(We recently added annual service plans as options to our WordPress website development customers. This post explains why…)

Initially, when we started building websites, I’d learn about monthly maintenance from my clients who were being provided them by their former web agency. Initially, I was a skeptic. I’m as much of a skinflint as clients sometimes get accused of being, when it comes to spending their money. Why fork out required payments monthly, to keep a website up and running, when, with incremental (but not necessarily monthly) maintenance, it should be just fine? Besides not wanting to ‘sell’ another added service to our clients, we avoided the required service contract by reassuring them that, if asked, we could update WordPress once quarterly for them which, at the time, we thought was probably adequate.

This was never really a reasonable solution, though. For one, clients never just remember to ring up their digital partners at regular intervals to ask them to ‘apply those updates.’ And, from the agency’s perspective, making an effort quarterly to reach out to our clients is a great goal in theory but, after a client fails to respond to the first two quarterly notices we send out, well, our incentive to sell peters out. (This might be an internal issue we need to address…)

So, for a few years, we applied the above makeshift approach to offering ongoing maintenance for our clients. Then, circumstances began to change very quickly. Over the course of just a few months nearly fifty percent of the websites we managed were victims of malicious code injections, DDOS attacks or Brute Force attacks (I’ll have more about the frequency of this last category of attacks in a future post…)

When a client’s site goes down, it usually induces crisis. It doesn’t matter that this is the same client who probably ignored two or three of those quarterly email maintenance request emails just mentioned. It doesn’t matter that they’ve been primed on the hazards of not updating WordPress regularly or all its core components. They’ve got a crisis and it needs to get resolved.

And here’s some insight into the way our (and many other folks’) agency is structured. We’re not the ‘John and Roy Website Emergency Team’ over here at Splat. Usually, we’re working under deadline for a new site design or we’re fulfilling previous commitments to maintenance clients, adding new capabilities to existing sites, etc.

In other words, a client’s emergency creates an emergency for us, as it forces us to play musical chairs with all our other jobs.

So — in order to deal with this increasing number of emergencies, we were faced with two options, it seemed:

1. Do nothing. Just wait for a site to break and maybe charge an increased rate to fix an unanticipated emergency. While this might seem profitable from a short term business standpoint (Who doesn’t want the opportunity to justifiably multiply your rates by a factor of 150% or so?) it is, nevertheless shortsighted. Not only does it not solve the human resource issues, it also creates an unattractive association with us from the client’s perspective. “These are the guys we have to call when the website they designed breaks.” We’d rather create a more positive dynamic with our clients, one where they perceive us as the guys who make sure their website doesn’t break.
2. Start selling — or even requiring — that our clients purchase monthly maintenance. This is the path we’ve decided to take, though we’ve passed, for now, on making maintenance a requirement. We begin this process at the beginning of any engagement with our clients, by letting them know that, these days, no website can remain secure indefinitely. We explain that the content management systems of today (WordPress, in most cases), and the plugins they rely on, are persistent, ongoing targets of potential exploitation by hackers and other digital reprobates. The only way to enhance the likelihood that no one will break in or destroy your company’s precious asset is to maintain it properly. We then explain what our maintenance contract involves (regular updates, backups and monitoring) and strongly advise them to sign on. If they do, they’ve relieved themselves (and us) of a potential crisis in the future. And, if they don’t at least they’re fully informed of the risk they’re taking.

Next up: Brute Force Attacks: the uninvited guests knocking at your website’s door several times a day…