Blog
Bear CMS highlights (July 2019)
Bear CMS Blog
One more month has passed away and we would like to use this opportunity to highlight some of the most interesting things around Bear CMS in the last 31 days.

A new addon named "Visitor stats" has been added to the addons library. Now you can easily track (privately and responsibly) and analyze visits to your websites.

The Universal theme (also an addon) now has 8 new styles. You can apply them in just a couple of clicks and modify them (change colors, fonts, backgrounds, etc.) to achieve the unique look you desire.

We've posted an article explaining the security-related benefits of using Bear CMS. You can read it at 5 reasons why Bear CMS is more secure than your average CMS.

We've improved the content in the RSS feed of your website. Now the HTML code for your blog posts is much cleaner and that should improve how it's presented in the RSS readers.

You already can use Google Fonts for texts in your websites and now these fonts are loaded from your domain. This can improve load times and privacy for your visitors.

These were some of the most visible changes we've made in the last 31 days. There we also some bugfixes and minor tweaks. We hope you'll find them useful.
8 new styles for the Universal theme
Bear CMS Blog
The Universal theme is a great alternative to Theme One (the theme that is installed by default on your websites). It provides a huge number of customization options that enable you to change colors, fonts, borders, shadows, backgrounds, etc. It's a great theme if you want to create a truly unique look for your website. And today we've added 8 new styles that can be used as a starting point towards creating that unique design you've imagined.

You've already seen that the content and the design parts are nicely separated in Bear CMS. This means that you can change themes and keep the content you've created, and providing different ready-made styles for each theme can help you launch your new website faster and give you the base for future customizations. We would like to encourage you to read our article about theme customizations and apply some.

The new styles are now being pushed to all websites running the standalone package.
New addon: Visitor stats
Bear CMS Blog
A new addon is now available. It's called Visitor stats and provides information about how visitors interact with your website.

Addon description:
Creating engaging and useful content is at the core of a successful website, and analyzing how visitors interact with it can help you maximize its value. This addon tracks your website pageviews (respecting your visitors' privacy) and provides the tools needed to analyze it. The administrators' visits (when logged in) are not tracked.

You can install Visitor stats for free from your website's administrators menu.
5 reasons why Bear CMS is more secure than your average CMS
Bear CMS Blog
This post is the beginning of a series that will focus on different aspects of a content management system and how they are implemented in Bear CMS. We will share our thoughts on design and usability, performance, customizations, etc. and today we start with security.

We've highlighted it on our home page, but I would like to make it clear that Bear CMS is not a self-hosted website software and it's not an online website hosting service (both of these are very popular nowadays). Bear CMS is a service (that we host and manage) that seamlessly integrates with your self-hosted website to provide the CMS tools only when you need them. When you access https://your-domain.com/admin your server connects to the Bear CMS service and requests the code needed to log you in as an administrator. When you go back to https://your-domain.com/ (after successful login) you'll have the ability to add text, upload images, create pages, etc. The editing UI will appear "magically" and will help you make the desired modifications (even on your mobile device). The How Bear CMS works? article is a nice place to visit if you are interested in the details.

Now, let's talk about the security-related benefits that Bear CMS brings over your average self-hosted or managed content management system.

Less code needed to run the website

Typically when installing a self-hosted CMS you download a zip file, extract it on your server and run some kind of setup process. In the files extracted, you will find PHP code (if that's the language the CMS was written on), JS and CSS files, and some images. Some of them are needed to render the website for your visitors and others are needed only when you are logged in as an administrator (the administrator panel). Here are some real numbers from the Bear CMS source code (because here it's really easy to know where each file is used):
Files needed to render the website:
- PHP / 1.23 MB / 1,295,118 bytes
- JavaScript / 0.18 MB / 192,406 bytes
Files needed for content management (the administrator panel):
- PHP / 4.11 MB / 4,309,530 bytes
- JavaScript / 0.74 MB / 776,102 bytes
- Images / 0.03 MB / 32,439 bytes

The server code (PHP in this example) and the client code (JavaScript) can both be targeted in an attack, so I'd like to focus on them. As you can see the size of those files for the CMS part is around 4 times bigger than the size of the code needed to render the website to visitors. I'm not sure what is the ratio on other content management systems, but it's pretty safe to assume that the code needed to run a CMS is bigger than the code needed to render a modern, responsive website with a couple of animations.

Most developers learn early on that less code is easier to maintain and support, easier to test and easier to secure. So we only give you the minimum code needed to run your website and to connect to our services. We also keed high standards for the content management part of Bear CMS with the added benefit of it being hidden behind an HTTPS endpoint.

We give you less code to run so ...

Fewer updates are needed

It's common these days for a software team to push updates regularly (even a couple of times a day). This is also true for an actively developed product like Bear CMS. Let's see the most popular reasons for a new release:
- An awesome new feature is developed.
- A bug is found and fixed.
- A new market opportunity requires translating the UI.

Unfortunately, rapid development not always means rapid delivery to users. Most products get a new version once a quarter or once a year. That's the case for Windows, Android, and iOS. That's the case for Chrome and Firefox. That's even the case for some of the popular CMSes that we are comparing Bear CMS with. Instead of doing this, we've decided to not ship the CMS code at all. This means fewer updates on the code that runs on your machine and fewer opportunities for things to break.

Keeping the CMS code on our servers allows ...

Faster CMS related updates

Providing the CMS as a service means that we can push updates regularly (even multiple times a day). If we detect a problem with some browser on some fancy new mobile device we can fix it and provide the fix to you in a couple of hours. If we make improvements to the theme customization UI you can get them today ( no need to wait for the fall :P ). You got the point.

You can see some of the improvements we've made in the last month that require no or minimum update on the client software (the software that runs on your machine).

Let's continue with ... 

Administrators accounts

The security of the content management part of a website is not an area that compromises are allowed. It must be available reliably only to the right people. Here are some things that must be done right:
- Password hashing (no plain text password in the database, please).
- Secure and reliable account creation.
- Safe way to access your account in case of a lost password.
- Reliable access control (what functionality can each administrator access).

In Bear CMS the administrators account data is stored on your server, but it's managed only with the UI tools provided by our service. This allows us to validate the email addresses, hash the passwords and send confirmation emails. We help authentication too and you will learn below how we do this in a secure way.

No (private) information is stored or logged

A managed website service takes the burden of hosting a website yourself. It stores and manages your data, but can also track your personal information (IP address for example), your actions and your visitors. Convenience may come at a cost. The privacy topic is getting extra popular recently and this can be a motivation for hosting your website on your own infrastructure. We get that.

There are clear benefits and drawbacks when using a managed service, and there are clear benefits and drawbacks when using a self-hosted service. We like them both, but we like something else the most - a managed service designed for privacy. And that's how we've made our CMS tools. When updating your website on your home computer:
- Your device connects to your own server (and not us). Then your server contacts our services to help him do its job. This means that we do not know your IP address and we cannot even distinguish your actions from the actions of your fellow administrators.
- Some of your website data (list of created pages for example) is transferred to our servers when you need to view or modify it (in the CMS UI). This data is never saved and is only needed to show you the UI you are interested in (the "new page" form for example). 

And sure, the communication with our servers is over HTTPS.

Thanks for reaching this far. We hope you too take security seriously. We'll be happy to answer your questions in the comments below. Security is a topic that deserves attention.
Bear CMS highlights (June 2019)
Bear CMS Blog
June 2019 has passed and in this article, we would like to highlight the improvements we've made in the last 30 days.

Let's start with the biggest one. We've added support for uploading documents and other files that you can share with your visitors. In the announcement blog post you can learn the details.

Your websites now can have multiple different images for an icon. The icon is visible in the browser tab, when bookmarked, when saved to the home screen on mobile devices and when shared on social networks. Which one of the uploaded images will be shown in different contexts depends on the context dimensions and sizes of the images. We recommend uploading multiple images sized at 32x32, 128x128 and 600x600 pixels to cover all of the cases. You can do this in the Settings window of your websites.

A new "og:image" metatag has been added to improve the look of your pages when shared on Facebook and Twitter. The image shown here is taken from the page content. If no image is added then the website icon will be used.

The forum posts are now visible in the sitemap.xml file of your website. There is also a "show replies count" option in the "Forum posts" element. 

URLs in forum posts and comment are now automatically converted into links.

These were some of the most visible changes we've made in the last 30 days. There we also some bugfixes and minor tweaks. We hope you'll find them useful.