Skip to content
All postsWordPress Care Plans

What to Include in a WordPress Care Plan

April 15, 2026
6 min read
By MantleWP
Eight modular blue blocks arranged as a care plan blueprint showing the core components of a WordPress maintenance service package

Agencies that charge $299/month for WordPress care plans and agencies that charge $79/month often do the same core work — updates, backups, basic monitoring. The difference isn't effort. It's packaging. The higher-priced agencies include components that demonstrate ongoing value: compliance monitoring, performance optimization, and reports your clients actually read. Knowing exactly what to include in a WordPress care plan is the difference between a commodity service and a retention engine.

In this post:

  1. The 8 Core Components Every Care Plan Needs
  2. How to Tier Your Care Plan Services
  3. What NOT to Include
  4. How Reporting Ties It All Together
  5. Wrapping Up

The 8 Core Components Every Care Plan Needs

Every WordPress care plan should cover these eight components. Some belong in every tier. Others are unlocks for higher-priced plans. But all eight should exist somewhere in your offering — they're what separate a professional care plan from a glorified hosting add-on.

1. Updates and Compatibility Testing

WordPress core updates, theme updates, and plugin updates are the baseline. But updates alone aren't enough — the real value is testing them in a staging environment before pushing to production. A single incompatible plugin update can break a client's checkout flow, contact form, or entire homepage. Agencies that test before deploying avoid those 2 AM emergency calls.

At minimum, run updates weekly. For WooCommerce or high-traffic sites, stage every update and verify critical functionality before going live.

2. Automated Backups and Disaster Recovery

Daily automated backups stored off-site are non-negotiable. But the component isn't just "we back up your site" — it's "we can restore your site in under 30 minutes if something goes wrong." That's the promise clients pay for. Include retention policies (30 days minimum), off-site storage (never just on the same server), and a documented restore process you've actually tested.

Key stat: 60% of small businesses that lose their data shut down within 6 months. A solid backup and recovery plan isn't a feature — it's insurance your clients can't afford to skip.

3. Security Monitoring and Malware Removal

Security scanning should run continuously, not once a month. This means firewall configuration, brute-force protection, file integrity monitoring, and vulnerability scanning. If malware is detected, your plan should include removal — not just a notification that something went wrong. Agencies that include malware cleanup in their care plan eliminate the single biggest fear site owners have: "What happens if my site gets hacked?"

4. Uptime Monitoring

Uptime monitoring checks whether the site is live every 1–5 minutes and alerts you immediately when it goes down. The value isn't the monitoring itself — it's the response time. If a client's site goes down at 9 AM on a Tuesday, they need to know you're already working on it before they notice. Include guaranteed response times in your care plan (e.g., 15-minute response for downtime incidents).

5. Performance Optimization

This covers database optimization (cleaning post revisions, transients, and spam comments), caching configuration, image optimization, and regular speed audits. Performance matters to clients because it directly affects their Core Web Vitals scores — which affects SEO rankings, which affects revenue. Run a speed test quarterly at minimum and document the results.

6. Technical Support Hours

Every plan needs a defined number of support hours per month — even if it's just 30 minutes. Support hours cover small fixes, content updates, troubleshooting, and "quick question" emails. Without defined hours, you'll either over-deliver for free or under-deliver and lose trust. Typical allocations: 30 min–1 hr (basic), 2–3 hrs (standard), 5+ hrs (premium).

7. Client Reporting

Monthly client reports are the single most undervalued care plan component. Reports prove the value of everything else on this list. Without them, clients pay $199/month and wonder what they're getting. With a clear report showing 47 updates applied, 99.98% uptime, 3 security threats blocked, and a 15% performance improvement — they renew without hesitation.

Most agencies skip reporting because it takes too long to compile manually. That's exactly the problem tools like MantleWP solve — automated, white-labeled reports that take minutes instead of hours.

8. Compliance and Privacy Monitoring

This is the component most care plans miss entirely. Compliance monitoring covers cookie consent configuration, GDPR requirements, accessibility basics, and plugin security advisories. With the EU Cyber Resilience Act taking effect and Google Consent Mode v2 requirements already live, agencies that include compliance monitoring position themselves as strategic partners — not just maintenance vendors.

Horizontal bar chart showing the monthly revenue value of each WordPress care plan component from backups at fifteen dollars to compliance monitoring at eighty dollars
Estimated monthly value per component — agencies that include all 8 can justify $250+/month per site.

How to Tier Your Care Plan Services

Not every client needs all eight components from day one. The smart approach: tier your plans so the entry point is affordable and the upgrade path is obvious. Here's a framework based on how successful agencies structure their WordPress care plan services.

Component Essential ($99/mo) Pro ($199/mo) Premium ($349/mo)
Updates & Testing Weekly, production only Weekly, staging + production 2x/week, staging + production
Backups Daily, 7-day retention Daily, 30-day retention Real-time, 90-day retention
Security Weekly scans Daily scans + firewall Continuous + malware removal
Uptime Monitoring 5-minute checks 1-minute checks 1-minute + 15-min response SLA
Performance Quarterly speed audit Monthly optimization + CDN
Support Hours 30 min/month 2 hrs/month 5 hrs/month + priority queue
Reporting Monthly branded report Monthly + quarterly strategy review
Compliance GDPR + cookie consent monitoring

The key insight: your Essential tier gets clients in the door. Your Pro tier is where most clients land after 2–3 months. And your Premium tier — with reporting and compliance — is where the real margin lives. For detailed pricing psychology, see our guide to pricing your WordPress care plans.

Comparison chart showing which care plan components are included in Essential, Pro, and Premium WordPress maintenance tiers
Visual breakdown of which components belong in each tier — use this as a starting framework for your own plans.

What NOT to Include

Scope creep kills care plan profitability. These are the things agencies mistakenly bundle in — and end up regretting.

  • Unlimited content updates: "We'll update anything, anytime" sounds generous until a client sends 15 blog post edits on a Friday afternoon. Define hours, not promises.
  • Full site redesigns: Care plans maintain what exists. Redesigns are separate projects with separate budgets. Mixing them devalues both.
  • SEO campaign management: SEO is a separate service line. Including "SEO" in a care plan creates expectations you can't meet at care plan pricing. If you offer SEO, sell it as an add-on.
  • Third-party plugin premium licenses: Don't absorb the cost of WooCommerce extensions, form plugins, or page builder licenses. That's the client's cost. You manage the updates.
  • Emergency development at no extra charge: Your care plan covers monitoring, maintenance, and small fixes. Emergency development (site hacked and needs rebuilding, critical custom feature broken) should be billed separately or covered under a defined incident response clause.

A clear scope protects your margins and sets honest expectations. Clients respect boundaries when you explain them upfront. Use a WordPress maintenance plan template to document exactly what's in and out of scope.

How Reporting Ties It All Together

Every component on this list generates data your clients never see. Updates applied, threats blocked, uptime percentage, speed improvements — all invisible unless you surface them. That's what client reporting does: it transforms background work into visible proof of value.

Agencies that send monthly reports see significantly higher retention rates. The report is the receipt — it's your client's confirmation that the money they're spending is working. If you're spending more than an hour per site compiling reports, see how MantleWP automates this for unlimited sites.

The best care plan reports include an executive summary (3 sentences a non-technical client can understand), health metrics (uptime, security, performance), a list of work completed (updates, fixes, optimizations), and a forward-looking recommendation. That last piece — "here's what we recommend next month" — is what turns a maintenance client into a long-term partner.

Wrapping Up

A WordPress care plan with all eight components — updates, backups, security, uptime, performance, support, reporting, and compliance — is a retention machine. Tier them so entry is easy and upgrades are natural. Document what's included and what's not. And surface everything through monthly reports, because invisible work gets canceled. Start with the components that match your current capacity, and build toward the full eight as you scale.

More from the blog

WordPress Care Plans

WordPress Maintenance Plan Template (Free Download)

Build a three-tier WordPress maintenance plan template with client-facing language, structured pricing, and automated reporting that retains clients.

WordPress Care Plans

How to Price WordPress Care Plans in 2026

WordPress care plan pricing determines your agency's profitability. Learn the three models, psychology, and justification strategy that work.