WordPress care plans - your site properly looked after
In 2024, 7,966 new WordPress vulnerabilities were discovered - 22 every day. The average cost of recovering a hacked site is £2,000 and takes nearly eight days. A care plan is not a luxury; it is the difference between your site working reliably and the call you never want to make.
- Daily offsite backups - 30-day retention
- WordPress core, plugin & theme updates
- Security monitoring & malware scanning
- Uptime monitoring with instant alerts
- Managed VPS hosting with SSL
- Monthly plain-English report
- You deal directly with me - no support ticket queue
- No contract - cancel any time with a month's notice
- One developer who knows your site personally
- Based in Caterham, serving Surrey & Sussex
Choose a plan
All plans include managed hosting, backups, updates, and monitoring. Pick the level of support that matches how business-critical your site is.
For established business sites that need reliable, proactive maintenance without complexity.
- Managed VPS hosting with SSL
- Daily encrypted offsite backups (30-day retention)
- WordPress core, plugin & theme updates
- Security & malware scanning
- Uptime monitoring with instant alerts
- Domain renewal management
- Monthly plain-English report
- 48-hour email support response
No contract · cancel any time
For active business sites that need updates tested before they go live and support on call.
- Everything in Essential
- Staging environment - updates tested before going live
- Pre-update snapshots with instant rollback
- Malware removal included (no extra charge)
- Monthly database optimisation
- Monthly Lighthouse performance check
- Google Search Console monitoring
- 30 min support/content changes per month
- Same-day response on weekdays
No contract · cancel any time
For WooCommerce stores, booking-enabled sites, or businesses that need a developer on tap.
- Everything in Professional
- WooCommerce order & product support
- 1 hour development time per month
- Priority same-day response (weekdays)
- Security hardening review every 6 months
- CDN configuration & management
- Third-party plugin & payment liaison
No contract · cancel any time
Full feature comparison
| Essential £59/mo | Professional £99/mo | Priority £149/mo | |
|---|---|---|---|
| Managed VPS hosting with SSL | |||
| Daily backups - 30-day retention | |||
| WordPress core, plugin & theme updates | |||
| Security & malware scanning | |||
| Uptime monitoring | |||
| Domain renewal management | |||
| Monthly report | |||
| Support response | 48hr | Same day | Priority same day |
| Staging environment | - | ||
| Pre-update snapshots + rollback | - | ||
| Malware removal included | - | ||
| Database optimisation | - | ||
| Lighthouse performance check | - | ||
| Support/content time per month | - | 30 min | 1 hr dev time |
| WooCommerce support | - | - | |
| CDN configuration | - | - | |
| Security hardening review | - | - | 6-monthly |
All plans are month-to-month with no setup fee. Hosting migration from another provider is included at no extra cost.
What maintenance actually involves
The phrase "care plan" is used loosely. Some providers mean little more than automatic backups and the occasional plugin update email. What I offer is active maintenance - the kind of work that requires a person to check compatibility, test updates before they go live, review security scan results, and make decisions rather than just run a cron job.
Most WordPress sites run 20-30 plugins. With 7,966 new vulnerabilities discovered across the WordPress plugin ecosystem in 2024 - a 34% increase on the year before - the chances of at least one of your installed plugins developing a critical security issue over a 12-month period is near-certain. The question is whether those patches get applied promptly, correctly, and without breaking something else on your site.
Updates are not click-and-forget
A new plugin version can conflict with another plugin, break a custom function in your theme, or interact badly with your PHP version. On Professional and Priority plans, updates go to staging first. On all plans, a full backup is taken before every update run.
Database bloat slows your site
WordPress stores a revision every time you save a post. On a site running two or three years, this accumulates into tens of thousands of redundant entries. Removing them is a direct improvement on Time to First Byte and feeds into Core Web Vitals scores. Included monthly on Professional and Priority.
Uptime monitoring ≠ application monitoring
A site can pass an uptime check while serving a broken contact form or a non-functional WooCommerce checkout. Both layers need attention: the hosting infrastructure and the WordPress application running on it.
You deal with me directly
Not a ticket queue, not an account manager. One developer who has either built your site or carried out a full audit before taking it on. When you send a message, you get a direct response from the person who knows your setup.
What happens without a care plan
The objection I hear most often is: "I'll just do the updates myself." This works fine - until a plugin update conflicts with another plugin, a WooCommerce version breaks the checkout, or a security patch for a plugin you've never heard of turns out to be critical.
Wordfence data. That is before you factor in the SEO damage - 45% of hacked sites see a 25-75% drop in organic traffic after Google flags them, and only 45% ever fully recover their pre-hack rankings.
That is the average from discovery to full restoration. During that period, your site may be redirecting visitors, running spam campaigns, or serving malicious code to anyone who visits.
UK GDPR requires notification within 72 hours of discovering a breach. If your WordPress site stores contact form submissions or customer data, a hack is a notifiable event. DPP Law were fined £60,000 in 2025 partly for missing this window.
One emergency malware cleanup typically costs more than a full year of the Essential plan. The care plan also means you have a clean backup, a clear record of site state, and someone who acts on what the monitoring finds.
Which plan is right for you?
Best for brochure sites
You have a business website - services, about, contact - that does not take payments or bookings online. You want someone to handle updates, backups, and monitoring without complexity. You are comfortable with email support and 48-hour response times.
Get started →Best for active business sites
Your site is central to how you get enquiries or bookings. You need updates tested before they touch the live site, and you want a same-day response when something needs attention. The 30 minutes of support time each month covers small changes without a separate invoice.
Get started →Best for WooCommerce & revenue-critical sites
You run an online shop or a site where downtime directly costs you money. You need someone who understands WooCommerce specifically, can deal with payment gateway issues, and has an hour of development time available each month for improvements.
Get started →Is managed hosting the same thing as a care plan?
No - and conflating the two is a common source of confusion. Managed hosting services like WP Engine, Kinsta, or Cloudways manage the server infrastructure: the hardware, network, caching layers, and in some cases automatic WordPress core updates applied at the server level. They do this well and it is a reasonable choice for the hosting layer.
What managed hosting does not cover is the WordPress application layer. It does not test whether your 27 plugins all still work together after an update. It does not clean your database. It does not run security scans specific to your site's configuration. It does not check whether your contact form is functioning, whether your WooCommerce checkout is processing correctly, or whether the booking plugin you rely on for appointments has a newly disclosed critical vulnerability that needs patching this week. And when something does break, the support team you reach is dealing with thousands of customers - not one developer who knows your site personally.
WP Engine's entry plan costs around £20-25 per month and handles the server layer. A care plan at £59 per month handles both layers. For most small business sites, that comparison is straightforward.
Transferring an existing site onto a care plan
If your site is currently hosted elsewhere, moving it onto a care plan involves a pre-migration audit, a full server migration, DNS cutover, and SSL configuration. I handle all of this at no extra charge. Most migrations complete within a working day with no downtime - the site stays live on the old host until the new environment is verified, then DNS is updated.
The pre-migration audit covers current PHP version compatibility, plugin vulnerability status, database size and condition, and whether the site has any existing security issues that need addressing before migration. If there are problems, I flag them with a clear description of what they are and what fixing them involves, before anything moves.
I serve businesses across Surrey and West Sussex - including Caterham, Croydon, Reigate and Redhill, East Grinstead, Haywards Heath, Burgess Hill, Horsham, Oxted, Epsom, Dorking, Woking, Guildford, and Camberley. Location does not affect the service; everything is managed remotely.
Need speed optimisation as well as maintenance?
A care plan keeps your WordPress site maintained and secure. If your site is also slow - poor Lighthouse scores, failing Core Web Vitals, high bounce rates - that requires a separate WordPress speed optimisation project: a full audit covering server-side caching, image optimisation, render-blocking resources, and database cleanup, with a before-and-after report. Speed optimisation and ongoing care plans work well together - the care plan keeps the gains in place after the work is done.
Frequently asked questions
What does a WordPress care plan include?
The Essential plan at £59/month covers managed VPS hosting, daily offsite backups with 30-day retention, WordPress core, plugin and theme updates, security and malware scanning, uptime monitoring, domain renewal management, and a monthly plain-English report with 48-hour email support.
The Professional plan at £99/month adds a staging environment where updates are tested before going live, pre-update snapshots with instant rollback, malware removal included, monthly database optimisation, Lighthouse performance checks, Google Search Console monitoring, 30 minutes of support and content changes per month, and same-day response on weekdays.
The Priority plan at £149/month adds WooCommerce order and product support, one hour of development time per month, priority same-day response, CDN configuration, and a full security hardening review every six months.
Is this the same as managed WordPress hosting?
No. Managed hosting (WP Engine, Kinsta, etc.) handles server infrastructure - hardware, caching layers, and server-level core updates. It does not handle plugin compatibility testing, application-layer security for your specific site, database cleaning, or any hands-on support when something breaks on the WordPress application itself. A care plan covers both layers - the hosting infrastructure and the WordPress application running on it - with a named developer who knows your setup.
What happens if an update breaks something on my site?
On the Professional and Priority plans, updates are applied to a staging copy of your site first. I check that everything functions correctly before pushing to the live site. On any plan, a full backup is taken immediately before every update run, giving an instant rollback point. If something breaks on the live site, fixing it is covered - it is not an extra charge.
How much does it cost if my site gets hacked without a care plan?
Wordfence data puts the average WordPress hack recovery at around £2,000, with an average recovery time of 7.49 days. On top of that, 45% of hacked sites see a 25-75% drop in organic traffic after Google flags them, and only 45% ever fully recover their pre-hack rankings. Add potential GDPR notification obligations to the ICO and a single incident typically costs more than three to five years of a basic care plan.
Do I need a care plan if my site was only recently built?
Yes - because 7,966 new WordPress vulnerabilities were discovered in 2024 (22 per day), and 96% are in plugins. The age of your site is not the relevant factor; the vulnerability status of the plugins installed on it is. A newly built site will have plugins that develop security issues over the next 12 months regardless of when the site launched.
Is there a minimum contract?
No. All plans are month-to-month. You can cancel with a month's notice at any time. There is no setup fee, no annual lock-in, and no exit penalty.
Can I move my existing site onto your care plan?
Yes. I run a pre-migration audit to assess current PHP compatibility, plugin vulnerability status, database condition, and any existing security issues. Then I handle the full hosting migration at no extra charge. Most migrations complete within a working day with no downtime. If the audit reveals problems that need addressing first, I explain them clearly before anything moves.
What do I get in the monthly report?
A plain-English summary covering: which updates were applied during the month (core, plugins, theme), backup status and storage confirmation, uptime percentage, any security events detected and resolved, current Lighthouse performance score, and a note of anything approaching that may need attention - plugin end-of-life dates, approaching SSL renewal, or hosting resource trends.
My site is on WordPress.com - is that the same as self-hosted WordPress?
No. WordPress.com is a hosted service run by Automattic where you rent space on their platform. Self-hosted WordPress (WordPress.org) means you own the installation, the database, and the files on a server you control. Care plans apply to self-hosted WordPress. If you are not sure which you are on, the easiest check is whether you have access to a cPanel or server control panel.
Do you only take on sites you built?
No. I take on care plan clients for any WordPress site, regardless of who built it. I carry out an initial audit to flag any existing issues before the plan starts - so both of us know the state of things before I take responsibility for it.
WordPress care plans by location
WordPress care plan Surrey
The full Surrey overview - east and west Surrey, professional services, aerospace, and the county's 110,000 registered businesses.
Surrey care plan details →WordPress care plan Caterham
3,000 VAT-registered businesses, legal and financial practitioners in the Valley, healthcare booking systems in the Hill.
Caterham care plan details →WordPress care plan Reigate
FCA-regulated firms, Canon and AXA presence, professional services on the High Street, and three active business guilds.
Reigate care plan details →WordPress care plan Redhill
East Surrey's largest town - the Belfry, major insurers, WooCommerce retailers along Brighton Road.
Redhill care plan details →WordPress care plan Croydon
2,000+ tech firms, health and social care GDPR obligations, and new businesses launching around the Westfield development.
Croydon care plan details →WordPress care plan East Grinstead
QVH medical cluster, seasonal Ashdown Forest visitor economy, and commuter business owners with no time for maintenance.
East Grinstead care plan details →WordPress care plan Camberley
Watchmoor Park, Blackwater Valley defence and technology corridor, and 4,460 Surrey Heath businesses.
Camberley care plan details →Ready to get your site properly looked after?
Tell me about your site - what platform it is on, roughly how old it is, and what your current maintenance setup looks like. I will come back with a recommendation and a clear price. No sales process, no discovery calls - just a direct answer.
Get in touch