What a website care plan includes (and why it matters)

A website left unattended after launch degrades quietly. Security vulnerabilities accumulate, software falls out of date, and small problems compound into larger ones. A care plan prevents that.

27 Oct 2020 · 4 min read · Ongoing Support

A website doesn’t stay in the state you left it. The underlying software (the CMS, themes, plugins, and platform libraries) is updated regularly by their developers, often to patch security vulnerabilities that have been discovered since the last release. Without someone managing those updates, a site gradually accumulates risk.

Security issues are the most visible concern, but they’re not the only one. Plugins that haven’t been updated may conflict with newer versions of the CMS. Performance can degrade as the gap between installed and current versions widens. Small problems that would be easy to catch with regular oversight compound into larger ones that are harder to fix.

A care plan addresses this through a structured approach to ongoing management rather than reactive emergency work.

What ongoing maintenance actually covers

Software updates are the most routine part of care plan work. For a WordPress site, this means keeping core, themes, and plugins current, not just accepting every update automatically, but checking compatibility, testing changes where appropriate, and being ready to respond if an update causes an issue. Critical security patches are applied as soon as they’re released; routine updates are handled on a regular schedule.

Monitoring means having visibility into what’s happening with the site rather than finding out about problems when a client or visitor reports them. Uptime monitoring alerts when a site goes down. Security scanning can identify suspicious file changes or known vulnerability signatures before they become active problems.

Backups are covered separately in more detail in Why every website needs a backup plan, but they’re an essential element of any care plan. The key points: backups should run automatically, they should be stored off the live server, and they should be tested periodically to confirm they actually restore correctly.

Reporting ties everything together: a regular summary of what has been done, what was found, and the current state of the site. That record is useful if something goes wrong later, and it makes the ongoing work visible rather than invisible.

The difference a care plan makes when things go wrong

No maintenance approach prevents every problem. Servers have hardware failures. Hosting providers have outages. A plugin update can cause a conflict that wasn’t caught in testing. The question is how quickly you can recover.

When a site is on a care plan with current backups and documented configuration, restoration from a problem is typically measured in hours. When a site has been unmonitored, the same event can mean rebuilding from scratch, digging through old files, recreating settings, re-entering content, or discovering that the most recent restorable state is months out of date.

The GoDaddy DNS outage in 2012 took down millions of sites simultaneously. More recently, vulnerabilities in widely-used WordPress plugins have required immediate patching to protect sites before exploits were circulated. In both cases, the outcome for individual sites depended largely on whether someone was watching and had a restore path ready.

What reactive management typically costs

The calculation for care plans is worth making honestly. The monthly cost of ongoing management is predictable and relatively small compared to the cost of emergency work.

Emergency development work (diagnosing a problem at short notice, restoring a site, or rebuilding content that was lost) typically bills at a higher rate and often takes longer than it would under planned conditions. Beyond that, there’s the business cost of being offline or compromised: lost enquiries, reputational damage with visitors who arrive at a broken or hacked site, and the time spent managing the situation.

A care plan replaces that uncertainty with a consistent, known overhead.

Starting a care plan on a site of unknown state

If you’ve been managing a site reactively, or inherited one without documentation, the current state of the software, security, and configuration may not be clear. Starting a care plan on a site with unresolved issues means maintaining problems rather than preventing them.

A Foundation Audit addresses this by reviewing the site before ongoing work begins. It covers:

Foundations and structure: Build quality, theme structure, plugin choices, and whether the setup is maintainable long term.
Issues and risk: Existing errors, plugin conflicts, security gaps, and anything that should be resolved before maintenance begins.
Performance: Page speed, Core Web Vitals, image handling, and hosting behaviour.
Visibility and usability: SEO basics, tracking setup, content structure, and conversion blockers.

You receive a written report with prioritised actions, a recommendation on improvement vs rebuild vs no action, and a 30-minute call to walk through findings. From there, a care plan can begin from a documented baseline rather than an unknown one.

The Foundation Audit is £295. If you proceed with improvement work within 30 days, the fee is credited in full.

Tired of reactive fixes and surprise costs? See ongoing support options →

Frequently asked questions

What is included in a website care plan?

The specifics vary by provider, but a proper care plan typically covers regular software updates (CMS, plugins, themes), scheduled backups stored independently of the live server, uptime and security monitoring, a clear process for restoring the site if something goes wrong, and regular reporting on what has been done. Some plans also include a set allocation of small updates or changes each month.

Do I need a care plan if my site rarely changes?

Yes, possibly more than a site that changes frequently. A static site still relies on underlying software that needs updating. Security vulnerabilities are discovered in WordPress plugins, themes, and core regardless of whether the site is actively being edited. An unmonitored site that hasn't been touched in two years may be running outdated software with known vulnerabilities.

What happens if my site breaks without a care plan?

You're dealing with it reactively, often under pressure, and paying for emergency work. The time and cost of diagnosing a problem, finding a developer at short notice, and restoring or rebuilding the site typically exceeds what ongoing support would have cost. More significantly, the site may be down or compromised for longer than it would be with a plan already in place.

Is a care plan only for WordPress sites?

No. Shopify stores also require ongoing attention, including theme updates, app compatibility checks, and performance monitoring. Any site that drives business results benefits from a structured maintenance approach rather than reactive fixes.

Do I need an audit before joining a care plan?

For WordPress care plans, a Foundation Audit (£295) is the usual starting point if the site has not been reviewed recently. It covers foundations, performance, security, plugin and theme health, SEO basics, and maintainability, with a written report and 30-minute call. If you proceed with work within 30 days, the fee is credited in full. Sites we built or existing clients can usually join without a separate review.