Built It. Now
Keep It Running.
A live website has a hundred moving parts — security patches, core updates, database health, uptime, performance, dependencies, and compliance. One overlooked update is all it takes to turn a working site into a liability. We take that responsibility off your desk permanently, so you can focus on your business.
Everything Your Site Needs to Thrive
Our maintenance retainers are not just "someone to call when things break." Every plan covers the full spectrum of proactive work that keeps your site secure, fast, and reliable month after month.
Security & Core Updates
We track every CVE, module advisory, and framework security release — and apply patches in a tested staging environment before they touch production. No surprises, no regressions.
- CMS core, module & plugin security patches
- Dependency vulnerability scanning
- SSL certificate renewals & HTTPS hardening
Performance Optimisation
Slow pages lose customers. We run monthly performance reviews, identify bottlenecks at the database, cache, and asset layers, and implement fixes that keep your Core Web Vitals in the green.
- Page speed & Core Web Vitals monitoring
- Database query analysis & indexing
- Cache configuration, image optimisation & CDN tuning
Uptime Monitoring & Incident Response
We watch your site around the clock. The moment something goes wrong — a server error, a broken deployment, a failed cron job — we know before your users do and we act immediately.
- 24/7 automated uptime & endpoint checks
- Error spike alerts & log analysis
- Incident triage, hotfix deployment & post-mortem
Backups & Disaster Recovery
Daily encrypted off-site backups, tested restoration procedures, and a documented recovery plan — so a server failure or accidental deletion is a minor inconvenience rather than a catastrophe.
- Daily automated backups to off-site storage
- Tested, documented restoration procedures
- Retention up to 90 days depending on plan
Bug Fixes & Content Changes
No bug should sit open for weeks. Every plan includes a monthly allowance for fixes, content updates, and small improvements — tracked on a shared board so you always know what's in progress.
- Included hours for fixes & content updates
- Tracked via shared project board
- Carry-over on annual retainers
Compliance & Accessibility
We keep your site aligned with GDPR, WCAG 2.1, and any platform-specific compliance requirements — and flag issues proactively, before they become regulatory or reputational problems.
- GDPR & privacy policy compliance checks
- WCAG 2.1 accessibility spot-audits
- Third-party dependency licence reviews
The Questions We Always Hear
We get it — a monthly retainer is a commitment. Here are the honest answers to the questions every client asks before they sign on.
"We already have an internal IT team."
IT teams handle infrastructure, hardware, and helpdesk. They rarely carry the deep Drupal, WordPress, or framework expertise to safely update a complex CMS or tune a PostgreSQL-backed application. We fill exactly that gap — without displacing your existing team or their tools.
"Nothing has broken in years."
That's exactly when to start. Security vulnerabilities don't announce themselves. On average, a compromised site sits exposed for 197 days before detection. Maintenance prevents the incident. It doesn't manage the fallout after the breach, the data loss, or the Google blacklist entry has already happened.
"We'll just fix things when they break."
Emergency response costs three to five times more than planned maintenance — and that's before you factor in lost revenue from downtime, reputational damage from public incidents, or the rushed decisions made under pressure. A retainer is insurance you hope not to need and real, measurable support you use every month.
"We don't have the budget for a retainer."
Our Essential plan is designed to deliver genuine protection at a cost smaller organisations can sustain. And when you factor in the cost of a single security incident — remediation, reputational damage, data breach notification obligations — monthly maintenance pays for itself many times over from the very first prevented incident.
Simple Plans, No Surprises
Three tiers built for different stages of growth. Every plan includes proactive maintenance — not just reactive break-fix support. All prices are monthly retainers; annual billing saves 15%.
For established sites that need the security and reliability basics covered without the overhead of a larger engagement.
- Monthly security & core updates (staging-tested)
- Daily automated backups — 30-day retention
- Uptime monitoring every 5 minutes, 24/7
- SSL certificate management & renewals
- 2h/month included for fixes & content changes
- Monthly maintenance summary report
- 48h response on critical issues
For active sites with regular visitors and content changes — where performance, quality of experience, and fast issue resolution matter.
- Everything in Essential, plus:
- Monthly performance audit & Core Web Vitals review
- Database health checks & query optimisation
- 4h/month for bug fixes, improvements & content changes
- Daily backups — 60-day retention
- Priority response: < 8h on critical issues
- WCAG spot-checks & GDPR compliance review (quarterly)
- Dedicated Slack/Teams channel for support requests
For revenue-critical, high-traffic, or regulated platforms that require a dedicated engineer, custom SLA terms, and around-the-clock coverage.
- Everything in Professional, plus:
- Named account engineer — direct contact, full codebase context
- Custom SLA — response from < 2h on critical incidents
- 12h/month included for development, features & improvements
- Daily backups — 90-day retention with tested DR drills
- 24/7 emergency monitoring with on-call escalation
- Quarterly architecture, security & dependency review
- Staging environment management & deployment oversight
All plans require a short onboarding audit (one-off fee, credited against your first three months). Need something in between? Talk to us — we build custom plans for non-standard stacks and multi-site portfolios.
From Sign-Off to Smooth Running
Every maintenance engagement follows the same five-stage cycle — so you know exactly what we're doing and when.
Onboarding Audit
We perform a structured audit of your codebase, hosting environment, dependency versions, and security posture — producing a baseline health report and a prioritised remediation list before work begins.
Environment Setup
We configure monitoring, automated backups, alerting pipelines, and a dedicated staging environment — your safety net for every update and change we make throughout the engagement.
Monthly Maintenance
Each month we apply security patches, run your included fix & content hours, and complete the performance and compliance checks specific to your plan — all tested on staging before being pushed live.
Monitor & Respond
Uptime, error rates, and security feeds are watched continuously between maintenance windows. If an alert fires outside the maintenance cycle, we triage it, communicate clearly, and resolve it within your plan SLA.
Monthly Report
At the end of every month you receive a plain-language report covering what was updated, what was fixed, uptime figures, any incidents and their resolutions, and recommendations for the month ahead.
Platforms We Know Inside Out
We maintain what we build — and what others have built before us. If your stack is listed here, we can support it from day one.