Security Weekly

How to Set Up a WordPress Maintenance Service

Cleanshot 2023 11 30 At 14.14.30

Published:

Cleanshot 2023 11 30 At 14.14.30

Oliver Sild

Patchstack

Oliver Sild is the CEO and Co-founder of Patchstack. He is an entrepreneur and cyber security expert with a strong focus on community building. He has been organising hacking competitions (& local CTF community) in Estonia since 2016, has kickstarted a startup community in his hometown and has nearly 10 years of experience with WordPress security.

Week 18

When it comes to security, maintenance is essential. When ever a company or a person reaches out to an agency or a freelancer to get a website designed and built for them – they mostly do it because of lack of time or skills. Both of these are also required for an ongoing maintenance.

The lack of time is often connected to internal priorities. If companies are not able to prioritise their existing development resources to build their own website then for sure they won’t be able to put a regular ongoing prioritise on maintenance either.

For that reason, maintenance services are not only essential for customers who don’t have any in-house developers, but they are equally important to most companies who might even have entire technical teams as well. Otherwise it won’t get done.

Make it simple for the customers

Something that I’ve seen in many cases is that agencies who offer maintenance and care plans try to squeeze in too much right away. They offer maintenance plans that immediately come with few hours of content management, a bunch of different tools and services the customer may not be ready yet.

While trying to maximise the value in their maintenance plans, they overcomplicate them and while some things feel important for the customer, others don’t. In most of the cases, these bundled maintenance plans have higher costs both to the agency and to the customer as well.

As we covered in the last article, things that seem optional don’t feel essential nor important. When setting up tiers for your maintenance plans, start with essential/important services first and build a clear path towards services your customers will be needing as they grow.

Prioritise essentials and level of automation

Maintenance service plans can include many different things and the top tier plans often end up being indistinguishable from a regular development contracting. While the additional value offered in the different plans is incredibly important, it’s also very important to connect the plans with the level of automation you can achieve.

As an example, let’s create a maintenance service pricing plan by prioritising a) most important essentials and b) level of achievable automation. I won’t be adding all the different tools & services that you should add under each of them as this can depend on specific needs of your niche, but this gives you a good starting point.

  • Security(should not be optional)
    • This is the essential plan which should be included with every new project at least for the first 6 months or a year.
    • Includes only maintenance and security.
    • Should be almost entirely automated.
  • Care & Performance
    • Includes everything in Security.
    • Includes performance monitoring an optimisations.
    • Includes technical troubleshooting and hands-on support.
  • Fully managed
    • Includes everything in Care & Performance.
    • Includes hosting & infrastructure.
    • Includes additional development at hourly rate.

Pricing your maintenance service

I can’t say what you should charge your customers, but I’ll cover the basics of what should be taken into consideration. Something I’ve seen agencies struggle with is that their customers feel like the service is too expensive.

I believe this comes down to few things that need to be addressed – such as: a) not clear enough communication why security and maintenance is absolutely needed b) too many things bundled into maintenance service which customer don’t think they currently need c) pricing is not aligned with your customer profile (if you build a website for $500, don’t expect them to pay $99/month for maintenance).

The most essential security & maintenance package should be at a cost which seems a non-brainer for most of the customers. Keep in mind that this plan should be mostly automated for you and it reduces the likelihood of negative experiences (such as a site getting hacked). It creates an opportunity to build a longterm relationship and ability to stay close with the customer. You’ll get referred to more customers and more customers will be upgrading to the higher tier maintenance plans as well.

For that reason, on the lowest tier, focusing only at the most important aspects of security and automating it entirely is very important so you would not need to think about any unexpected overhead even if you have to reduce margins to a minimum. Consider this as an investment into your customer relationships so you could later move them to higher tier plans.

Conclusion

I’m a firm believer that most agencies should be managed service providers (MSPs) – many already are without even realising it. Your customers are not WordPress or security experts, make it simple for them to decide – and don’t be afraid to decide some of the things for them. If they chose you, they trust you. The only way to keep this trust longterm and build scalable business and recurring revenue is by making maintenance services a strong part of your core business.

Join the Conversation!

There's a dedicated thread on this post inside of The Admin Bar community. Join in on the conversation, ask questions, and learn more!

Group Thread
Cleanshot 2023 11 30 At 14.14.30

Oliver Sild

Patchstack

Oliver Sild is the CEO and Co-founder of Patchstack. He is an entrepreneur and cyber security expert with a strong focus on community building. He has been organising hacking competitions (& local CTF community) in Estonia since 2016, has kickstarted a startup community in his hometown and has nearly 10 years of experience with WordPress security.

Brought to you by:
Logo

Patchstack auto-mitigates security vulnerabilities found on WordPress core, plugins and themes. Patchstack is the leading vulnerability intelligence provider in the entire WordPress ecosystem and has the largest collection of vulnerability specific vPatch rules that provide precision protection without any performance hit nor false positives. Patchstack is the go-to security provider for many of the leading agencies such as 10up, Valet, SiteCare and others.

Never Miss an Issue!

Subscribe and have Security Weekly delivered to your inbox every week!

Care Plan Toolkit

Save time, boost profits, and confidently manage client websites with proven tools, tips, and resources.

Bento Toolkit

More from Security Weekly

Week 47

Why Use Virtual Patching for WordPress Security?

Virtual patching is a security strategy that involves applying protective measures to the WordPress application without …

Week 46

What Role Does AI Play in WordPress Security?

We can’t ignore the power of LLMs and AI when it comes to security. At Patchstack, …

Week 45

Where to get your WordPress plugins and themes?

As of writing this article, it’s a hot topic. Some plugins which have been available on …