WordPress Maintenance – The Cost, Time, Risk Formula!

WP Maintenance - The Cost, Time Risk Formula

What’s involved in maintaining my WordPress site and why do I need it?


This is a common question once a WordPress site has been setup.

Think that by installing WordPress, choosing a theme and plugins, and adding in your content, that’s all there is?
That’s only the beginning!

Yes, WordPress software is free and you can get ‘basic’ domain name, hosting & email packages for 10/month.
So the total cost is only $120/year, yes with a huge but

  • That basic package generally comes with limitations … shared ‘basic package’ hosting can produces low load times & intermittent downtime, and does not include the support if anything goes wrong with your website.
  • Are you willing to devote hours of learning the ins and outs of WordPress, your theme & plugins so you can maintain and fix your site. To start you will need a strong knowledge of WordPress and the technical side of WordPress maintenance before things go wrong, as well as PHP, MySQL and even CSS.

So now your $120/year cost starts to become $?/year.

What Maintenance Do I Need?


  • Backups
    Backup software, backup services, third-party offsite storage (i.e. Dropbox, Amazon S3). Hiring a developer to set up the backups correctly, test the backups, and restore your site in the event of a disaster.
  • Upgrades
    Simply clicking the upgrade button doesn’t take much effort. But fixing your site if the upgrades go wrong can cost a lot.
  • Security
    A secure site setup is a investment that can greatly reduce the chance you will get hacked. But ongoing monitoring is recommended to keep up to date.


Your WordPress Website Is Setup – Now What?


Once your site is set up you generally have 3 options for maintaining your website:

Option 1. The “don’t do anything – don’t back up, upgrade, or secure your site”.

Your ongoing cost and time commitment are zero. But you have a greater risk of something going wrong, and it will cost you more money to fix it. You will also have the highest potential downtime with this option.
This is, unfortunately, the common choice of most WordPress users.

  • Ongoing Cost: $0
  • Time Commitment: None
  • Risk of Hacking/Downtime/More $s: Extreme


Option 2. The “hire someone to do it all for you”.

Back up, upgrade your site and manage security. Regular weekly backups are done properly with the ability to quickly restore your website in the event of a disaster. You will likely lose changes made since the last successful backup  – posts, pages, comments, etc. Your site may be down for a short period, depending on how quickly you can identify the problem after it appears, and how quickly the site can be restored and fixed.

  • Ongoing Cost: Medium
  • Time Commitment: Low
  • Risk of Hacking/Downtime/More $’s: Medium
    Maintenance packages generally cover regular backups, updates & security, but do not cover recovery costs.


Option 3. The “educate yourself and maintain on your own”.

Regularly back up, upgrade, and secure your website. Know what themes and plugins to use, how to restore from a backup, how to fix broken PHP code, etc.

  • Ongoing Cost: $0
  • Time Commitment: High
    Hours to learn the intricacies of managing WordPress, and time each week/month to manage your site and stay up to date.
  • Risk of Hacking/Downtime/More $’s: Low to High
    Learning how to maintain your site correctly is the first stage, if there is a major problem you may still incur cost to help recover & fix.


If you don’t educate yourself or have a WordPress developer on call, you’re putting both your website and business at risk.
If you want to do things yourself you must devote the time to learn the technical side of WordPress maintenance before things go wrong. If not, then it could take even more time to master.

Understanding Your WordPress Website Security

Understanding WordPress Security

Why is WordPress the victim of so many security attacks?


Firstly with it’s $0 price WordPress is the world’s most used CMS (Content Management Software), so quite simply it is the natural target for malicious hackers. The reasoning is simple … if you are a hacker you will obviously want to break into software that powers millions of websites. If you can ‘hack’ the software, you have millions of sites at your disposal!

Secondly it is your responsibility to ensure that WordPress, themes and plugins ares updated and unfortunately not everyone is enthusiastic when it comes to keeping the backend updated. When security flaws or hacks are discovered, WordPress rolls out a security update, quickly followed by themes & plugins. From that point on it becomes your responsibility to update!

Thirdly a number of security issues in WordPress arise from ‘unreputable’ themes and plugins. WordPress has a number of themes in their official repository, along with many premium themes provided by reputable software providers. These official & premium themes are good for security, they offer, clean & tested code and regular updates.
Problems can arises when you install themes or plugins downloaded from unreputable providers. Themes obtained from official & reputable providers have a distinct advantage,  they are updated by the developers in order to ensure compatibility with the latest WP security fixes. Keeping themes and plugins updated is the third key element.

Six Simple Strategies to make your WordPress installation less vulnerable to attack.

1. Never use “admin” as your username

If you use “admin” as your username, and your password isn’t strong enough, then your site is very vulnerable to a malicious attack. If you have “admin” as your user name, hackers have half of the login information needed to access your website.

Until version 3.0, installing WordPress automatically created a user with “admin” as the username. Many people still use “admin” it’s become the standard, and it’s easy to remember.

Fixing is simple … create a new administrator account for yourself using a different username, then log in as this new user and delete the original “admin” account. If you have posts published by the “admin” account, when you delete it, you can assign all the existing posts to your new user account.

Also don’t use your name as your username!

2. Strengthen those passwords

According to research, around 8% of hacked WordPress websites are because to weak passwords. Keeping your passwords complex and changing them often is one of the best ways to keep your site secure.
This can be annoying, which is why most people choose to use the same easy-to-remember password for everything.

If your WordPress password is anything like ‘letmein’, ‘abc123’, or even ‘password’ … all are more common than you might think, you need to change it to something secure as soon as possible.

For a password that’s easy to remember but very hard to crack, we recommend coming up with a password recipe, a recipe that has the same number of steps but different ingredients.

Step 1: A unique number, e.g. 7011
Step 2: A unique name, e.g. mynamesfred
Step 3: Then use a mix of lower & upper case & special characters
The password becomes … 7011_my/N^me5/freD

3. Update all things … WordPress, theme & plugin versions

The best way to ensure everything stays secure is to keep everything up to date; this starts with your WordPress version. Every new release of WordPress contains patches and fixes that address real or potential vulnerabilities. If you don’t keep your website updated with the latest version of WordPress, you could be leaving yourself open to attacks.

Many hackers intentionally target older versions of WordPress with known security issues, so keep an eye on your WordPress dashboard notification area and don’t ignore those ‘please update now’ messages.

The same applies to themes and plugins. Security vulnerabilities can also exist in the plugins you have installed, so it’s important to also keep these up to date.

If a plugin provider does not update their plugins to address security issues, it may be worth considering removing the plugin or finding an alternative. Also if not updated regularly your plugins can fall behind when you upgrade WordPress … if not updated they might stop working or cause conflicts.

Make sure you update to the latest versions as they are released. If you keep everything up-to-date your site is much less likely to get hacked.

4. Backup

This is the simple strategy that many people put off until it’s too late.

Even with the best security strategies & measures, you never know when something unexpected could happen that might leave your website open to an attack.

If you experience a hack you’ll be thankful that you have kept regular backups of your website and you can restore a usable & up to date backup. It is also possible to run into issues when updating WordPress including plugin and theme conflicts that can impact the operation of your website.

If either happens you want to make sure all of your content is safely backed up, so that you can easily restore your site with minimal effort and time.

5. Use Security Plugins

As well as the strategies above, there are a number of security plugins you can use to tighten your website’s security and reduce the likelihood of hackers gaining access.
We recommend and use:

iThemes Security (formerly Better WP Security)
iThemes Security gives you over 30+ ways to secure and protect your WordPress site.

Wordfence Security
Wordfence starts by checking if your site is already infected. Comparing a scan of the website source code to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.

Securi Security
The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

6. Managed Hosting

If you’re busy, or you aren’t tech savvy, you may not have the time and skills to keep your website backed up, up to date and secure … consider a managed WordPress hosting option.
Our “Peace of Mind!” managed hosting options provides weekly backups, update of WordPress, theme & plugin versions (including a full backup before and after) and installation, setup and monitoring of selected security plugins.
Read more …

… Finally Don’t Panic!

This may sound pretty intimidating, especially if you’re a beginner. It’s not intended to scare anyone, we just want to make sure you stay one step ahead of the hackers!

If you just remove the ‘admin’ username, start using stronger passwords and run regular backups your WordPress website will be that little bit safer!

Whether you choose to use managed hosting or look after your website yourself, we hope you benefit from the above strategies.