Many businesses pay for WordPress maintenance and get very little in return. Not because providers are dishonest, but because the term “care plan” has been stretched to mean almost anything, including nothing more than automated updates running in the background.
This article explains what a serious WordPress care plan should actually cover, and what questions are worth asking before you commit to one.
The Problem With the Bare Minimum
The cheapest care plans on the market typically include automated plugin updates, a backup plugin running on the same server as the site, and a monthly summary email that says something like “your site was updated.”
That is not maintenance. That is task management dressed up as a service.
The issue is not the update itself. It is everything that does not happen around it. No testing before updates go live. No compatibility checks. No one watching the site between update cycles. No defined response if something breaks. And if the hosting goes down or the backup system fails quietly, no one notices until the damage is already done.
A real care plan changes that picture significantly.
Updates Applied With Judgment
Clicking the update button is not the job. The job is knowing which updates carry risk, which plugins have a pattern of breaking things on major version jumps, and whether a significant update should be tested on a staging environment before it touches the live site.
A proper care plan includes updates applied on a defined schedule, with a review of what is being updated and a clear path to resolution if something breaks. The business owner should not have to discover a broken site themselves.
For WooCommerce stores, the risk is higher. Cart behavior, checkout flows, and payment gateway compatibility need to be verified after significant updates. A care plan that handles a WooCommerce store the same way as a five-page brochure site is not calibrated to the actual risk involved.
Backups That Are Actually Reliable
A backup is only useful if it can be restored cleanly. Many care plans include daily backups stored on the same server as the site. If the server is compromised or fails, the backup is gone along with everything else.
A real care plan uses off-site backup storage, on a separate system from the hosting environment. It includes enough retention history that you could restore to a point before a problem occurred, not just the most recent snapshot taken minutes after something went wrong. And it should be verified periodically to confirm the restore process actually works, not just assumed to be functioning because no error email has arrived.
It also assumes someone knows how to restore it under pressure, not just that the backup exists.
Uptime and Error Monitoring
A site can go down for several hours before the business owner notices. A care plan should include uptime monitoring that catches an outage quickly and triggers a response, not just a notification that sits in an inbox.
Error monitoring is also worth including. PHP errors, failed requests, and database issues can quietly degrade a site’s behavior long before anything visually obvious appears. Catching these early prevents small problems from compounding into larger ones.
Security That Goes Beyond Running a Plugin
Security in a care plan is not just installing a security plugin and assuming it is handled. It involves monitoring for unexpected file changes, unusual login activity, and signs that something may have embedded itself without obvious symptoms.
A care plan should include baseline hardening as a starting condition: login protection, appropriate file permissions, two-factor authentication on admin accounts, and sensible defaults that reduce common attack exposure. Monitoring keeps that baseline from quietly eroding over time.
Support With a Real Response Window
One of the clearest differences between a meaningful care plan and a basic service is what happens when something breaks.
A real plan includes a defined support channel and a response time that is actually stated. Whether that is same-day response for a broken site, a priority email queue, or direct access to the person managing the account, the expectation should be clear before anything goes wrong.
Plans that technically include support but take three or four days to respond to an active problem are not offering support in any practical sense. They are offering the appearance of it.
Reporting That Shows What Actually Happened
A monthly report is an accountability mechanism. It should show what was updated, when, whether there were any issues, and the current state of the site. Not a generic note saying everything looks fine.
Reports do not need to be elaborate. But they should be specific enough that someone unfamiliar with the site could read one and understand what happened that month. If your current provider sends a monthly email that you read in ten seconds and learn nothing from, that is a signal.
What a Care Plan Is Not
A care plan is not a development retainer. It does not cover new features, design changes, or significant custom work. That is a separate scope.
A care plan is specifically about keeping an existing site stable, secure, updated, and recoverable. That is its job. When providers conflate the two or leave the boundary undefined, scope disagreements become common.
Knowing what is included, and what requires a separate conversation, is part of what makes a care plan worth having.
Questions Worth Asking
When evaluating a care plan, the useful questions are:
- Where are backups stored, and can you restore to a specific point in time?
- How are updates tested before going live on the site?
- What is the response window if something breaks?
- Does the monthly report show specific actions taken?
- Is WooCommerce handled differently from a standard site if applicable?
- What is not included?
- Who is responsible if something breaks after an update?
The answers will tell you more than the feature list on the pricing page.
What You Are Actually Paying For
A care plan that only runs plugin updates is managing a task list. It is not protecting a site.
Real maintenance means tested updates, reliable off-site backups, uptime and error monitoring, baseline security, responsive support, and reporting that shows what happened each month. Those are the components that matter when something goes wrong.
The difference between a basic plan and a real one is invisible most of the time. It only becomes obvious at the worst moment.
If you want to understand exactly what a structured care plan looks like in practice, or you are not sure what your current plan is actually covering, WordPress Care Plans explains how WPFellow approaches site maintenance.
