WordPress isn't build-and-forget

15 April 2026 · Strata Logic Team

WordPress isn't build-and-forget

A WordPress site isn't a brochure you print once and file away. It's software. There's WordPress core underneath it, a set of plugins doing the work you actually care about, and a theme on top holding it all together. Every one of those layers keeps changing. New versions ship, security holes get found and patched, and the wider web moves on around your site whether you're paying attention or not.

Leave a WordPress site alone for long enough and it doesn't just sit there quietly. It drifts out of date. Plugins stop matching the core version they were built for. Known vulnerabilities pile up in the code you're still running. And a site running old, unpatched software is exactly what automated attacks go looking for. They don't pick you because you're important. They pick you because you're easy.

What maintenance actually involves

Maintenance isn't glamorous and it isn't a single button. It's a handful of routine jobs that have to keep happening:

  • Updates. WordPress core, plugins, and the theme all get updated as new versions come out. This is where most of the security fixes live, so it can't be skipped indefinitely.
  • Security patching. When a vulnerability is announced in a popular plugin, the clock starts. The window between a flaw becoming public and bots scanning for it is short. Staying patched is most of the battle.
  • Off-site backups. Backups that live on the same server as the site aren't backups, they're hostages. We keep copies off-site so that if something goes wrong, there's a clean version to restore from.
  • Uptime monitoring. Knowing the site is down before your customers tell you. A site that's been quietly offline for two days is a problem you want to hear about from a monitor, not from a phone call.
  • Checking things after updates. This is the part people forget. Updates occasionally break things. A plugin update can conflict with the theme, a form can stop sending, a layout can shift. We check that the site still works after we update it, rather than assuming it does.

None of that is exciting. All of it is the difference between a site that keeps working and one that quietly rots.

When an update is the thing that breaks it

Here's the part that catches people out. The update itself can break your site. A plugin pushes a new version that conflicts with your theme, or with another plugin, and suddenly the contact form stops sending, the layout shifts, or the page just shows an error. This isn't rare and it isn't anyone being careless. It's the normal reality of software with dozens of moving parts that all update on their own schedules.

This is exactly where a maintenance plan earns its keep, and it's the bit most people don't think about. If you're on one of our plans and an update breaks something, we fix it. We notice it (because we check the site after updating), we roll back or patch it, and we get you working again. You often won't even know it happened. If you're updating your own site with no plan and an update takes it down, you're the one googling the error message at 11pm, or watching a broken site cost you enquiries until someone gets to it.

What happens when it's skipped

We've seen the other version of this story more than once. A site runs fine for a year or two with nobody touching it, and then something breaks badly.

A few years ago a business contacted us because their WordPress site had been compromised. There was malware on it. They had no care plan and no backups, which is the worst position to be in when this happens, because the obvious fallback of "just restore yesterday's version" wasn't available.

So we worked with what they had. We cleaned the malware off their existing site rather than rebuilding it from scratch, then hardened it: closed the entry point, locked down access, and brought the maintenance up to date so it wasn't sitting on old software any more. They then moved onto a WordPress Digital Care plan, and we cleaned it up and they've been a client ever since. That's roughly four years now.

The lesson we took from it isn't "use us." It's that the cleanup was only possible because we could get hands on the actual site. If they'd had backups and a care plan in the first place, the whole episode would have been a non-event instead of an emergency.

The honest version

Maintenance is insurance you can feel slightly silly paying for, right up until the month you need it. Most months, nothing dramatic happens. Plugins update, backups run, the monitor stays green, and it looks like you paid for nothing. That's what success looks like. The value isn't in the busy months. It's in not having the bad one.

If you'd rather not think about any of this, that's the point of our WordPress Care plans. We handle the updates, the patching, the off-site backups, and the monitoring, and we check the site still works afterwards. Plans start from R1,250/month.

Common questions

How often does WordPress need updating?
There's no fixed schedule, because it's driven by what the software does, not the calendar. Plugins and core release updates whenever they're ready, and security updates can land at any time. In practice that means checking regularly rather than once a quarter. The risky gaps are the long ones where a known vulnerability sits unpatched for months.
What happens if I don't maintain my WordPress site?
Mostly it works fine, until it doesn't. Over time the software drifts out of date, known vulnerabilities accumulate, and the site becomes an easier target for the automated attacks that constantly scan the web. When something does go wrong, having no backups turns a small problem into an expensive one.
Can a plugin update break my website?
Yes, and it's more common than being hacked. A plugin can push an update that conflicts with your theme or another plugin, and something quietly stops working: a form, a layout, a checkout. That's the real argument for a maintenance plan. If you're on one of ours and an update breaks something, we catch it and fix it, often before you'd even notice. On your own with no plan, a bad update can leave the site broken until you find the time to sort it out.
How much does WordPress maintenance cost in South Africa?
Our WordPress Care plans start from R1,250/month for the Site Care tier. What you're paying for is the routine work that keeps the site healthy plus someone who already knows your site when something breaks.
Can I just do it myself?
Honestly, yes, if you're comfortable with it and you'll actually keep doing it. The jobs aren't secret: update things, keep off-site backups, check the site after updates, and stay on top of security news for the plugins you use. The catch is the "keep doing it" part. Maintenance fails quietly, by being forgotten, not by being hard. If it's going to slip down the list, it's worth handing off.

Want this handled for you?

See our care plans