Quick answer: A WordPress care plan is an ongoing service that keeps your site updated, backed up, secure and monitored, with support when something breaks. In the UK it typically costs £20 to £100+ a month - budget plans are mostly automated, better plans test updates first and include real support. The big decision isn't the price; it's whether the care sits on top of hosting someone else runs, or whether one team handles both.
In this guide:
- What a care plan actually includes - proactive upkeep versus reactive fixes.
- What care plans cost in the UK in 2026, and why the range is so wide.
- Care plan versus managed hosting, and how to choose a provider.
Written for UK business owners, marketers and founders who have a WordPress site to look after and are weighing up a care or maintenance plan.
Most WordPress advice is about building a site. Almost none is about what happens to it afterwards - the updates, the backups, the security patches and the moment a routine plugin update quietly takes your checkout down at 5pm on a Friday.
That ongoing upkeep is what a care plan buys. But the market is genuinely confusing: the same service goes by four different names, prices range from £20 to several hundred a month for what looks like the same thing and hardly anyone explains where a care plan ends and hosting begins. This guide clears that up - what's included, what it should cost, and how we think about it as a software consultancy that hosts and maintains WordPress sites ourselves.
What a WordPress care plan actually is
A WordPress care plan is an ongoing service that keeps a live site updated, backed up, secure and working - and gives you someone to call when it isn't. It's the difference between a site that's built once and left to rot, and one that's looked after so it keeps earning its keep.
The first source of confusion is the name. "Care plan", "maintenance plan", "maintenance package" and "support and maintenance" all describe the same thing. Google treats them as one topic, and so should you - the label is branding, not substance.
| You'll see it called | What it implies | What it actually is |
|---|---|---|
| Care plan | A proactive, ongoing partnership | The same service: keeping your WordPress site updated, backed up, secure, monitored and supported |
| Maintenance plan | Routine, scheduled upkeep | |
| Maintenance package | A fixed monthly bundle of tasks | |
| Support and maintenance | Upkeep plus a help desk |
So don't get hung up on the wording. The only thing that matters is the scope: exactly what's covered each month, and what counts as an extra. That's where cheap and serious plans really differ, and it's what the rest of this guide unpacks.
What's included: proactive vs reactive
Every care plan splits into two kinds of work: proactive (scheduled tasks that prevent problems) and reactive (fixing things when they go wrong). Understanding the split is the single most useful thing you can know as a buyer, because the cheapest plans quietly load the cost onto the reactive side.
| Type | What it covers | Examples |
|---|---|---|
| Proactive (scheduled) | Planned upkeep that stops problems happening | Core, plugin and theme updates (tested first), backups, security scanning, uptime and performance monitoring, SSL (HTTPS) certificate renewal |
| Reactive (incident) | Putting things right when they go wrong | Repairing a broken update, malware cleanup, downtime recovery, emergency support |
Why does the upkeep matter so much? Because WordPress runs a huge share of the web, and its weak point is well documented: the plugins.
The pattern behind almost every hacked WordPress site is the same: a known vulnerability in a plugin that simply wasn't updated. Security firms Sucuri and Wordfence both report that most compromises exploit old, unpatched components rather than clever zero-day attacks. Proactive maintenance is what closes that gap - which is exactly why it's the part a care plan should never skimp on.
What good, better and premium look like
Not all care plans include the same depth. Here's roughly how the tiers stack up, so you know what you're comparing:
| Inclusion | Basic | Good | Premium |
|---|---|---|---|
| Updates | Automated | Tested on staging | Staging-tested with rollback |
| Backups | Weekly | Daily | Daily, off-site, tested restores |
| Security | Basic scan | Scan plus malware removal | 24/7 monitoring, firewall, hardening |
| Support | A few minutes of fixes | Monthly dev time | Priority response with an SLA (a guaranteed response time) |
| Hosting | Not included | Sometimes | Often bundled (managed hosting) |
What WordPress care plans cost in the UK (2026)
Most UK care plans sit between £20 and £100+ a month, with e-commerce and premium cover running higher. The wide range isn't random - it maps almost exactly onto how much of the work is automated versus done and checked by a human.
| Band | Typical UK price | What you get | Examples |
|---|---|---|---|
| Budget | £20-£50/mo | Mostly automated updates and monitoring, a few minutes of fixes | The Smart Bear from £20 |
| Mid | £50-£100/mo | Daily backups, staging, malware removal, some monthly dev time | ThriveWP £49-£89, WPmaintain £79-£99 |
| Premium | £100+/mo | Managed hosting, 24/7 security, larger dev allowance, e-commerce cover | Toast SiteCare to £240, managed-hosting plans |
A few things are worth knowing before you compare quotes. Prices are usually quoted excluding VAT, so add 20% for the real figure. WooCommerce (the WordPress e-commerce plugin) and membership sites cost more because there's more to break and more to secure. And the headline price often hides the important detail: a £20 plan and a £90 plan can both say "updates and backups", but only one tests those updates before they hit your live site.
Care and hosting, one price. Our managed WordPress hosting builds the care into the hosting from £99 a month (ex VAT) - updates, backups, security and support, on UK infrastructure we run ourselves. One bill, one team, no separate maintenance retainer to stack on top.
Care plan vs managed hosting: do you need both?
This is the question almost no one answers clearly. A care plan maintains your site; hosting runs the server it lives on. Traditionally they're two separate things you buy from two separate suppliers - and that split is the source of a lot of pain.
Most care plans don't include hosting. So the typical setup is: you host with one company, then pay an agency a monthly retainer to maintain the site on top. It works, but it has a built-in flaw - when something breaks, you're often stuck in the middle.
The finger-pointing problem. When your host and your maintainer are different companies and the site goes down, each can blame the other: the host says it's a plugin, the maintainer says it's the server. You're the one chasing two suppliers while your site is offline. One team that owns both removes that gap entirely.
| Care plan on top of separate hosting | Managed hosting with care built in | |
|---|---|---|
| Hosting | Bought separately | Included |
| Updates and backups | Yes, from the maintainer | Yes, tested against the same infrastructure |
| When an update breaks the site | Host and maintainer can point fingers | One team owns the fix |
| Suppliers to chase | Two | One |
| Typical cost | Care £50-£90 + hosting £15-£30 | From £99, all in |
Look at that last row. A mid care plan plus separate managed hosting often lands at roughly the same monthly cost as managed hosting with care built in - but with two bills, two contracts and two companies to coordinate. For most businesses, bundling the two is simpler and no more expensive.
Why automation alone isn't enough
Plenty of cheap plans, and most commodity hosts, "maintain" your site by auto-updating everything and hoping for the best. It's better than nothing, but it's not the same as care - and the difference shows up at the worst possible moment.
WordPress updates break sites more often than people expect. A plugin update changes how it hooks into another plugin; a theme update clashes with a customisation; a PHP change (PHP is the programming language WordPress runs on) deprecates something a plugin relied on.
On a site with a dozen plugins, that's a lot of moving parts. When an unattended auto-update goes wrong, it goes wrong live, in front of your customers, with no one watching.
The engineering answer is simple in principle: test first. A proper care plan applies updates to a staging copy of the site, checks the important pages still work - especially checkout on an e-commerce site - and only then pushes them live, with a backup ready to roll back if needed. That's the bit automation skips, and it's the bit that keeps a business-critical site up.
"Automatic updates" is not a maintenance plan. If the only thing standing between a bad plugin update and your live checkout is a host's automatic updater, you don't have a care plan - you have a coin toss. Ask any provider exactly how updates are tested before they reach your live site.
How to choose a WordPress care plan
Once you know to look past the name and the headline price, choosing well comes down to scope, testing and exit terms. Here are the questions that separate a real care plan from a monthly invoice for very little.
Five questions to ask before you sign
- Exactly what's proactive (included) versus reactive (billed as an extra) each month?
- How are updates tested before they reach my live site - is there a staging copy and a rollback?
- If an update or a hack takes my site down, who fixes it and is that included?
- Where are backups stored, how often and have restores actually been tested?
- Do I keep my hosting, domain and accounts, and what are the exit terms?
Things that catch people out
None of these is automatically a deal-breaker - providers genuinely differ - but they're the details that catch people out, so it's worth clarifying each one up front.
- "Unlimited edits" - it usually means small content tweaks only (text and images), one at a time, with new pages, features and design work billed on top. Ask what actually counts as an edit.
- Staging - some providers test updates on a staging copy first, others push straight to your live site. Worth knowing which, especially for a busy or business-critical site.
- Support hours and response times - check when support is available, how quickly they aim to respond and whether that lines up with your working day.
- Contract length - some plans are rolling monthly, others tie you in for a year. Check the notice period and how you'd leave if you needed to.
- A vague scope - "we'll maintain your site" can mean a lot or very little. Look for a written list of what's included and some form of monthly reporting.
DIY vs a care plan
You don't have to outsource everything. On a simple, low-stakes site, doing the basics yourself is a perfectly sensible starting point - and you'll understand your own site better for it.
You can handle
- Running updates on a quiet, simple site
- Taking backups with a reputable plugin
- Strong passwords and two-factor authentication
- Keeping an eye on obvious errors and uptime
Get a care plan for
- Testing updates before they hit a live, revenue-earning site
- Fast, expert recovery when something breaks or gets hacked
- WooCommerce, membership and complex plugin stacks
- The consistency of it being done every month, when you're busy
The honest test is what a day of downtime would cost you. If the answer is "not much", DIY the basics. If your site takes bookings, sells products or is how customers find and trust you, the reliability of a proper care plan pays for itself the first time it catches a bad update before your customers do.
Where to start: care and hosting from one team
If you've read this far, you know what to look for: a clear split between proactive and reactive work, updates that are tested before they go live and no gap between whoever hosts your site and whoever looks after it. That last point is exactly why we built our service the way we did.
We're a UK software consultancy, so managed WordPress is home ground - the same engineers who build software host your site and maintain it. Care isn't bolted on top of someone else's hosting; it's part of the same service, on UK infrastructure we run ourselves.
Want to see what that looks like in practice? Thornbury & Vale is our own demo site - a real WordPress build with a blog, an online store and the pages a growing business actually needs. Have a look around: it's hosted and looked after exactly the way yours would be, fast, SEO-ready and secure, with the updates and backups handled for you. It's the kind of site you could be running for your own business, without giving any of that a second thought.
Updates are tested, backups are real and when something needs fixing there's one team on the hook, not two suppliers pointing at each other. As the money page puts it, it's hosting built by consultants who host, not by hosters trying to look like consultants.
Managed WordPress hosting with care built in. Four tiers from £99 a month (ex VAT) - Essentials, Business and Professional you can buy in a few clicks, plus a bespoke Enterprise tier from £2,950. UK-hosted, your domain stays yours, no lock-in and a 30-day money-back guarantee. See the managed WordPress hosting plans.
Sources
Security and market figures in this guide are drawn from the sources below, checked as of June 2026.
- Patchstack. State of WordPress Security in 2026 (plugin share of vulnerabilities, exploitability trend). patchstack.com. 2026.
- Patchstack. State of WordPress Security in 2024 (vulnerabilities disclosed in 2023). patchstack.com. 2024.
- WPScan. WordPress vulnerability statistics. wpscan.com. 2025-2026.
- Sucuri. Hacked Website and Malware Threat Report (outdated plugins on compromised sites). sucuri.net. 2024.
- W3Techs. Usage statistics of content management systems (WordPress market share). w3techs.com. 2026.
- WordPress.org. Updating WordPress and site maintenance guidance. wordpress.org. 2025-2026.
Frequently asked questions
A WordPress care plan is an ongoing service that keeps a live WordPress site updated, backed up, secure and working. It bundles the routine upkeep - core, plugin and theme updates, backups, security scanning, uptime and performance monitoring - with support when something needs fixing. The point is to stop a business-critical site quietly breaking or getting hacked because no one was maintaining it.
Yes, for practical purposes they're the same thing. "Care plan", "maintenance plan", "maintenance package" and "support and maintenance" all describe the same ongoing-upkeep service - the label is just branding. "Care plan" tends to imply a more proactive, partnership feel; "maintenance" sounds more like routine tasks. What actually matters is the scope: what's covered each month, and what counts as an extra.
A credible care plan covers proactive work - tested core, plugin and theme updates, regular backups, security scanning, uptime and performance monitoring, SSL upkeep - plus reactive support when something breaks. Better plans test updates on a staging copy first, keep off-site backups with checked restores and include some developer time each month. If a provider can't tell you exactly what's included and what's an extra, treat that as a warning sign.
Most UK care plans run from about £20 a month for basic, largely automated cover to £100 or more a month for proactive, human-tested plans, with premium and e-commerce cover going to several hundred a month. Budget plans (£20-£50) are mostly automation; mid plans (£50-£100) add staging, malware removal and some dev time; premium plans (£100+) add hosting, 24/7 security and larger dev allowances. At Red Eagle Tech, managed hosting with care built in starts at £99 a month.
For any site that earns money or matters to your reputation, usually yes. WordPress powers around 41.5% of the web, and Patchstack found roughly 91% of WordPress vulnerabilities come from plugins - most hacks exploit known flaws in software that simply wasn't updated. A care plan outsources that upkeep so a broken update or an unpatched plugin doesn't take your site down. For a simple, low-stakes site you rarely change, the basics may be enough for now.
A care plan maintains your site; managed hosting runs the server it lives on. Traditionally they're two separate suppliers - you host somewhere, then pay an agency to maintain the site. Managed WordPress hosting with care built in combines both, so the same team owns the infrastructure and the upkeep. That removes the finger-pointing when an update breaks something, because there's no host to blame the maintainer, or vice versa.
Automated host updates are better than nothing, but they're not the same as a care plan. Most hosts apply updates automatically and hope nothing breaks - there's no staging test, no one checking the site afterwards and no one to fix it if a plugin conflict takes a page down. A proper care plan tests updates first, watches the site and owns the fix when something goes wrong. Automation covers the easy 90%; the last 10% is where sites break.
Proactive maintenance is scheduled work that prevents problems: tested updates, backups, security scans, uptime and performance monitoring. Reactive maintenance is fixing things when they go wrong: repairing a broken update, cleaning up malware, recovering from downtime. The distinction matters commercially, because many plans blur it - so when an update breaks your site, you find the fix is billed as an extra. Always check which is included.
Some of it, yes. Running updates, taking backups with a plugin and keeping strong passwords with two-factor authentication are all things a capable owner can manage on a simple site.
Where a care plan earns its money is testing updates before they go live, spotting and fixing a conflict fast, cleaning up after a hack and doing it consistently, month after month, when you're busy running the business. On a site that earns revenue, that reliability is the whole point.
That depends entirely on the plan, which is why it's the question to ask. On a proactive plan that tests updates on a staging copy first, a bad update is caught before it reaches your live site, and fixing it is part of the service. On a cheaper, automation-only plan, a broken update often lands live and the repair is billed as reactive work. Read how the plan handles this before you sign.
Usually a higher tier, yes. A WooCommerce store is a live application handling payments, stock and customer data, often with a stack of extensions for shipping, payments and marketing - each one a potential vulnerability or conflict. It needs more frequent backups, careful update testing so checkout never breaks and tighter security. Most providers price e-commerce care above brochure-site care for exactly this reason, and it's worth it when downtime means lost sales.
Both work; annual usually saves money. Care is an ongoing job - updates, backups and monitoring never stop - so a rolling plan is the norm. Many providers offer a discount for paying annually (we include two months free on annual plans, around 17% off). A sensible approach is to start monthly while you check the service is a good fit, then switch to annual once you're happy. Just make sure there's no long lock-in either way.
We publish our prices. Managed WordPress hosting with care built in starts at £99 a month (Essentials), then £329 (Business) and £1,295 (Professional), with a bespoke Enterprise tier from £2,950 - all ex VAT, with two months free on annual plans. Because we're a software consultancy, the same engineers host your site and maintain it - staging-tested updates, UK infrastructure, your domain in your name, no lock-in and a 30-day money-back guarantee.
Want your WordPress site properly looked after?
Managed WordPress hosting with the care built in - from a UK software consultancy that hosts and maintains sites for a living.
Four tiers from £99 a month (ex VAT). Staging-tested updates, UK infrastructure, your domain in your name, no lock-in and a 30-day money-back guarantee.
See our WordPress hosting plans