White Label Agency has developed and delivered thousands of WordPress websites over the years.

Typing in the client’s domain and seeing our work “go live” on the screen is always a treat. Design rounds, planning meetings, hours of development, and quality assurance all culminating in the final product.

Everyone is happy, the website is complete, and on to the next project!


“But wait a minute, this is WordPress we are talking about. A website is not just done once it goes live. My client doesn’t just go away.” – Any agency that’s delivered a WordPress website

A WordPress website is not “complete” after delivery

Given that WordPress is open-source and super popular, the content management system is continually requiring updates.

Updates push out new features, address bugs, and patch security vulnerabilities that are discovered.

Plugins and themes installed on the website also require regular updates to remain compatible with each new version of WordPress core and address similar issues.

If no one is performing updates on a regular basis, a WordPress website will soon become vulnerable. Hackers will search for exploits and your client’s site could be displaying disturbing messages, recording user logins, or even going down completely.

Having a WordPress maintenance plan in place for each of your clients will help your agency avoid any such distractions.

Here are some of the most common questions we receive when discussing WordPress maintenance plans with digital agencies:

What are the most important steps for WordPress maintenance?”

  • Schedule regular backups & store them on a separate server or device

No WordPress agency wants to hear that a client website is down due to a hacker. But if it does happen, it is a much easier problem to solve with a recent backup of the WordPress site files and database.

We recommend creating a backup at least once per month, more often if it is a very active website with lots of content changing over time.

We also recommend making a backup right before updating WordPress core, plugins or themes to a new version. This will ensure that if there is a conflict, that the website can be rolled back to the latest working version until the error is resolved.

Most managed WordPress hosts offer backup services directly through their interface and can be very easy to set up. This is a good option if all the websites are hosted in one place such as WP Engine.

Another option is to use one of the many backup plugins available via the WordPress plugin repository. The one that we use and recommend is UpdraftPlus. It is a free WordPress backup plugin that has 3+ million active installs, an overall 5-star rating, and continually updates and tests against the latest releases of WordPress.

One of the best features of UpdraftPlus, and one we highly recommend, is the ability to download and store the files externally from the server the active website resides. This ensures there is an external backup that can be used if the server is ever compromised.

  • Update WordPress Core

In the last 6 months, WordPress has released 2 major releases and 3 maintenance/security updates.

Regularly checking the WP administrator dashboard for new releases and applying updates is critical to keeping a healthy site.

Always, make sure to perform a backup prior to updating WordPress and perform a run-through of the website to ensure there are no compatibility errors.

  • Update WordPress Themes

Similar to WordPress core, theme files can also contain bugs or security vulnerabilities. The more popular the theme, the more likely it is to be targeted by malicious actors.

As the following video shows, it is as simple as logging into the WordPress admin dashboard and performing a few clicks. We highly recommend performing the backup step mentioned above prior to any updates.

  • Update WordPress Plugins

A survey from WordFence, a leading internet security plugin company, found over 50% of WordPress vulnerabilities are related to outdated WordPress plugins.

With over 55,000 plugins available for use, that is a lot of opportunities for hackers to compromise websites.

How WP sites get hacked

Source: https://www.wordfence.com

Staying on top of plugin updates is a must for keeping client websites clean and secure. Check them at least once per month.

It is also highly recommended to monitor WordPress industry forums for any known vulnerabilities and act accordingly.

Google Alerts is a great tool to set up in order to keep a pulse on any WordPress vulnerabilities that surface.

Keyphrases such as “WordPress vulnerability” or “WordPress plugin security” will deliver email warnings if an article or discussion is trending around such a topic.

Here are the directions for setting up a Google Alert:

      1. Go to Google Alerts.
      2. In the box at the top, enter a topic you want to follow.
      3. To change your settings, click Show options. You can change:
        – How often you get notifications
        – The types of sites you’ll see
        – Your language
        – The part of the world you want info from
        – How many results you want to see
      4. Click Create Alert.
Google Alert - WordPress maintenance package

Google Alert Setup

You’ll get emails whenever matching WordPress maintenance search results are found.

  • Delete Unused Themes and Plugins

When performing theme and plugin updates, it is also a good idea to remove any items that may no longer be used. If a theme is deactivated and no longer has a useful function, then get rid of it.

Cleaning out older plugins and themes will help keep the server clean and remove potential security risks.


Are these all the steps needed for a WordPress Maintenance Plan?

There are certainly many more steps that can be done on a regular basis, depending on how large and complex the WordPress website is. It also depends on the main priorities your client has for the website. For example, if page speed is the most important item then a lot more attention will need to be paid to items such as server and CSS optimization.

The steps outlined above are really the minimum that should be done on a regular and consistent basis for WordPress websites of all sizes.

As an Agency, should we be performing these updates for our WordPress clients?

At a minimum, it is important for digital agencies creating WordPress websites to explain the need for such a maintenance plan to their clients.

Providing training during project handover, or simply some reference materials will ensure your clients are aware of the need for maintenance. Keeping their sites up will keep them happy. And a happy client will lead to more business and potential referrals.

Another option is to package a WordPress maintenance service into the offering when quoting a new build. This provides an opportunity to turn a one-time build transaction into a potential recurring revenue source.

Agencies offering such a service can either assign an internal resource to perform such maintenance tasks or seek an external maintenance provider to perform the steps on a set schedule.

Does the White Label Agency offer a white-labeled WordPress maintenance package?

Over the past seven years, we have been laser-focused on building up a solid organization to develop and deliver quality WordPress websites for our agency partners.

We have been successful with that effort and have delivered thousands of WordPress websites ranging across all types of industries and geographies.

After receiving many requests from the partners we’ve built these sites for, we decided to launch our own WordPress maintenance package options to offer as a white-label service.

If you are an agency interested in learning more, please schedule a meeting with our Sales department and we will get back to you to review the details.