you to identify potential problems early on and fix them before they become major challenges.
  • Best time to offer maintenance contracts: Offer maintenance contracts directly with the launch of the website, use major version changes (e.g. when upgrading from Contao 4 to Contao 5) or security vulnerabilities to offer your service.
  • trakked is here to help 😉
    With trakked, you can keep an eye on all your Contao installations. You will be notified immediately if there are new updates or security vulnerabilities. Thanks to our update cockpit, you can quickly and easily perform updates.

This article was last updated at 11:21, Thursday 21 November 2024.

Do you already offer maintenance contracts for Contao to your customers? Do you have any concerns or are you still hesitating? After reading this article, you might think differently.

With the release of Contao 4 we started to offer maintenance contracts to all our customers. We do this out of the conviction to make an important contribution to the professionalization of Contao. From our point of view, every Contao service provider should feel obliged to offer maintenance for the websites they create. In this article, we would like to provide reasons for this and also share our experiences with you.

Reasons for maintenance contracts and regular Contao updates

Contao currently consists of more than 180 packages, and the number is growing. This is a good thing, because one should not reinvent the wheel. After all, we are all happy when a component is installed in our car that is considered an industry standard, is known by every mechanic and can therefore be analyzed and repaired at any workshop. As with any other software, there are regular updates for Contao to fix bugs and security vulnerabilities.

Without updates, problems will occur sooner or later. Errors and bugs should be fixed when needed. The situation is different with known security vulnerabilities. These must be closed as soon as possible to ensure the operation of the website and to prevent it from being infected by malware or taken over and manipulated by attackers. Depending on the installation (e.g. eCommerce stores with isotope eCommerce), an increased risk arises as very sensitive customer data could be stolen, which in turn could lead to high penalties.

Additionally, depending on the country, there are legal requirements that should be met. For example, German data protection authorities may require proof of active patch management for content management systems during inspections.
see also: https://www.lda.bayern.de/de/kontrollen.html


The German Federal Office for Information Security (BSI) also states in its IT-Grundschutz that regular updates should be carried out.

Excerpt from the OPS.1.1.3 Patch and Change Management
IT systems and software SHOULD be updated regularly. In principle, patches SHOULD be applied promptly after release. Based on the patch and change management concept, patches SHOULD be evaluated promptly after release and prioritized accordingly. For the evaluation, it SHOULD be checked whether there are known vulnerabilities for this patch. A decision SHALL be made as to whether the patch should be applied. If a patch is applied, it SHOULD be checked whether it has been successfully applied to all relevant systems in a timely manner. If a patch is not applied, the decision and the reasons for it SHALL be documented. If hardware or software products are to be used that are no longer supported by the manufacturer or for which support is no longer available, it SHALL be checked whether they can still be operated safely. If this is not the case, these hardware or software products MUST NOT be used.

See: IT-Grundschutz Building Blocks (we tried to translate this section for you, the original is in German only)

Advantages for you and your customers

In addition to secure website operation and legal requirements, there are other good reasons for maintenance contracts.

  • Guaranteed revenue
    Thanks to maintenance contracts, you have secure, predictable, recurring income month after month, for which you don't have to write quotations or invest time in acquisition.
  • Additional income possible thanks to flat rates
    The faster you are in performing the maintenance work, the more of the generated revenue remains as surplus.
  • Regular customer contact
    With an average of 12 Contao updates per year, there is a reason every month why you can write an email to your customer. This can result in spontaneous follow-up jobs, because you get back in the customer's mind.
  • Prevent problems
    If the systems are kept up to date, many problems are solved before the customer or you even notice them. This makes daily work easier and saves a lot of time and hassle.
  • Satisfied customers
    If the website always works reliably, the customer is satisfied with your work and speaks positively about you. In the best case, your customer will even voluntarily recommend you and your services to his acquaintances and business contacts.

What services should be included in a maintenance contract?

Often the customer understands the term "maintenance contract" differently than we do. Therefore, it is crucial that you clearly define which services are included in your contract and which ones are not.

We usually only use LTS versions (currently Contao 5.3) for our projects and then keep them up-to-date with bugfix and security updates. It is clearly communicated to the customer that bigger updates, such as from Contao 4.13 to Contao 5.3, are excluded.

In our view, a basic maintenance contract should include at least the following items:

  • Regular installation of Contao bugfix releases
  • Installation of critical security updates at short notice
  • Update of installed extensions (bugfix releases)
  • Backups of the database, as well as the composer.lock and composer.json files before every update
  • Fixing problems that are related to the update

In addition, you can offer any additional services. For this purpose it is helpful to define different packages

  • Monitoring and supervision of accessibility (up-time-monitoring)
  • SSL certificate monitoring and renewal
  • Monitoring of broken and unreachable links
  • Regular updates for the statistics tool Matomo
  • SEO monitoring and monitoring of search engine rankings
  • Defined number of hours for editorial maintenance

There are no limits to the additional services. It is best to consider which services are regular, can be planned and offer your customer a real benefit.

In addition, you should consider very carefully whether editorial maintenance makes sense or whether you want to offer pure technical support in the form of updates.

Do you back your offer a 100%?

A common obstacle in selling maintenance contracts is that you yourself can only half-heartedly represent your offer or price. How can the customer decide in favor of your offer if you would not use it yourself?!

Before you offer your customers a maintenance contract, you have to be clear about its benefits. Only if you are 100% convinced yourself, you will be able to sell it.

A good maintenance contract should offer added value for both sides. If the customer doesn't see the benefit or doesn't understand it, they won't use your offer. Therefore, be sure to explain the benefits of regular maintenance (compliance with legal requirements, reduction of downtime, error-free operation, protection against attackers, ...).

When is the best time to offer a maintenance contract?

Our experience shows that you should address this issue with new customers as early as the quotation stage. The earlier the better. This way, customers can already calculate the recurring costs and will not be surprised later on. You can even go as far as not installing Contao without a maintenance contract, but recommending a static HTML site instead. But we leave that up to you. Here is a little tip: Comparisons with cars really work very well most of the time. And who drives a car without having it serviced or checked regularly? Why should a software be any different? Just because you can't touch it?

With existing customers it is often more effective to wait for a suitable time. For example, you can offer the maintenance contract together with an update from Contao 4 to Contao 5. Maybe even as a promotional package, where you perform the update and add one year of maintenance as a bonus.

The release of a new security update is also an opportunity to offer maintenance.

If the customer has problems with his website because no updates have been installed for a longer period of time, this is also a perfect moment to point out the maintenance contract. This way you have very good arguments that with regular updates something like this would not have happened.

Remember, there will always be customers who don't want to sign a maintenance contract. No matter how hard you try, they will ignore your advice. That's okay. Those people exist and they can be found in any industry and in any part of this world. But you should offer the maintenance contract to every customer. In the end, always let the customer "say no" and don't decide in advance for the customer. Perhaps you can safely do without such customers and develop your portfolio step by step so that in the end all your customers appreciate your maintenance services?

Positive experience in the trakked team

We cannot offer you the perfect procedure or a sample contract. However, we would like to share a few of our experiences with you:

As an example, I describe how I deal with maintenance contracts with my customers

I started offering maintenance contracts to my customers 4 years ago. However, I use the term "Contao update service" in communication so that it is clear what the main focus of my service is. My maintenance contracts always run for 12 months and are paid in advance. So that the customer and I do not have to deal with notice periods, my contracts expire automatically after one year. I inform the customer 4 weeks before expiration and ask them if I may extend my service by another year. At first glance, this sounds like extra work, but my customers appreciate that and are happy to extend their contracts in most cases. For me it has the advantage that I can get in touch with them every year and I can always adjust my services in the contract if necessary.

After every update, I send my customers an e-mail. This is perceived very positively and shows the customer that the services they pay for are actually performed.

If the customer has a very limited budget, then I offer a minimal service. That is, I only install security updates and nothing else. This reduces the number of updates to about 4 per year and is therefore cheaper for the customer. This way even sports clubs and small companies can afford the updates.

What you should pay attention to when calculating

In recent years, we have also noticed a few services that we have refrained from offering or only offer under certain conditions.

Mixing content maintenance and Contao updates

The big problem with editorial maintenance is that you usually can't predict how much work will accumulate every month. If a fixed time quota is offered, the question arises whether this forfeits or is transferred to the next month at the end of every month. To avoid conflicts with the customer, we limit ourselves to technical maintenance only.

Different Contao versions

The more homogeneous your Contao versions are, the easier the updates. If possible, we use the latest LTS version. This way we reduce the update effort and can guarantee a secure operation. There will always be exceptions for certain installations, but having homogeneous versions across your entire customer portfolio should be aimed for whenever possible.

Additional effort for certain themes and extensions

If you like to use ready-made themes, you should find out beforehand how the update policy of the respective provider is here. Are there regular updates? How much effort does it take to install an update? Can the extensions be updated via the Contao Manager?

In addition, there are extensions such as Isotope eCommerce, MetaModels or custom developments that require more update effort. All this should be considered in your services and have an impact on the price.

If there are too many incalculable points, we offer maintenance only by billing on the clock. You should also involve the customer directly in the contract design, especially for such projects. Perhaps you will be able to formulate the included services in a way that is understandable for both sides?

How can trakked support you?

We developed trakked because we were tired of maintaining Excel lists. By the time we added more and more features and we are especially proud of our update feature. This reduces the update effort by an estimated two thirds. A complete list of trakked's features can be found here.

For us and many of our customers, trakked is an indispensable tool for managing Contao installations and keeping up with maintenance contracts.

Try it now without obligation!

Try trakked for 30 days without obligation and convince yourself of our tool.

Try trakked

You are unsure whether trakked is worth it for you? Then maybe our calculator will help you.

What is your experience with maintenance contracts?

No matter if with or without trakked. Contribute to the professionalization of Contao and offer your customers care and maintenance for their Contao installation.

What is your experience with maintenance contracts? Write us a comment or discuss with us in the Slack channel #wartungsvertaege in the official Contao Slack workspace.

Add a comment

Please calculate 8 plus 3.