WordPress maintenance outsourcing is ongoing operations — not a few clicks on “update all plugins” when someone remembers. Production sites need staged updates, monitored backups, security response, and a clear queue for change requests.
This guide defines what belongs in a maintenance retainer, how to set SLAs, and how maintenance differs from feature development so contracts stay honest.
What a serious retainer includes
Core, theme, and plugin updates tested on staging before production. Daily backups with quarterly restore drills that actually restore — not just success emails.
Uptime and SSL monitoring, malware scanning, WAF tuning, and trend reports on Core Web Vitals. Small CSS and content fixes within monthly hours.
A monthly report listing versions applied, incidents, security notes, and hours consumed versus included.
SLA tiers (example)
| Severity | Example | Target response |
|---|---|---|
| P1 | Site down or checkout broken | 1–4 hours |
| P2 | Major feature broken | Same business day |
| P3 | Minor defect or content | 1–3 business days |
What maintenance should not cover
New templates, major Woo features, ERP integrations, and redesigns are projects — not retainer scope. Blurring the line turns maintenance into unfunded product development and quality drops for everyone.
Combining maintenance with development outsourcing
One partner for build and care reduces finger-pointing when an update breaks custom code. Negotiate transition from project to retainer with documented runbooks and training for your editors.
Contracting and governance
Define acceptance criteria per sprint: performance budget on templates, accessibility checks on forms, and security scan on dependencies. Change control in writing prevents scope arguments mid-release.
Require access to staging, version control, and deployment logs. You should be able to roll back without calling one person’s mobile phone.
Measuring partner performance
Track lead time from brief to production, defect rate in first thirty days, and Core Web Vitals on key URLs. Quarterly business reviews beat annual surprises.
If velocity drops while hours stay flat, inspect technical debt: plugin count, custom code without tests, and hosting misconfiguration.
Red flags when hiring
- No staging environment or “we edit live”.
- Parent theme edits without child theme.
- Twenty-plus plugins with overlapping features.
- No written backup and restore test in the last quarter.
Handover and knowledge transfer
Insist on recorded deploy runbooks, ADR for theme architecture, and a shadow sprint where your engineer ships one feature with partner review. Knowledge should live in repo and docs, not one consultant’s head.
Define a thirty-day warranty period after major releases for defect fixes at no additional scope cost — written in the SOW.
Frequently Asked Questions
- Maintenance is ops; development ships features — often both with one partner.
- Often $500–3k depending on traffic, Woo, and SLA.