DEV.co
Open-Source CMS · concretecms

concretecms

Concrete CMS is an open-source PHP content management system maintained by a distributed community. It provides a web-based interface for building and managing content-driven sites without requiring extensive coding.

Source: GitHub — github.com/concretecms/concretecms
847
GitHub stars
479
Forks
PHP
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryconcretecms/concretecms
Ownerconcretecms
Primary languagePHP
LicenseMIT — OSI-approved
Stars847
Forks479
Open issues509
Latest release9.5.2 (2026-06-03)
Last updated2026-06-15
Sourcehttps://github.com/concretecms/concretecms

What concretecms is

PHP-based CMS built on a modular framework architecture with Composer dependency management. Actively developed with v9.5.2 as the latest release; legacy branches (8.5.x, 5.7.x) available for older versions.

Quickstart

Get the concretecms source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/concretecms/concretecms.gitcd concretecms# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Small to medium-sized websites

Organizations needing a lightweight CMS for blogs, marketing sites, or content portals without enterprise infrastructure overhead.

PHP-native environments

Teams already invested in PHP hosting and familiar with PHP development patterns can extend functionality with custom modules.

Community-driven customization

Projects requiring open-source flexibility where the community can contribute enhancements and the codebase remains transparent.

Implementation considerations

  • Requires PHP runtime (version not specified in README; check documentation.concretecms.org for requirements).
  • Installation via Composer; dependency management standard but vendor lock-in typical for PHP ecosystems.
  • Active development branch (9.x) with legacy branches (8.5.x, 5.7.x) still available; plan upgrade path before deployment.
  • 509 open issues suggest active feature requests and bug backlog; assess priority of unresolved items.
  • Community-driven maintenance model; response times and patch priority may vary vs. commercial CMS vendors.

When to avoid it — and what to weigh

  • High security audit requirements — Organizations subject to strict security compliance (HIPAA, PCI-DSS) should conduct independent security review before deployment; no audited security posture stated.
  • Headless or API-first architecture required — Limited information on REST/GraphQL API maturity; traditional CMS architecture may not align with modern decoupled frontend needs.
  • Large-scale distributed deployments — Enterprise scale-out patterns (caching, clustering, CDN integration) not documented; primarily targets single-instance deployments.
  • No PHP hosting available — Requires PHP runtime; not portable to Node.js, Python, or JVM-only infrastructure without significant rearchitecture.

License & commercial use

MIT License (OSI-approved, permissive). Permits commercial and proprietary use, modification, and distribution with minimal restrictions.

MIT license explicitly allows commercial use without royalty or attribution requirements. However, use of third-party PHP libraries bundled via Composer may have their own licenses; audit composer.lock and DEPENDENCIES to confirm compliance for your use case. No commercial support or SLA offered by the open-source project; consider commercial support vendors if needed.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceHigh
Security considerations

No security audit, CVE tracking, or formal security policy documented in provided data. Community-driven model means security patches depend on volunteer effort and community reporting. Recommend: (1) audit composer.lock for upstream vulnerabilities, (2) review closed security issues on GitHub, (3) implement standard PHP security practices (input validation, prepared statements), (4) keep dependencies updated.

Alternatives to consider

WordPress

Larger ecosystem, more plugins, better commercial support, but heavier and less code-transparent; similar PHP foundation.

Statamic

Modern PHP CMS with Laravel foundation, better modern developer experience, but smaller community; similar licensing model.

Strapi (Node.js)

Headless CMS, JavaScript-native, better for decoupled frontends; requires Node.js instead of PHP.

Software development agency

Build on concretecms with DEV.co software developers

Review system requirements, security posture, and integration needs at documentation.concretecms.org. Contact us for guidance on deployment, support, or custom development.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

concretecms FAQ

Is Concrete CMS suitable for large enterprise deployments?
Possible but not documented. Community-driven support and moderate deployment complexity suggest better fit for SMB. Enterprise deployments should pilot and assess operational readiness with dedicated support engagement.
What PHP version is required?
Not stated in README. Check documentation.concretecms.org or composer.json in the repository.
Can I use Concrete CMS in a commercial product?
Yes, MIT license permits commercial use. However, audit bundled dependencies (composer.lock) for license compatibility.
What database backend is supported?
Unknown from provided data. Standard PHP frameworks support MySQL/MariaDB; confirm at documentation.concretecms.org.

Software development & web development with DEV.co

Need help beyond evaluating concretecms? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source cms integrations — and maintain them long-term.

Evaluate Concrete CMS for Your Project

Review system requirements, security posture, and integration needs at documentation.concretecms.org. Contact us for guidance on deployment, support, or custom development.