WordPress care plans UK: what's included and what they cost


Published · Ihor Havrysh


WordPress care plans UK: what's included and what they cost, a 2026 guide

Quick answer: A WordPress care plan is an ongoing service that keeps your site updated, backed up, secure and monitored, with support when something breaks. In the UK it typically costs £20 to £100+ a month - budget plans are mostly automated, better plans test updates first and include real support. The big decision isn't the price; it's whether the care sits on top of hosting someone else runs, or whether one team handles both.

In this guide:

  • What a care plan actually includes - proactive upkeep versus reactive fixes.
  • What care plans cost in the UK in 2026, and why the range is so wide.
  • Care plan versus managed hosting, and how to choose a provider.

Written for UK business owners, marketers and founders who have a WordPress site to look after and are weighing up a care or maintenance plan.

Most WordPress advice is about building a site. Almost none is about what happens to it afterwards - the updates, the backups, the security patches and the moment a routine plugin update quietly takes your checkout down at 5pm on a Friday.

That ongoing upkeep is what a care plan buys. But the market is genuinely confusing: the same service goes by four different names, prices range from £20 to several hundred a month for what looks like the same thing and hardly anyone explains where a care plan ends and hosting begins. This guide clears that up - what's included, what it should cost, and how we think about it as a software consultancy that hosts and maintains WordPress sites ourselves.

What a WordPress care plan actually is

A WordPress care plan is an ongoing service that keeps a live site updated, backed up, secure and working - and gives you someone to call when it isn't. It's the difference between a site that's built once and left to rot, and one that's looked after so it keeps earning its keep.

The first source of confusion is the name. "Care plan", "maintenance plan", "maintenance package" and "support and maintenance" all describe the same thing. Google treats them as one topic, and so should you - the label is branding, not substance.

You'll see it called What it implies What it actually is
Care planA proactive, ongoing partnershipThe same service: keeping your WordPress site updated, backed up, secure, monitored and supported
Maintenance planRoutine, scheduled upkeep
Maintenance packageA fixed monthly bundle of tasks
Support and maintenanceUpkeep plus a help desk

So don't get hung up on the wording. The only thing that matters is the scope: exactly what's covered each month, and what counts as an extra. That's where cheap and serious plans really differ, and it's what the rest of this guide unpacks.

What's included: proactive vs reactive

Every care plan splits into two kinds of work: proactive (scheduled tasks that prevent problems) and reactive (fixing things when they go wrong). Understanding the split is the single most useful thing you can know as a buyer, because the cheapest plans quietly load the cost onto the reactive side.

WordPress care plan inclusions split into proactive scheduled tasks and reactive incident fixes
A care plan is two jobs in one: proactive upkeep that prevents problems, and reactive support when something breaks.
Type What it covers Examples
Proactive (scheduled) Planned upkeep that stops problems happening Core, plugin and theme updates (tested first), backups, security scanning, uptime and performance monitoring, SSL (HTTPS) certificate renewal
Reactive (incident) Putting things right when they go wrong Repairing a broken update, malware cleanup, downtime recovery, emergency support

Why does the upkeep matter so much? Because WordPress runs a huge share of the web, and its weak point is well documented: the plugins.

~41.5% of all websites run on WordPress (W3Techs, 2026)
~91% of WordPress vulnerabilities come from plugins, not core (Patchstack, 2026)
5,948 new WordPress vulnerabilities logged in 2023, up 24% (Patchstack)
+113% rise in highly exploitable vulnerabilities year on year (Patchstack, 2026)

The pattern behind almost every hacked WordPress site is the same: a known vulnerability in a plugin that simply wasn't updated. Security firms Sucuri and Wordfence both report that most compromises exploit old, unpatched components rather than clever zero-day attacks. Proactive maintenance is what closes that gap - which is exactly why it's the part a care plan should never skimp on.

What good, better and premium look like

Not all care plans include the same depth. Here's roughly how the tiers stack up, so you know what you're comparing:

Inclusion Basic Good Premium
UpdatesAutomatedTested on stagingStaging-tested with rollback
BackupsWeeklyDailyDaily, off-site, tested restores
SecurityBasic scanScan plus malware removal24/7 monitoring, firewall, hardening
SupportA few minutes of fixesMonthly dev timePriority response with an SLA (a guaranteed response time)
HostingNot includedSometimesOften bundled (managed hosting)

What WordPress care plans cost in the UK (2026)

Most UK care plans sit between £20 and £100+ a month, with e-commerce and premium cover running higher. The wide range isn't random - it maps almost exactly onto how much of the work is automated versus done and checked by a human.

UK WordPress care plan price bands: budget, mid and premium, and what each includes
UK care plans by price band - the jump in price mostly buys human-tested work, not more tasks.
Band Typical UK price What you get Examples
Budget £20-£50/mo Mostly automated updates and monitoring, a few minutes of fixes The Smart Bear from £20
Mid £50-£100/mo Daily backups, staging, malware removal, some monthly dev time ThriveWP £49-£89, WPmaintain £79-£99
Premium £100+/mo Managed hosting, 24/7 security, larger dev allowance, e-commerce cover Toast SiteCare to £240, managed-hosting plans

A few things are worth knowing before you compare quotes. Prices are usually quoted excluding VAT, so add 20% for the real figure. WooCommerce (the WordPress e-commerce plugin) and membership sites cost more because there's more to break and more to secure. And the headline price often hides the important detail: a £20 plan and a £90 plan can both say "updates and backups", but only one tests those updates before they hit your live site.

Care and hosting, one price. Our managed WordPress hosting builds the care into the hosting from £99 a month (ex VAT) - updates, backups, security and support, on UK infrastructure we run ourselves. One bill, one team, no separate maintenance retainer to stack on top.

Care plan vs managed hosting: do you need both?

This is the question almost no one answers clearly. A care plan maintains your site; hosting runs the server it lives on. Traditionally they're two separate things you buy from two separate suppliers - and that split is the source of a lot of pain.

Most care plans don't include hosting. So the typical setup is: you host with one company, then pay an agency a monthly retainer to maintain the site on top. It works, but it has a built-in flaw - when something breaks, you're often stuck in the middle.

The finger-pointing problem. When your host and your maintainer are different companies and the site goes down, each can blame the other: the host says it's a plugin, the maintainer says it's the server. You're the one chasing two suppliers while your site is offline. One team that owns both removes that gap entirely.

Care plan on separate hosting versus managed hosting with care built in, side by side
Two suppliers versus one - the same monthly cost, but only one team owns the fix when something breaks.
Care plan on top of separate hosting Managed hosting with care built in
HostingBought separatelyIncluded
Updates and backupsYes, from the maintainerYes, tested against the same infrastructure
When an update breaks the siteHost and maintainer can point fingersOne team owns the fix
Suppliers to chaseTwoOne
Typical costCare £50-£90 + hosting £15-£30From £99, all in

Look at that last row. A mid care plan plus separate managed hosting often lands at roughly the same monthly cost as managed hosting with care built in - but with two bills, two contracts and two companies to coordinate. For most businesses, bundling the two is simpler and no more expensive.

Why automation alone isn't enough

Plenty of cheap plans, and most commodity hosts, "maintain" your site by auto-updating everything and hoping for the best. It's better than nothing, but it's not the same as care - and the difference shows up at the worst possible moment.

WordPress updates break sites more often than people expect. A plugin update changes how it hooks into another plugin; a theme update clashes with a customisation; a PHP change (PHP is the programming language WordPress runs on) deprecates something a plugin relied on.

On a site with a dozen plugins, that's a lot of moving parts. When an unattended auto-update goes wrong, it goes wrong live, in front of your customers, with no one watching.

The engineering answer is simple in principle: test first. A proper care plan applies updates to a staging copy of the site, checks the important pages still work - especially checkout on an e-commerce site - and only then pushes them live, with a backup ready to roll back if needed. That's the bit automation skips, and it's the bit that keeps a business-critical site up.

"Automatic updates" is not a maintenance plan. If the only thing standing between a bad plugin update and your live checkout is a host's automatic updater, you don't have a care plan - you have a coin toss. Ask any provider exactly how updates are tested before they reach your live site.

How to choose a WordPress care plan

Once you know to look past the name and the headline price, choosing well comes down to scope, testing and exit terms. Here are the questions that separate a real care plan from a monthly invoice for very little.

Five questions to ask before you sign

  1. Exactly what's proactive (included) versus reactive (billed as an extra) each month?
  2. How are updates tested before they reach my live site - is there a staging copy and a rollback?
  3. If an update or a hack takes my site down, who fixes it and is that included?
  4. Where are backups stored, how often and have restores actually been tested?
  5. Do I keep my hosting, domain and accounts, and what are the exit terms?
A hand-drawn checklist for choosing a WordPress care plan: scope, testing, ownership, support, exit
The five checks that separate a real care plan from a monthly invoice for very little.

Things that catch people out

None of these is automatically a deal-breaker - providers genuinely differ - but they're the details that catch people out, so it's worth clarifying each one up front.

  • "Unlimited edits" - it usually means small content tweaks only (text and images), one at a time, with new pages, features and design work billed on top. Ask what actually counts as an edit.
  • Staging - some providers test updates on a staging copy first, others push straight to your live site. Worth knowing which, especially for a busy or business-critical site.
  • Support hours and response times - check when support is available, how quickly they aim to respond and whether that lines up with your working day.
  • Contract length - some plans are rolling monthly, others tie you in for a year. Check the notice period and how you'd leave if you needed to.
  • A vague scope - "we'll maintain your site" can mean a lot or very little. Look for a written list of what's included and some form of monthly reporting.

DIY vs a care plan

You don't have to outsource everything. On a simple, low-stakes site, doing the basics yourself is a perfectly sensible starting point - and you'll understand your own site better for it.

You can handle

  • Running updates on a quiet, simple site
  • Taking backups with a reputable plugin
  • Strong passwords and two-factor authentication
  • Keeping an eye on obvious errors and uptime

Get a care plan for

  • Testing updates before they hit a live, revenue-earning site
  • Fast, expert recovery when something breaks or gets hacked
  • WooCommerce, membership and complex plugin stacks
  • The consistency of it being done every month, when you're busy

The honest test is what a day of downtime would cost you. If the answer is "not much", DIY the basics. If your site takes bookings, sells products or is how customers find and trust you, the reliability of a proper care plan pays for itself the first time it catches a bad update before your customers do.

Where to start: care and hosting from one team

If you've read this far, you know what to look for: a clear split between proactive and reactive work, updates that are tested before they go live and no gap between whoever hosts your site and whoever looks after it. That last point is exactly why we built our service the way we did.

We're a UK software consultancy, so managed WordPress is home ground - the same engineers who build software host your site and maintain it. Care isn't bolted on top of someone else's hosting; it's part of the same service, on UK infrastructure we run ourselves.

Want to see what that looks like in practice? Thornbury & Vale is our own demo site - a real WordPress build with a blog, an online store and the pages a growing business actually needs. Have a look around: it's hosted and looked after exactly the way yours would be, fast, SEO-ready and secure, with the updates and backups handled for you. It's the kind of site you could be running for your own business, without giving any of that a second thought.

A cared-for WordPress site shown on a monitor, hosted and maintained by Red Eagle Tech
Our demo site, Thornbury & Vale - a real WordPress build we host and look after.

Updates are tested, backups are real and when something needs fixing there's one team on the hook, not two suppliers pointing at each other. As the money page puts it, it's hosting built by consultants who host, not by hosters trying to look like consultants.

Managed WordPress hosting with care built in. Four tiers from £99 a month (ex VAT) - Essentials, Business and Professional you can buy in a few clicks, plus a bespoke Enterprise tier from £2,950. UK-hosted, your domain stays yours, no lock-in and a 30-day money-back guarantee. See the managed WordPress hosting plans.

Sources

Security and market figures in this guide are drawn from the sources below, checked as of June 2026.

  • Patchstack. State of WordPress Security in 2026 (plugin share of vulnerabilities, exploitability trend). patchstack.com. 2026.
  • Patchstack. State of WordPress Security in 2024 (vulnerabilities disclosed in 2023). patchstack.com. 2024.
  • WPScan. WordPress vulnerability statistics. wpscan.com. 2025-2026.
  • Sucuri. Hacked Website and Malware Threat Report (outdated plugins on compromised sites). sucuri.net. 2024.
  • W3Techs. Usage statistics of content management systems (WordPress market share). w3techs.com. 2026.
  • WordPress.org. Updating WordPress and site maintenance guidance. wordpress.org. 2025-2026.

Frequently asked questions

A WordPress care plan is an ongoing service that keeps a live WordPress site updated, backed up, secure and working. It bundles the routine upkeep - core, plugin and theme updates, backups, security scanning, uptime and performance monitoring - with support when something needs fixing. The point is to stop a business-critical site quietly breaking or getting hacked because no one was maintaining it.

Yes, for practical purposes they're the same thing. "Care plan", "maintenance plan", "maintenance package" and "support and maintenance" all describe the same ongoing-upkeep service - the label is just branding. "Care plan" tends to imply a more proactive, partnership feel; "maintenance" sounds more like routine tasks. What actually matters is the scope: what's covered each month, and what counts as an extra.

A credible care plan covers proactive work - tested core, plugin and theme updates, regular backups, security scanning, uptime and performance monitoring, SSL upkeep - plus reactive support when something breaks. Better plans test updates on a staging copy first, keep off-site backups with checked restores and include some developer time each month. If a provider can't tell you exactly what's included and what's an extra, treat that as a warning sign.

Most UK care plans run from about £20 a month for basic, largely automated cover to £100 or more a month for proactive, human-tested plans, with premium and e-commerce cover going to several hundred a month. Budget plans (£20-£50) are mostly automation; mid plans (£50-£100) add staging, malware removal and some dev time; premium plans (£100+) add hosting, 24/7 security and larger dev allowances. At Red Eagle Tech, managed hosting with care built in starts at £99 a month.

For any site that earns money or matters to your reputation, usually yes. WordPress powers around 41.5% of the web, and Patchstack found roughly 91% of WordPress vulnerabilities come from plugins - most hacks exploit known flaws in software that simply wasn't updated. A care plan outsources that upkeep so a broken update or an unpatched plugin doesn't take your site down. For a simple, low-stakes site you rarely change, the basics may be enough for now.

A care plan maintains your site; managed hosting runs the server it lives on. Traditionally they're two separate suppliers - you host somewhere, then pay an agency to maintain the site. Managed WordPress hosting with care built in combines both, so the same team owns the infrastructure and the upkeep. That removes the finger-pointing when an update breaks something, because there's no host to blame the maintainer, or vice versa.

Automated host updates are better than nothing, but they're not the same as a care plan. Most hosts apply updates automatically and hope nothing breaks - there's no staging test, no one checking the site afterwards and no one to fix it if a plugin conflict takes a page down. A proper care plan tests updates first, watches the site and owns the fix when something goes wrong. Automation covers the easy 90%; the last 10% is where sites break.

Proactive maintenance is scheduled work that prevents problems: tested updates, backups, security scans, uptime and performance monitoring. Reactive maintenance is fixing things when they go wrong: repairing a broken update, cleaning up malware, recovering from downtime. The distinction matters commercially, because many plans blur it - so when an update breaks your site, you find the fix is billed as an extra. Always check which is included.

Some of it, yes. Running updates, taking backups with a plugin and keeping strong passwords with two-factor authentication are all things a capable owner can manage on a simple site.

Where a care plan earns its money is testing updates before they go live, spotting and fixing a conflict fast, cleaning up after a hack and doing it consistently, month after month, when you're busy running the business. On a site that earns revenue, that reliability is the whole point.

That depends entirely on the plan, which is why it's the question to ask. On a proactive plan that tests updates on a staging copy first, a bad update is caught before it reaches your live site, and fixing it is part of the service. On a cheaper, automation-only plan, a broken update often lands live and the repair is billed as reactive work. Read how the plan handles this before you sign.

Usually a higher tier, yes. A WooCommerce store is a live application handling payments, stock and customer data, often with a stack of extensions for shipping, payments and marketing - each one a potential vulnerability or conflict. It needs more frequent backups, careful update testing so checkout never breaks and tighter security. Most providers price e-commerce care above brochure-site care for exactly this reason, and it's worth it when downtime means lost sales.

Both work; annual usually saves money. Care is an ongoing job - updates, backups and monitoring never stop - so a rolling plan is the norm. Many providers offer a discount for paying annually (we include two months free on annual plans, around 17% off). A sensible approach is to start monthly while you check the service is a good fit, then switch to annual once you're happy. Just make sure there's no long lock-in either way.

We publish our prices. Managed WordPress hosting with care built in starts at £99 a month (Essentials), then £329 (Business) and £1,295 (Professional), with a bespoke Enterprise tier from £2,950 - all ex VAT, with two months free on annual plans. Because we're a software consultancy, the same engineers host your site and maintain it - staging-tested updates, UK infrastructure, your domain in your name, no lock-in and a 30-day money-back guarantee.

Want your WordPress site properly looked after?

Managed WordPress hosting with the care built in - from a UK software consultancy that hosts and maintains sites for a living.

Four tiers from £99 a month (ex VAT). Staging-tested updates, UK infrastructure, your domain in your name, no lock-in and a 30-day money-back guarantee.

See our WordPress hosting plans
Ihor Havrysh - Software Engineer at Red Eagle Tech

About the author

Ihor Havrysh

Software Engineer

Software Engineer at Red Eagle Tech with expertise in cybersecurity, Power BI, and modern software architecture. I specialise in building secure, scalable solutions and helping businesses navigate complex technical challenges with practical, actionable insights.

Read more about Ihor

Related articles

Discovery call

A friendly 15-minute video call with Kat to understand your needs. No preparation needed.

  • Discuss your project
  • Get honest advice
  • No obligation
Kat Korson, Founder of Red Eagle Tech

Kat Korson

Founder & Technical Director

Our team has 10+ years delivering software solutions for growing businesses across the UK.

Send us a message

Your information is secure. See our privacy policy.

Find us