As 95% of our development business revolves around WordPress retainers, the topic of ongoing updates and recurring contracts comes up during every presales call. Working with clients who switch agencies is easier (as they already understand the benefits of a technical partnership), but site rebuilds are often a challenge in that department.
And the most common question is:
“Why do I need to pay for maintenance once our new site is live?”
While there are plenty of excuses not to keep your project up to date, my favorite analogy is derived from the automotive industry.
You don’t buy a car and expect it to run flawlessly for 5 years without oil changes or new tires or occasional fixes under the hood. If you neglect that for too long, your shiny new vehicle will probably leave you high and dry in the middle of a highway (or worse).
But when it comes to specifics in the web development world (especially in the context of WordPress scaling as WordPress powers 43.2% of the web now), here’s exactly why website maintenance is so crucial to the longevity of your business.
1. Deprecated Features
New software versions, PHP updates (or web server upgrades), 3rd party services occasionally drop some features for different reasons.
More dynamic industries (around finances or B2B sites integrating marketing automation) frequently face regular challenges in this area. If your website handles booking or eCommerce, chances are you’re dealing with new regulations, drop-shipping methods, or other caveats that may be inaccessible after a period of time.
Sometimes features just work differently. For instance, a booking engine we maintain changed their timezone handling with the recent laws around daylight and summertime, messing up registrations ahead of time.
2. Stuck Cron Jobs (or Automation Scripts)
Most websites handle automated scripts or activities for different reasons.
For instance, Yoast (the leading SEO plugin for WordPress) uses cron jobs to regenerate their sitemaps for Google (among other actions they perform internally).
On a couple of occasions, a technical glitch prevented Yoast from executing their refresh script, overflowing the database field designed to keep all actions. Unless supervised, this can easily escalate and bring a website down.
If your system integrates with 3rd parties (like a CRM, ERP, marketing automation software), a disconnected service or a broken cron job can kill an entire feature you rely on for analysis or sales.
3. Security
One of the most commonly quoted reasons to engage in maintenance is security.
Software updates frequently introduce security updates to patch known vulnerabilities. Especially in the context of open source, leaks are well-documented most of the time and exploits are available in niche communities of security experts (and hackers).
Relying on a popular web server, framework, or a library and postponing upgrades vastly increases the odds of a security leak. One of the most important web security considerations, aside from safe password management (among others), is keeping your software up to date at all times.
4. Continuous Technical Support
Keeping in touch with a technical team simplifies the process of requesting new features.
Ongoing maintenance means that an individual (or an organization) is familiar with your code base, your infrastructure, and the main caveats of your platform. As minor requirements may come up more often than not, retaining this technical partnership is often more cost-effective, happens faster, and will be more reliable (compared to onboarding someone with a limited context of your business and challenges faced to date).
In the context of the previous point (ongoing updates), performing updates yourself is risky. Regressions are quite common and relying on manual updates can realistically impact existing features, reveal sensitive data, or lose data. This is why continuous technical support may prevent all the unexpected surprises.
5. API Upgrades
Every digital project relies on 3rd party services like Google Analytics or Facebook Pixels. Larger projects often connect to over a dozen different services through their APIs – verifying VAT numbers across the EU or calculating taxes, forex tools, marketing automation apps, monitoring and heatmap solutions, lead form generators, and the like.
Or maybe you use a 3rd party for your website comments (or Facebook/Google log-in).
Let alone payment providers for selling goods or membership subscriptions.
Updates across APIs require technical updates internally to ensure your application still works as anticipated.
And sometimes embed codes or IFrames update their URL structure and your feature no longer appears on the corresponding page.
6. Expiring Tokens
If you embed an Instagram feed from your business profile within your homepage, the authentication mechanism relies on a temporary token generated for a certain period of time.
While it’s possible to refresh or revalidate a token:
- It’s not always implemented properly during the initial build
- Certain regressions may fail to refresh a token, thus stopping the service
Same goes with Facebook login or uploads to Box or Dropbox through your platform.
Image compression tools depend on API keys too, and so do different lead generation systems for SMBs.
A website maintenance contract in place ensures there’s someone who can jump in and resolve that (and monitor for other similar mistakes as well).
7. Cleaning up Database Entries or Media
Do you use a service that gathers a lot of data within your database?
Logging plugins are known to record tons of actions for every single user. Depending on their architecture, this may flood the database and impact other queries fetching data across the site.
Custom fields (additional data entries) for your posts may add 50 or even 100 database records in your postmeta table (assuming you use WordPress) for every single post.
Different use cases may store loads of data in your database, impacting the stability and performance of your app.
As far as media is concerned, you can easily hit storage limits while uploading 4K videos or even larger GIFs. Our support team had several cases or media sites uploading 100+ megabyte gifs in several sizes across a single story, quickly ramping up and causing data usage problems.
Let alone uploading sensitive data like contracts in the public uploads folder (accessible with a direct link and indexed via Google).
8. Reducing Technical Debt
One of the common explanations for avoiding regular maintenance costs is the expectation to get in touch with a freelancer or an agency when the time comes and scoping out whatever it takes to get the project back on track.
Here’s the thing: lack of regular updates and website “housekeeping” incurs technical debt.
- It’s easier to upgrade a library 5 times in a row than performing an upgrade across 5 major versions.
- It’s safer to upgrade a major feature after every update instead of annually.
- The number of regressions piles up with the number of technical changes not performed over time.
- With tons of dependencies internally, performing a massive update will cause unexpected behavior across different 3rd party services and features, interrupting the flow on several levels.
Scoping up a project like this is hardly feasible as the unpredictability scales exponentially. Which is why the longer you leave your project unattended, the higher the estimated cost would be.
9. Preventing a Rebuild
Avoiding ongoing updates gets out of control.
An unstable platform harms your brand, pollutes your data, affects your traffic (and user experience).
And once you get to this point, solving the problem suddenly becomes a major priority. But finding a new vendor to start ASAP or sorting out all issues without a maintenance contract in place may take weeks or months.
Deciding between a complete rebuild (slow and expensive) and catching up on all maintenance activities (unpredictable guesstimates) is not the management challenge you want to face.
Rebuilding an existing project comes with added surprises, too. During the initial build, lots of problems are being solved without proper documentation. You can easily miss out on an important conversion pixel, a tracking tool, the right analytics code, a conversion algorithm for taxes, or a historical patch for a portion of your users.
This is the leading reason large financial institutions and other enterprises still maintain software built 50 years ago in programming languages that are nearly extinct for a decade or two.
10. Performance Improvements
Performance is top of mind for the global IT industry.
This is why every major PHP upgrade brags about squeezing additional speed out of raw PHP processes. Same goes for web servers and optimizations within modern database engines.
With broader adoption of software frameworks and libraries, code updates often include speed patches, too.
It’s absolutely possible to speed up your website over time to some extent even through ongoing updates alone.
11. Additional Features for Free
Similarly to performance improvements, both plugins and libraries (together with your core CMS product) introduce new features in every major version.
- In 2010, WordPress officially transformed into a CMS back from a simple blogging platform with the introduction of custom post types.
- 2012 brought in a powerful media manager, handling both image assets and different document types.
- WordPress 3.8 in late 2013 introduced MP6, a responsive admin interface for WordPress. A simple core software upgrade made it possible for editors and admins to operate with the dashboard on mobile.
- 2016 improved stability with browser local storage and restoring drafts even if your tab crashes, along with a solid HTTPS support for SSL-driven websites.
- In 2017, new core blocks were introduced for video embeds and audio playlists, with a simple drag-and-drop interface with previews.
- The new fully-fledged block builder called Gutenberg was formally released at the end of 2018, reinventing the editing experience for writers and contributors across the board, and allowing for more flexible landing pages with limited programming.
The moral of the story is – core features and enhancements can be derived through major upgrades alone.
12. Backups
Several years ago, we acquired a few sites for internal tinkering and testing SEO concepts.
One of our juniors was tasked to maintain one of the sites separately – and we tested a new shared host (which is a common practice we employ to test different services, their reliability, load times).
As the site was effectively a test project in ongoing development, we didn’t integrate it inside our stability framework application or any monitoring systems. We relied on the host for most activities and had a plugin generating backups daily.
However, one day we received an email from Google for a flagged link. The site was hacked!
And the plugin we used generated faulty backups (broken archives with no database dump containing data).
Good – let’s resort back to the hosting company and request a backup restore to a previous point (say, a week ago). Most companies maintain 30 days of snapshots.
The support team was really inadequate and it took us a few days in waiting just to get to the point. And at the end, with a site down for several days, they told us they only keep backups for 72 hours.
Site down and the latest working backup on our end was 8 months ago. All content lost for good.
Moral of the story – even if you rely on two separate safe points for backups, without maintenance, you can’t guarantee that backups would work (or exist in the first place).
13. Minor UI Updates
Even if you don’t plan to perform redesigns every year or two, minor fixes here and there are commonly requested.
Or if you choose to maintain your site yourself, you probably embed different forms from 3rd parties, lead opt-ins, and other snippets maintained externally.
Aside from regular JavaScript glitches or CDN failures, looking for a new team or a freelancer every time or waiting for a couple of weeks to get a job done (oftentimes at the cost of onboarding a new developer) isn’t a productive business strategy.
14. Adhering to New Technical Standards (SSL, Google AMP, etc)
As of July 2018, Google Chrome began to mark all non-https websites as insecure. It’s official.
They took multiple steps to get there and continue to rely on security authentication (and strengthening the web for good). That includes flagging certain certificates as invalid and reporting insecure content on a page (whenever you embed or link to an http resource).
You can easily wake up one day and realize that the latest global Chrome update flags your site for outdated security stack. Or maybe your SSL certificate expired and wasn’t reviewed (or reinstalled)?
Google AMP is another “nice to have” feature which complies with several best practices that Google advises: usability, offline support, website speed, and introduction to their Discovery platform.
Technology evolves quickly and standards progress with or without your action. Maintenance teams usually keep an eye on standards and ensure that the website is compliant at all times.
(And don’t get me started on GDPR or CCPA, among other legal regulations that could cost you an arm and a leg.)
15. Avoiding SEO Mistakes
Once you rank well and start to generate free traffic, SEO becomes an important action item on your list.
Minimum supervision and housekeeping can generate income for free. And especially if you invest in your in-house content marketing team (or pay a retainer to an agency), making basic SEO mistakes is an expensive lesson you certainly want to avoid.
A new website we took over recently went through a redesign before that. Reporting a drop in rankings, we went over a call to see what’s up.
- Post headlines were text paragraphs with different formatting instead of H1
- Breadcrumbs were messing up with the content structure, affecting the default meta descriptions
- The meta title was broken for some templates – using the default post name (which isn’t SEO-optimized)
- Schema tags were missing for product pages
- Most featured images were small and incompatible with Facebook posts – therefore Facebook images were not generated when sharing
While some of the unpleasant surprises were brought over by the previous team, regressions during updates and lack of monitoring caused the remaining issues.
16. Saving Costs on Emergency Fixes
I covered this in previous points, but paying for emergency support isn’t cheap.
First off, it’s often slower than working with a vendor. If a company has to set the project on their end and run some benchmarks, get familiar with the codebase and the existing theme/plugins, and run some trial-and-error patches, this takes time and costs more than what’s covered in a maintenance agreement.
If you contact your previous vendor and ask them for help, their team is already assigned to other projects (or maybe even no longer employed). It takes time to realign resources – and this requires external motivation.
Ongoing emergency support fees are 2x or 3x the regular fee on average.
17. External Outages (Cloudflare or CDNs)
Even if your site is up-to-date, external services may be impacted in a negative manner.
Sometimes leading to a global outage – which is often the case with 3rd party WAF solutions like Cloudflare or external CDN systems.
Cloudflare maintains several levels of downtime – most of the time delivering 5XX browser errors to visitors.
If certain edges around the world are down, you may be seeing the proper version while others – don’t. And as they can cache a version of a page, sometimes guest users see a perfectly valid page (for a while) but logged-in users like authors can’t access the system (which is just as misleading).
This can’t be resolved 100% all of the time, but there are workarounds to apply as needed. Their status page also indicates when a problem arises – and maintenance teams can keep an eye on outages.
Amazon S3 may be misbehaving where your media files are completely inaccessible (at least in some buckets).
Or if a CDN caches a broken version of a script or a media file, this won’t show up either. Sometimes, it’s a problem with a specific page, or it may be across the whole media library. Uptime monitors do not track such types of changes (as the site is generally up and accessible).
18. Streamlined Maintenance Processes
Most importantly, a maintenance team establishes a set of processes they follow across their portfolio of clients.
As a simplistic overview of what a maintenance contract could be, you may be looking at:
- 24/7 uptime monitoring and some emergency coverage
- Keeping in touch and coordinating activities with 3rd parties – like hosting companies, CDN vendors, other partners
- Regular security updates
- Server optimization or hosting plan monitoring (for disk space, CPU usage, inodes – depending on the type of plan)
- Maintaining a test sandbox (staging) before applying any changes to production
- Running updates on staging along with an organized test plan to avoid regressions that aren’t apparent otherwise
- Other site fixes and small patches as needed
- Fixing warnings/notices and such
- Maintaining and organizing content if needed
- Any other type of development, SEO, creative, server work – depending on the core competency of the vendor
Maintenance Solutions at Scale
My R&D team at DevriX has been busy building in-house tools for our larger retainer clients.
- We’ve got a custom Stability Framework platform that runs automated tests for some of the caveats listed above + different edge cases for given clients. For example, we can track the existence (or omission) of certain IFrames or API results across different pages, making sure they work properly in any event.
- We run automated GT Metrix tests to track down site slowdowns that aren’t caused by us (but uploads of massive media or accidental downgrades of server plans).
- Frontend-heavy projects integrate with our Zentest toolkit. We set up a number of pages and generate screenshots with a headless browser before and after a deploy. Then, an automated image comparison tool reports differences in case we find any visual regressions after a deploy.
- Deploys go through a set of custom scripts running linters and different pre-commit hooks too, ensuring we don’t leave out debuggers or other scripts before they get deployed.
- Tools like WP Scan are run automatically in a global channel reporting outdated plugins or other zero-day vulnerabilities we need to prioritize.
Expanding WordPress maintenance horizontally and vertically refers to the scope and depth of the services offered. This is particularly important for businesses that are scaling or diversifying their operations.
This is why we’ve coined WordPress retainers as the most comprehensive partnership program for maintenance on steroids, covering all points of stability with custom design and development on top in a predictable manner.
