DEV Community

Cover image for How much to charge for website maintenance — and what to actually put in the plan
Artem Meleshkin
Artem Meleshkin

Posted on • Originally published at pingvera.com

How much to charge for website maintenance — and what to actually put in the plan

Every article about maintenance pricing gives you a range and leaves. The range is the easy part — you can find one in ten seconds, and it will be wide enough to be useless. The hard part is the conversation in month four, when nothing has broken, and the client asks what exactly they are paying for. Get the structure right and that conversation never happens. Get it wrong and no price is defensible.

Price the risk, not the hours

The most common mistake is pricing a care plan as a bucket of support hours. It feels fair and it quietly destroys the relationship, because it teaches the client to think in the wrong unit.

Sell hours, and every invoice invites an audit: did we really use two hours? A quiet month looks like a refund waiting to happen. You have made your own reliability into an argument against your fee.

Price the risk you absorb, and the unit changes. The client is not buying your time; they are buying the guarantee that their site keeps working and that someone competent is watching. In a quiet month you delivered exactly what they bought. That is a very different negotiation.

Which means the price should follow what breaking actually costs them:

Two clients with identical WordPress installs can legitimately pay very different amounts, and you can explain why in one sentence: "one of you loses a Tuesday, the other loses ten thousand dollars."

What actually belongs in the plan

The table stakes (everybody has these)

  • Backups — with restores you have actually tested. An untested backup is a rumour.
  • Updates — core, plugins, themes, with a check that the site still works afterwards.
  • Security — vulnerability watch, malware scanning.
  • Uptime monitoring — the box everyone ticks.

You cannot charge a premium for these. Every competitor lists them, most hosts throw in half of them, and the client assumes them. They are the cost of entry.

The differentiators (almost nobody has these)

Here is where a plan stops being a commodity, and it comes down to one shift: from watching the website to watching the business the website is doing.

  • Lead delivery, verified end to end. Not "the contact page loads" — an actual test submission that is then found in the mailbox. Because the form will show a green success message long after it stopped delivering anything, and neither WordPress nor any SMTP log will tell you otherwise.
  • Order acceptance, for stores. Order flow, failed-order spikes, gateways left in test mode. A store can return 200 OK for a week while taking exactly zero money.
  • Expiry watch. Domain and SSL. The two outages that agencies inflict on themselves, and the two that are unforgivable because they were on a calendar.
  • Integrity. Modified core files, injected redirects, an accidental noindex after a release.
  • A report the client reads. See below — this is the part that decides whether the retainer survives.

Notice what these have in common: they all fail silently. Which is exactly why they belong in a paid plan — nobody notices them missing until it is expensive, and nobody thanks you for them until you can show them.

A structure that holds up

Three tiers, each defined by what you take responsibility for, not by hours:

Two deliberate choices in that table. Small edits are included in every tier — they cost you little, they are the thing clients feel, and metering them poisons the relationship over twenty-dollar arguments. And the response window is a tier feature: it is the honest way to charge more, because it is the thing you are genuinely selling — how fast a human turns up.

The month-four problem

Here is the conversation that kills retainers. Four months in, nothing has broken. The client looks at the invoice and thinks: we're paying for nothing.

They are not wrong to think it. From where they sit, they have observed four months of a website working — the same website that, in their mental model, would probably have worked anyway. The value you delivered is entirely invisible. It is defined by absence.

There is exactly one instrument that fixes this, and it is not a better sales conversation. It is the monthly report — and specifically, a report that talks about prevention rather than activity:

  • Bad: "Uptime 99.98%. 12 plugins updated." (Numbers. So what?)
  • Good: "Your SSL certificate was due to expire on the 12th — renewed on the 3rd. Two plugins had published vulnerabilities; updated the same week. Your contact form was tested 720 times this month and delivered every time."

The second version reports the same month. It just makes the invisible visible: here is what would have gone wrong, here is why it didn't. A quiet month stops being an absence of work and becomes evidence of it.

And the report needs to be boringly reliable, because it is the product the client actually holds. If it arrives late, arrives empty, or arrives with numbers that changed since last time, you have undermined the one artefact that justifies the fee. (This is not theoretical — agencies publicly complain that their reporting tool "randomly" works.) Ours freezes the data into an immutable snapshot when the report is created, so the numbers a client sees in August are the numbers you sent in July.

Three pricing rules that survive contact with clients

  1. Never sell "hours of maintenance". Sell responsibility for outcomes. Hours make you a contractor to be audited; outcomes make you a partner to be kept.
  2. Charge more for the sites that would hurt more. And say so out loud — clients understand risk-based pricing instinctively. It's how they buy insurance.
  3. Report prevention every single month, without being asked. The retainer is renewed by the report, not by the work. The work merely makes the report true.

Get those three right and the exact number matters far less than you think. Get them wrong and you will be haggled down to a commodity price for work that, when it finally fails, will be blamed on you anyway.

FAQ

How much should I charge for website maintenance?

Price the risk you absorb, not the hours you expect to spend. A brochure site and an e-commerce store are different products even on identical software. Build tiers around what you take responsibility for — availability, leads, orders, security — because hours invite the client to audit your time instead of valuing the outcome.

What should be included in a care plan?

Table stakes: backups with tested restores, updates, security, uptime. What makes it defensible: business-path monitoring — forms still delivering leads, stores still taking orders — plus a monthly report the client can actually read.

How do I justify the retainer in a month when nothing broke?

Report prevention, not activity. A quiet month is a result — but only if you can show what you were holding up: the certificate renewed before it expired, the vulnerable plugins patched, the form verified as still delivering. Without that record, a quiet month looks like a month of nothing.

Should hosting and maintenance be bundled?

They can be, and it raises perceived value — but keep the responsibilities distinct. Hosting is infrastructure you resell; maintenance is a promise you keep. When the host has an outage, the client calls you anyway — which argues for monitoring you control rather than the host's own status page.

Originally published at pingvera.com.


Originally published at pingvera.com.

Top comments (0)