Last month, I received a call from a client whose website had been down for two days. The plugins hadn’t been updated for six months, the PHP version was outdated, and the hosting provider had automatically upgraded it — resulting in a white screen. Restoration took me half a day and cost the client an amount comparable to four months of website maintenance. The problem wasn’t that something unexpected happened. It was actually a result that, for me at least, was predictable — it was only a matter of time.
If you are a small business owner thinking, “my website works, why maintain it?” — this article is for you. I will explain why WordPress requires regular attention, exactly what happens when it doesn’t get it, and what maintenance actually achieves.
A website is not static — even if you don’t change anything yourself
This is where many people stumble. You order a website, it gets built, it looks great — and then it seems like the job is done. Like a book that has been printed.
But a website is not a book. A website is software that lives on the internet. WordPress, plugins, the theme, PHP (the server-side language WordPress runs on), and the database — all of these update independently of each other. Every week, someone somewhere releases an update. Some fix a minor bug, some close a security hole, and some change how the site works internally.
If you do nothing, these pieces will drift apart over time. At some point, the server will force a PHP version upgrade, but your old plugin won’t know how to communicate with the new version. Or Google will stop supporting an old security standard and your site will disappear from search results.
What happens if you don’t perform maintenance at all
Not just on a “something bad might happen” level, but exactly what starts to happen and in what order.
The first few months: the site works. Everything is fine. You think the talk about maintenance was an exaggeration.
6–12 months without maintenance: plugins are outdated, but things still work. Site speed slowly decreases — clutter accumulates in the database, images aren’t optimized, and the cache doesn’t function properly. Google Search Console starts showing warnings, but you aren’t looking there.
12–18 months without maintenance: the first critical security vulnerability is open on your site. Usually, you won’t know it. Hackers don’t hack companies because your business is interesting — they run automated scanners over thousands of sites looking for the exact vulnerabilities that your unmaintained plugins have left open.
At some unexpected moment: one of three scenarios occurs.
- The site simply goes white — something was updated on the server side and an old plugin couldn’t handle it
- Malware is injected into the site, redirecting visitors to a casino site or sending out spam
- Google marks the site as “dangerous” and every visitor sees a red warning screen
Restoration is not cheap. Malware removal and restoration costs from €150 as a one-off fee. If there is no backup, rebuilding the site from scratch can cost between €800 and €2,000. For comparison: the maintenance fee would have been €35–€60 per month.
Five things that proper maintenance actually does
I don’t want this to sound like a generic list. Let me be more specific about what these things actually mean.
1. Updates in the correct order
WordPress, plugins, and themes are not updated at random. A backup is created before every update. If an update causes a conflict, it can be restored. A weekly rhythm ensures that no update falls critically behind.
2. Backups that actually work
“I make backups” is a phrase I hear often. The follow-up question: where is the backup stored and when did you last test if it can be restored? If the backup is on the same server as the website itself, it will disappear if the server crashes. If it hasn’t been tested for 6 months, no one knows if it will even open.
3. 24/7 Security monitoring
Patchstack (a security monitoring service that tracks known vulnerabilities) constantly scans your plugins. If a vulnerability is discovered in one of your plugins anywhere in the world, it is often identified before an official update is even released — and your site receives temporary protection. This is something you cannot do manually.
4. PHP version management
PHP is the language WordPress runs on. Servers occasionally force an upgrade from an older PHP version to a newer one. If your plugins aren’t ready for this, the site will go down. A maintainer ensures that your plugins are compatible with newer PHP versions in advance — before the server forces the change.
5. User and access management
Over time, users who should no longer be there accumulate on a website — former employees, an old developer, or a plugin that was once granted admin rights. Each of these is a potential entry point. Proper maintenance involves reviewing these periodically.
But my site is small — is it still worth maintaining?
This is a question I hear every week. The honest answer: it depends on what you expect from the site.
If your website is essentially a business card that people rarely visit and from which you don’t directly earn money — you can take a lower risk and perform maintenance less frequently. In that case, a basic package of €35 per month is the minimum reasonable level. Below that, you likely won’t get much of value.
If your website generates inquiries, orders, or is your primary sales channel — then every hour it is down costs you money. This is especially evident for e-commerce stores. A three-hour outage during peak shopping times can mean hundreds of euros in lost sales, not to mention the impact on your reputation and Google ranking.
I recently wrote a separate article about the price of website maintenance in Estonia — there I also break down what is included in different price ranges and how to choose a package that is the right size for you.
A client who didn’t believe — until they did
A few years ago, I had a client who stated outright that they didn’t need maintenance. “The site is new, surely it will work for a while.” I built the website, handed it over, and they didn’t sign up for the maintenance service.
18 months later, I received an email from them. The site had been hacked, Google had marked it as dangerous, and every visitor essentially saw a red warning screen. They had lost three days’ worth of orders and their company name appeared in Google search with a “this site may harm your computer” label.
Restoration cost them a one-off fee of €600 plus the Google re-indexing process, which took about two weeks. 18 months of maintenance would have cost €630 — the same amount of money, but without the lost sales, without the stress, and without the damage to their reputation.
They have been a maintenance client now for over three years.
What to do if you aren’t sure if your site is being maintained
A simple test: log in to your WordPress admin area (if you even know how to log in — that in itself is a warning sign). Look at the top bar to see how many updates are pending. If the number is over ten, your site is likely in the risk zone. If the number is over 30, you are sitting on a time bomb.
If you don’t know where your backups are or when the last security update was performed — there likely isn’t either. And that doesn’t mean you are a bad entrepreneur. It means you are not a software developer, which you aren’t required to be.
If you want me to review your site and tell you exactly where you stand — send the website address to . I will give you a concrete answer: what is in order, what isn’t, and whether you need maintenance at all or if a one-off cleanup is sufficient. Details of the maintenance packages are here, but I always review the site first rather than offering a package blindly.
A website is a tool. Like any tool — it only works if it is maintained. The difference is whether you pay a small amount for it every month, or a significant sum when it is already too late.
Frequently Asked Questions
How often should WordPress plugins be updated?
Ideally, weekly. Critical security updates should be installed immediately upon release — these fix known vulnerabilities for which information is public and which hackers actively exploit.
Can I perform website maintenance myself?
Technically yes, but you should know in what order to install updates, how to create a backup before updating, and how to restore things if something goes wrong. For most small business owners, a monthly maintenance fee is cheaper than a one-off restoration job.
What happens if I don’t perform updates for a year?
The site will likely still work — until it doesn’t. Either when the server forces a PHP version upgrade and an old plugin stops working, or when a hacker finds one of many open security vulnerabilities. In both cases, restoration is more expensive than preventative maintenance.
Is a backup at the hosting provider sufficient?
Usually not. If the server itself crashes or the account is closed, the backup disappears with it. A proper backup is located in a separate cloud, independent of the server.
How much does website maintenance cost in Estonia?
Serious maintenance starts at around €35 per month + VAT and rises to €60–€120 for e-commerce stores. Cheaper offers exist, but they usually exclude security monitoring, hacking guarantees, and regular backups.
