10 Jun What a WordPress Care Plan Should Actually Include in 2026
Website maintenance” might be the most under-explained service in the web industry. Every agency offers it, every plan looks vaguely similar on the surface, and most business owners sign up without really knowing what they’re paying for. Then something goes wrong, and they find out what wasn’t included.
I’ve been building and maintaining WordPress sites at Webwise for 23 years, and I currently look after around 50 client websites. So here’s my honest breakdown of what a care plan should actually include in 2026, what’s optional, and what’s a warning sign.
Why you need one at all
WordPress powers over 40% of the web, which makes it the single biggest target for automated attacks. Core software, themes and plugins release security patches constantly. An unpatched site isn’t a question of if it gets compromised. It’s a question of when.
I’ve seen this play out at scale. In early 2026 a major Australian hosting provider was breached through a server-level vulnerability they’d failed to patch, and sites across their entire platform were compromised overnight, through no fault of the site owners. The clients who recovered fastest were the ones on proper care plans. Clean off-site backups, security monitoring that caught the problem early, and someone accountable who could act immediately. We migrated every affected site to new infrastructure within days. Without monitoring and backups in place, that same event can mean weeks of downtime and a five-figure rebuild.
A care plan isn’t a subscription. It’s a decision about who protects your site when something breaks.
The non-negotiables
Any care plan worth paying for in 2026 needs all of the following. If a plan is missing any of these, keep looking.
1. Core, plugin and theme updates, applied by a human. Auto-updates alone aren’t maintenance. Updates need to be applied deliberately, with someone checking the site still works afterwards. Plugin conflicts are real and they break sites silently.
2. Off-site backups. The key word is off-site. A backup stored on the same server as your website is useless if that server is the thing that gets compromised. Frequency should match how often your site changes. Monthly might be fine for a brochure site, but a busy site needs weekly or daily. Our Webwise support plans scale from monthly off-site backups on the Basic plan up to daily on Professional, for exactly this reason.
3. Security monitoring and malware scanning. Automated scans for malware, injections and cross-site scripting, plus a firewall. And crucially, someone needs to be receiving and acting on those alerts, not just running the software.
4. Uptime monitoring. The worst way to find out your site is down is from a customer. Monitoring should alert your agency within minutes.
5. Actual support time with a real person. A care plan with no included support time is just software resale. There should be a defined amount of phone and email support each month for fixes, small changes and questions, and you should know exactly how much you get.
What separates a good plan from a basic one
Beyond the baseline, the better plans add:
Performance and speed optimisation. Site speed is a ranking factor and a conversion factor. Regular performance scans catch the slow creep of bloat (oversized images, accumulating plugins, database clutter) before it costs you customers.
Database optimisation. WordPress databases collect junk over time. Post revisions, transients, spam. Cleaning them out keeps the site fast.
Broken link scanning and fixing. Broken links quietly damage both user experience and SEO, and almost nobody checks for them manually.
A detailed monthly report. If you’re paying monthly, you should see monthly what was actually done. Updates applied, scans run, issues fixed, plus your visitor trends and performance data. Transparency is the difference between a maintenance partner and a direct debit.
Training resources. You should be able to make small content changes yourself. We include a WordPress training portal, tutorial videos and a user guide with every plan, because a client who can update their own blog post is a happier client.
What’s new for 2026
Two things have changed the maintenance conversation recently.
Email deliverability. Google and Yahoo have tightened their sender requirements, which means contact form emails from misconfigured sites now routinely land in spam or vanish entirely. Proper SMTP configuration should be part of any site setup, and a care plan should catch deliverability failures before you spend three months wondering why enquiries dried up.
PHP version management. Older PHP versions lose security support, but blindly upgrading can break plugins. Managing this properly per site, testing compatibility and upgrading or holding versions as needed, is exactly the kind of judgement call that separates managed care from set-and-forget automation.
Red flags to watch for
- No mention of off-site backups (or backups at all)
- “Unlimited” everything at a suspiciously low price. Unlimited usually means unprioritised.
- Lock-in contracts. Confidence looks like month-to-month billing. Our plans have no contracts, because we’d rather earn the renewal every month.
- No named humans. If you can’t find out who actually does the work, the answer is probably an offshore queue.
- No reporting. If they can’t show you what they did, ask yourself whether anything was done.
What it should cost
In the Australian market, properly managed WordPress care typically runs from around $100 to $180 a month for a standard business site, $180 to $380 for sites that need more frequent attention, and upwards of $380 for eCommerce or high-trust sites needing daily backups and priority response. Some of the big Sydney agencies now start their plans at over $2,000 a month. Cheaper plans exist too, often under $50, but they’re usually automation-only. Fine until the day you need a human at short notice.
If your site has been unmaintained for a while, a one-off catch-up is the right first step before joining a monthly plan. We call ours a Website Tune-Up: full software updates, a complete security scan, backup, broken link fixes and a couple of hours of hands-on time to bring everything back to baseline.
The bottom line
Your website is core business infrastructure. It generates leads, customers and revenue around the clock. A good care plan is cheap insurance against the genuinely expensive alternative, whether that’s downtime, a hack cleanup, or a rushed rebuild.
You can see exactly what’s included at every level of our Webwise support plans, or read more about Webwise And if you’re not sure what state your site is in right now, get in touch. A quick health check costs nothing and tells you everything.
