What needs doing, how often, what happens when it is ignored, and what it typically costs.
A website is not a finished object that sits unchanged once built. It runs on software — a web server, a scripting language, database software, and often a collection of third-party libraries and services. All of that software changes over time. Security vulnerabilities are discovered. Software versions reach end of life. Browsers update and change how they handle code. Payment processors update their APIs. The technical environment a website lives in is constantly shifting, and a site that is never maintained gradually becomes slower, less secure, and eventually broken.
This is not a problem invented by developers to generate ongoing income. It is simply the nature of software in a connected world.
The server is the computer that stores your website files and delivers them to visitors. Maintaining a server involves tasks that most website owners never see but that directly affect their site's performance, security, and reliability.
Servers run on an operating system — typically a version of Linux. Like any operating system, it receives regular security patches and updates. Unpatched servers are a primary target for automated attacks that scan the internet looking for known vulnerabilities. Keeping the operating system current is fundamental.
The software that actually handles web requests — Apache, Nginx, and similar — also requires regular updates. A version running known vulnerabilities is an open door for attackers.
Most websites are built on PHP. PHP versions have a defined support lifecycle — once a version reaches end of life it no longer receives security updates. Running an unsupported PHP version is a significant security risk. Upgrading PHP versions requires testing because newer versions occasionally handle code differently, and a site that works perfectly on PHP 7 may have issues on PHP 8 that need to be resolved.
SSL certificates — the technology behind the padlock in the browser address bar — expire and must be renewed. Modern hosting typically handles this automatically, but it requires monitoring. An expired SSL certificate causes browsers to show security warnings to visitors, which damages trust and drives people away immediately.
Regular backups of website files and databases are essential. Without them, a server failure, a security incident, or even an accidental deletion can result in total loss of the website. Good hosting providers perform automated daily backups and retain multiple restore points. Not all do — it is worth checking.
A reputable hosting provider handles most server-level maintenance as part of the hosting package. When comparing hosting costs, the quality of maintenance, backup policy, and support should weigh as heavily as the headline price.
Beyond the server itself, the website code and content also require ongoing attention.
Websites are subject to constant automated attacks — bots probing for weak passwords, attempting to inject malicious code, looking for unpatched vulnerabilities in third-party scripts. Security monitoring involves watching for suspicious activity, blocking malicious traffic, and responding to incidents promptly.
Websites built on platforms like WordPress rely on a core installation plus a collection of plugins. Every plugin is a potential vulnerability. Plugins fall out of active maintenance, develop security flaws, or conflict with each other after updates. Keeping plugins current requires regular attention and testing — updating a plugin without testing can break functionality on a live site.
Handcrafted websites with no plugins have significantly lower maintenance overhead in this area, but still require attention when server-side languages update or third-party services change their APIs.
Links to external websites break when those sites change their structure or close down. Internal links break when pages are moved or deleted without proper redirects. Broken links damage user experience and search rankings. Regular link checking catches these before visitors do.
Page load speed affects both user experience and search rankings. Performance can degrade over time as images accumulate, databases grow, and third-party scripts increase. Periodic performance audits identify and address issues before they become serious.
Outdated content — old pricing, discontinued products, past events still listed as upcoming — reflects badly on a business and can mislead customers. Keeping content current is the website owner's responsibility, but it is still maintenance work that takes time.
The consequences of neglecting website and server maintenance range from inconvenient to catastrophic:
None of these happen overnight. They develop gradually as the gap between the site and the current technical environment widens. But when they do happen, recovery is almost always more expensive and disruptive than the maintenance that would have prevented it.
Maintenance costs vary significantly depending on the type of website, the hosting arrangement, and what is included in the service.
| What | Typical Cost | Notes |
|---|---|---|
| Quality hosting with managed server maintenance. | £80–£5,000+/year | Includes OS updates, backups, SSL, server security. Cost varies significantly by server type and provider. |
| Basic website maintenance retainer | £30–£100/month | Plugin updates, security monitoring, minor fixes. |
| Ad hoc maintenance (per hour) | £50–£120/hour | For sites without a retainer arrangement. |
| Security incident recovery | £300–£2,000+ | Depends on severity — often far more than prevention would have cost. |
| Full site rebuild after neglect | Full project cost | Sometimes the only option when a site is too far out of date to recover. |
For simple handcrafted websites with no third-party plugins, maintenance overhead is lower than for platform-based sites. The hosting cost covers most of the server-level work, and the site itself requires less attention between updates.
For plugin-heavy platform sites, a maintenance retainer is not optional — it is the cost of keeping the site functional and secure over time.
The single most cost-effective maintenance decision for most small business websites is choosing quality hosting with managed server maintenance included, and having the site built cleanly without unnecessary plugins or complexity that adds to the ongoing maintenance burden.
