Service · Maintenance
Your site stays live, secure, and current — without you thinking about it
Monthly maintenance plans that cover content updates, nightly backups, uptime monitoring, and security patches. Handled by the same developer who built the code, not a helpdesk ticket bouncing between three people before anyone opens a file. Month-to-month billing, no annual contract, no cancellation fee.
Six things that have to be actively managed to keep a site working
A website does not stay healthy on its own. Server software gets updated by vendors and needs to be applied. Contact forms can silently stop working after a configuration change. SSL certificates expire. Content gets stale. None of these announce themselves — they accumulate quietly until something visible breaks or a prospective client notices something that should have been fixed months ago. Each item below is a specific category of site health with a clear consequence when no one owns it.
Continuous uptime monitoring
Uptime monitoring is the difference between finding out your site is down from a client who could not reach your contact form and finding out from an automated alert before any client sees the problem. External monitoring checks the site from outside the server at regular intervals. If the site stops responding for any reason (server failures, DNS issues, SSL certificate errors, or bad configuration changes), the alert goes to me first. The goal is that I am already diagnosing and fixing the problem before you know there was one. For businesses where the website is a primary lead source, an undetected outage during business hours is a direct revenue loss. Monitoring won't prevent every outage, but it eliminates the scenario where one runs for hours unnoticed.
Nightly backups with offsite storage
Every night, the complete site (codebase and database) is backed up to a server that is physically separate from the one running your live site. This matters because backups stored on the same server as the site they protect aren't true disaster recovery. If the primary server is compromised or fails completely, the backups go down with it. Offsite storage means that regardless of what happens to the primary server, a clean snapshot from no more than 24 hours ago is available for restoration. Backups are retained on a rolling 30-day schedule, which handles the scenario where a problem (database corruption or a code error that broke something subtle) is not discovered right away. There is a window to pull a clean pre-problem snapshot rather than rebuilding from scratch.
Security patches applied before problems surface
A hand-coded custom PHP site has a substantially smaller attack surface than a WordPress installation with 20 plugins, but it's not zero. The web server software, PHP runtime, and database engine all receive periodic security updates. When a critical vulnerability is published for any of those components, the window between publication and active exploitation in the wild is sometimes measured in days, not weeks. Proactive patching means updates get applied when released, not after something exploits them. The same applies to any third-party libraries in the codebase. Your server does not accumulate months of unpatched vulnerabilities because updating software has no dedicated owner.
Monthly content edits handled by the original developer
Content needs change: pricing updates, new team members, changed hours, added services, updated images, refreshed copy. On a maintenance plan, those requests go directly to me by email and get handled within the response window for your tier. No helpdesk queue, no contractor who has never seen the code before, no explaining the site structure to someone new every time you need a paragraph changed. The Care plan includes one hour of content edits per month. Most clients use 30 to 45 minutes. Small businesses with well-structured sites do not generate constant change volume. The hour covers the months that do. Priority clients get three hours, which handles businesses with active promotional calendars, seasonal content changes, or frequent service line updates.
SSL certificate management and renewal
An expired SSL certificate is the fastest way to lose a visitor before they ever see your site. Browsers display a full-page security warning when a certificate lapses, and most people leave immediately rather than clicking through. Certificate expiration is entirely avoidable, yet it happens regularly when SSL renewal falls through the cracks with no dedicated owner. Managed hosting includes SSL certificate renewal handled proactively: the certificate is renewed before it expires, not after a client reports seeing the warning. For businesses that handle contact forms, payment integrations, or any data submission, a valid SSL certificate is a technical requirement — not optional infrastructure you can defer.
Direct, same-person support with no ticket queue
When something goes wrong with a site, the worst outcome is explaining the problem to a tier-1 helpdesk rep who escalates it to someone who knows how websites work, who escalates it again to someone who reads the code. Maintenance plan support goes directly to me by email. I built the codebase, so I already understand how the contact form routes, why each rule is there, and what the deployment process is. That context eliminates the diagnostic overhead that slows down remote support. Response times follow the plan tier: Core gets a response within 24 to 48 hours, Care within the same business day, and Priority the same day for anything critical.
What an unmaintained site looks like at 3, 6, and 12 months
Website neglect does not announce itself. It accumulates quietly, with each individual problem seeming minor until several compound at the same time. This is the common timeline for a site that launched clean and then had no dedicated maintenance owner. The pattern comes from reviews of sites clients brought to me after trying to manage them without a plan.
Month 1–3: the site runs clean, but drift starts
A freshly launched site has no backlog. For the first few months, nothing visible goes wrong. Under the surface, a few things begin. The web server software may receive a security update that the hosting company has not yet installed. A small content item (a phone number, a service line, a staff photo) needs updating but does not get prioritized because no one owns that task. A third-party tool (like a chat widget or reviews feed) used on the site may have a version update that slightly changes how it displays. None of these are crises. Together they mark the beginning of accumulated maintenance backlog. The site looks and functions exactly like it did at launch. But small things are not getting the attention they should.
Month 3–6: the first silent failure appears
By three to six months, something has broken in a way that is not immediately visible to the site owner. The most common: the contact form has quietly stopped delivering submissions. A small change to the hosting server settings, a problem with email being delivered to your inbox, or an incompatibility after a server update — any of these can cause a form to show a success message to the visitor while the submission never reaches you. The visitor filled out the form and left. You never received it. If there is no automated monitoring and no one regularly testing the form, this continues until someone notices that lead inquiries dropped off. Every site I have taken over for maintenance has had at least one broken form of this type — invisible to the owner and to visitors until someone actually tested it. Three to six months is also when the first security updates that apply to the server go unapplied.
Month 6–9: content staleness becomes visible to anyone vetting the business
A prospective client checking the site before a call notices the team page shows someone who left six months ago. A referral trying to verify services before recommending the business sees a description that does not match the current offering. The copyright year in the footer is now two years behind. None of these crash the site or break any technical function. All of them communicate the same thing to anyone doing due diligence: this business is not actively managing its web presence. For any business where trust precedes the purchase decision and clients vet multiple options before committing, these signals matter in ways that are hard to measure but very easy for the person doing the vetting to register. The site is doing active reputational damage in the background of every sales conversation.
Month 9–12: the SSL certificate approaches expiration
SSL certificates issued at site launch are valid for 90 days (Let's Encrypt) or one year (commercial certificates). At the nine-to-twelve month mark, the certificate either auto-renewed successfully without anyone watching it, or it is approaching expiration with no one managing the renewal. When a certificate expires, modern browsers display a full-page security warning before any visitor can reach the site. The fix takes under ten minutes once someone acts on it. The damage happens in the window before that: visitors who leave when they see the warning, leads lost while the site appears broken, and search engines skipping your site during that period. At this stage, the neglected site has also accumulated several months of unapplied server software updates, meaning it is noticeably more vulnerable to attacks than it was at launch.
Month 12+: the emergency edit arrives with no developer relationship in place
Something needs to change urgently — a price listed on the site is wrong and a prospect mentioned it during a sales call, a team member's departure needs to be reflected before a board presentation, a service that was discontinued is still showing as available. The business now needs to find a developer, establish context about the codebase, negotiate a rate, wait for availability, and hope the edit does not introduce adjacent breakage in unfamiliar code. That process takes days in the best case and costs meaningfully more than a monthly maintenance plan would have over the past year. For clients who come to ArdinGate for maintenance after managing without a plan, the comprehensive review almost always turns up two or three compounding issues that need fixing before the urgent edit can be safely made — problems that would have been caught and resolved during routine maintenance months earlier.
What the audit looks like when a neglected site gets handed off
When a neglected site comes in for a comprehensive review, the findings are predictable: at least one server software version that is out of date for security, at least one broken feature (usually a contact form) that the owner did not know about, content that is no longer accurate in at least two places, no offsite backup system in place (or backups that have never been tested and may not actually work), and a list of content updates the owner knew needed to happen but had no way to make them. The audit itself takes a few hours. Resolving what it surfaces takes longer. The pattern is consistent enough that it is now a standard onboarding step for any site that has been running without a maintenance owner for six months or more. None of the problems are catastrophic at that point. All of them would have been prevented at a fraction of the remediation cost.
How maintenance fits the full lead flow — and where it breaks without it
The path from "someone searches for what you do" to "that person becomes a client" runs through your website at every stage. Maintenance is not background infrastructure concern — it is what keeps every stage of that path functional. Here is how the funnel works and where unmaintained sites lose leads they never knew they had.
Search and rank
Google ranks sites partly on technical health: how fast pages load, how they display on mobile phones, whether all links work, and whether browsers show security warnings. An unmaintained site accumulates small problems that affect these factors over time — a slow server that makes pages load sluggishly, broken links, an expired security certificate that triggers browser warnings. Each issue individually hurts your ranking a little. Together they cause your site to slide down Google search results while your competitors with maintained sites hold their positions.
Land and evaluate
A visitor who found the site through search arrives and makes a fast judgment: does this business look current, competent, and trustworthy? Stale content, outdated team photos, service descriptions that no longer match what the business offers, or a layout that renders incorrectly on the latest phone model — any of these signals "this business is not paying attention." The bounce happens before they reach the contact form.
Fill out the contact form
A prospect who decided to reach out hits the form. If the form is broken from a server configuration drift, an email deliverability issue, or a software update that changed how it processes submissions, they see a success message, leave, and never hear from you. The lead is gone and you do not know it happened. This failure mode is invisible from the owner side and only detectable through periodic form testing or active monitoring.
Receive and respond
The contact form delivered the inquiry correctly. The response from the business goes out promptly. The prospect is still warm and engaged. This step works when everything else is maintained. It fails when the conversation never starts because the form did not deliver, the site was down during the visit, or the contact information on the site was outdated. Maintenance protects the handoff between digital visit and human response.
Convert and close
The prospect became a client. They may refer others, who will look up the site before reaching out. They may return to share it with a colleague who is also evaluating. At this stage the site functions as a credibility artifact — something the new client shows other people as part of their recommendation. Stale content on a referred site undercuts the referral. A fast, current, professionally maintained site reinforces it.
Where it breaks most often
In order of frequency across unmaintained sites: contact form silently stops delivering (fix: server monitoring and periodic form testing); security certificate expires and browsers block the site (fix: managed renewal); stale content signals an inactive business (fix: monthly edit allotment); server security weakness is attacked and the site gets hacked (fix: regular security updates); site goes down and no one notices (fix: uptime monitoring). Each is preventable. None get fixed by luck.
Why "I'll just handle it myself" rarely works in practice
Self-managing website maintenance sounds straightforward. In practice, it requires consistent attention to work that is technically specific and competes with every other priority in running a business. Here is how self-managed maintenance tends to fail — and why it fails for structural reasons, not personal ones.
Server-level security patches require knowing which software components are running, monitoring security advisory feeds for those components, and applying patches on a cadence that matches the actual risk window — sometimes days. Most business owners are not watching PHP security advisories or web server vulnerability publications. That is not a failure of effort; it is a specialization mismatch. The same logic applies to uptime monitoring setup, offsite backup configuration, and SSL automation. Each is a solvable technical problem that requires initial setup and ongoing attention from someone with relevant infrastructure knowledge.
Content edits present a different failure mode. Business owners who manage their own site often do edits in bursts when they remember, meaning the site is accurate for a week after an update and then drifts for months. The "I'll get to it this weekend" edit rarely happens, because weekends are for other things. When the site needs an urgent update (pricing changed, an employee left, a product was discontinued), doing it yourself on a codebase you do not touch often increases the risk of introducing a formatting error or breaking something adjacent to what you changed. Having a maintenance owner means the update happens on the timeline the business needs, not whenever there is an opening in the schedule.
| Maintenance task | Self-managed | ArdinGate maintenance plan |
|---|---|---|
| Uptime monitoring | Requires external tool setup; client gets notified, not a developer | Configured by default; I get the alert first and act immediately |
| Nightly backups | Manual process or separate tool subscription to configure | Included — offsite, automated, 30-day rolling retention |
| Security patching | Requires monitoring vulnerability feeds and applying server-level updates | Applied proactively when advisories publish, before exploitation |
| Content edits | Done when time allows; quality varies; risk of adjacent breakage | Submitted by email, handled by the original developer within SLA |
| SSL certificate renewal | Requires calendar reminder and manual renewal or auto-renewal setup | Managed proactively — no expiration warnings reach visitors |
| Break/fix response | Find a developer, explain the codebase, wait for a quote | Email to me (the original developer); priority SLA applies |
The real cost of deferred maintenance
A business that self-manages maintenance does not save the cost of a plan. It defers costs into scenarios where they are larger and more disruptive. A single SSL outage during a busy period costs more in lost leads than a full year of Core plan payments. A site compromise requiring rebuild and cleanup is not a recoverable afternoon project. The maintenance plan is the operational cost of keeping a business asset functional. The question is whether that cost shows up monthly in a predictable amount, or occasionally in an unpredictable one.
Pricing
Three tiers, month-to-month, no annual contract.
Core ($30/month) is infrastructure maintenance: uptime monitoring, nightly offsite backups, SSL certificate management, and server-level security patches (PHP, web server, database engine). For businesses that handle their own content updates and just need the site to stay live and secure. This tier does not include content edit hours or patching of the site's own codebase.
Care ($50/month) is the most common choice. Everything in Core plus one hour of content edits per month, proactive application-level security patching (the codebase and its dependencies), and a same-business-day response window for support requests. Most small business sites use 30 to 45 minutes of the monthly hour — enough for the regular updates that come up without paying for capacity you do not need.
Priority ($75/month) is for businesses with active content needs. Everything in Care plus three hours of monthly edits, same-day response for critical issues, a monthly analytics summary, and test environment access for trying changes before they go live. Right for businesses with promotional calendars, seasonal content cycles, or frequent service line changes.
Additional content edit time beyond the monthly allotment is $100/hour, prorated. Every multi-page site build from ArdinGate includes 12 months of Core hosting as part of the initial package.
Common questions
What do the three maintenance plan tiers cover?
Core ($30/month) is infrastructure only: uptime monitoring around the clock, nightly backups with offsite storage, SSL certificate renewal so you never wake up to a security warning, and server-level security patches (PHP, web server, database) — response to standard requests runs within 24 to 48 hours. Care ($50/month) adds one hour of content edits per month, proactive application-level security patching for the codebase itself, and a same-business-day response window—most clients settle here because the edit hour handles the things that come up. Priority ($75/month) is for businesses with active content needs: three hours of monthly edits, same-day response for critical issues (site down, form broken, payment error), a monthly analytics summary, and test environment access for trying changes before they go live. Full plan comparison on the pricing page →
What counts as a "content edit" under the monthly hour?
Content edits are changes to existing page content: updating text, swapping an image, adding a team member, changing hours or pricing, adding a new service card, updating a link, or tweaking copy on an existing page. Most Care-plan clients use about 45 minutes of their monthly hour. Small businesses with solid site structure do not generate many updates in a typical month. Structural changes (adding a new page from scratch, rebuilding a section layout, integrating a new feature) are separate scope and quoted individually before work begins. You will never get a surprise bill for going over. I flag it before it happens. See the full breakdown of what website maintenance includes.
How quickly do you respond when something breaks?
Response times follow your plan tier. Core requests get a response within 24 to 48 hours. Care requests get a same-business-day response. Priority clients get same-day response on critical issues (site completely down, contact form not delivering, SSL certificate error, payment integration failure), a commitment rather than best-effort. If a problem occurs overnight or over a weekend, uptime monitoring catches it automatically regardless of plan tier, and I get notified right away.
Is this different from the managed hosting plan?
Managed hosting on the Core plan ($30/month) covers infrastructure: server uptime, SSL, nightly backups, DNS management, and security patches at the server level. It does not include content edits. The Care and Priority plans add content edit hours plus proactive application-level security patching (the codebase and its dependencies) on top of that same infrastructure foundation. Some clients are on a maintenance plan but host their site elsewhere—in that case, the plan covers content edits and support but not server-level infrastructure. If you are hosting with a different provider and want to add content support without migrating hosting, that is an option worth discussing. For a primer on what security coverage means in practice, see website security basics.
What happens if I need more than the included edit hours?
Additional time beyond the monthly allotment is billed at $100 per hour, prorated to the actual time your request takes. Before any overage occurs, I will let you know the request will exceed the included hours and give you the option to approve the additional time or defer it to next month. There are no surprise bills. For clients who consistently exceed their plan tier, moving up to Priority is more cost-effective than paying frequent overages — at that point the math makes it obvious and I will say so directly.
What if my site breaks and it is not covered under the included hours?
Breaks that result from something on my end (a security patch that causes a conflict, a server configuration issue, a code error introduced during a content edit) are fixed at no charge regardless of plan tier or hours. That is not debatable. Breaks caused by external factors (a plugin you installed yourself, a third-party integration that changed its API, a domain registrar issue outside my control) are handled quickly but may count against edit hours or be quoted separately depending on scope. When something breaks, the first priority is getting it working again. The billing conversation happens after the site is back up.
Do I own my site and data if I cancel?
You own your site and all its data outright, regardless of whether you are on a maintenance plan. The code, content, images, and database are yours. If you cancel managed hosting, you get a full export (codebase and database dump) before the server shuts down. You can take that export and host it with any PHP-capable provider. There is no platform lock-in, no proprietary file format, no hostage situation. Cancellation is month-to-month with 30 days notice. The site does not go dark when you cancel. You have 30 days of continued live hosting to complete the transition to wherever you are moving it. No cancellation fee.
Can you maintain a site you did not build?
Yes, with conditions. If the site is clean, well-structured PHP or HTML/CSS without a page builder, I can take it over after an onboarding review of the codebase. If it is a WordPress site, a Wix export, or a Squarespace build, the maintenance model differs because those platforms require their own tools and access. For WordPress specifically, monthly maintenance is possible but the ongoing plugin-update cycle is a burden that a custom build eliminates entirely. The long-term path is clearer if the site eventually migrates off WordPress. Contact me with specifics and I will tell you directly what is possible.
What does "nightly backups with offsite storage" mean in practice?
Every night, the full site codebase and database are backed up and stored on a separate server from the one running your live site. This means that if the primary server has a catastrophic failure, is compromised, or if a bad update corrupts the database, there is a complete snapshot from no more than 24 hours prior available for restoration. Backups are retained on a rolling 30-day schedule, so if a problem is not noticed immediately (a subtle database corruption that took a week to surface, for instance), there are recent clean snapshots to pull from. The backup and the live site never share the same physical infrastructure.
What kind of security patches do you apply proactively?
Server-level security patches (PHP version updates, web server software patches, database engine updates) are part of every plan, including Core, and get applied as they release. Care and Priority add proactive review of the codebase itself and any third-party libraries it depends on, updating or replacing them when security advisories are published. For a hand-coded custom site, there is no plugin ecosystem to patch every week the way WordPress requires. The attack surface is smaller by design. Proactive patching means you find out about a known vulnerability because it was patched, not because something exploited it.
How does uptime monitoring work and who gets notified?
Uptime monitoring pings the site at regular intervals from an external service. If the site stops responding for any reason, including server issues, DNS propagation problems, SSL errors, or accidental configuration changes, the monitoring service triggers an alert immediately. I get notified first, not you. The goal is that I am already investigating before you know there is a problem. For most outages, the fix happens before the client even notices anything was wrong. If the outage is longer than a few minutes or affects something visible on the client side, I send a status update explaining what happened and what was done to resolve it.
Is there an annual commitment or cancellation penalty?
No. Maintenance plans are month-to-month with 30 days written notice to cancel. There are no annual contracts, no early termination fees, and no lock-in. If your business changes, if you bring maintenance in-house, or if you shut down the site entirely, cancellation is straightforward. For clients who want to pay annually in exchange for a discount, that is an option—but it is never required. The default is month-to-month.
How do I submit content edit requests?
Email is the standard channel. Send a clear description of what needs to change, include any new text, images, or files that need to go up, and I will handle it within the response window for your plan tier. For more complex requests (multiple changes across several pages, something that needs context to understand, or an update that touches layout rather than just content), a quick back-and-forth by email is usually enough to scope it. There is no ticketing portal or helpdesk queue. The request goes directly to me, gets done by me, and you hear back from me when it is live.
Related services: What website maintenance includes · Website security basics · Managed hosting plans · Website redesign · All services
Take the maintenance off your plate.
Tell me what you are running and what is not being handled. I will set up the monitoring, backups, and support coverage, and you focus on the rest of running your business.
Get a quote