You’ve received a WordPress maintenance quote — or you’re about to write a budget line for one — and you don’t have a structured way to pressure-test the number. A $99-a-month plan and an $1,800-a-month plan can look identical on a one-page proposal until something breaks and the scope conversation starts. The question isn’t whether the price is right. The question is whether the price covers the three jobs maintenance actually requires.
Most quotes price two of them and stay quiet about the third.
Answer a few questions about your site and get an honest monthly maintenance budget — split across security, performance, and editorial — mapped to a care tier.
How this calculator works
This is a planning estimate, not a quote. Three line items — security, performance, and editorial — are each sized from your answers, given a range, then summed. The combined midpoint maps up to a care tier.
Security and performance scale with site age, plugin count, and traffic; security also factors in e-commerce, member accounts, and personal data.Editorial scales with how often you publish or change the site.Each line gets a range around its centre; the ranges are summed and the midpoint maps to Essential, Active, or Concierge.
- Essential is the floor — the estimate never recommends less than baseline care.
- Real quotes depend on the actual plugin stack, host, and content; this gets you to the right order of magnitude before we talk.
Common questions
Why split the budget across security, performance, and editorial?
Because they are different jobs with different drivers. Security work scales with your attack surface — more plugins, more traffic, member accounts, and stored personal data all raise it. Performance tracks the same load factors. Editorial is about how often the site changes. Splitting them shows you where your money actually goes instead of one vague number.
Is this a quote?
No — it is a planning estimate. A real quote depends on your actual plugin stack, your host, and the state of your content. This gets you to the right order of magnitude so the conversation starts from a sensible number.
Why does it never recommend less than Essential?
Every live WordPress site needs a security and performance baseline — updates, backups, monitoring, and the occasional fix. Below Essential is not a maintenance plan; it is a site waiting for a problem. So Essential is the floor, even for a small, quiet site.
What pushes a site into the Concierge tier?
Some combination of real traffic, a heavy plugin stack, sensitive features like e-commerce or member accounts, and frequent publishing. At that point the editorial and strategy work are part of the retainer rather than a change order every time something needs doing.
Why maintenance is three jobs, not one
Security is the job everyone pictures when they hear “WordPress maintenance.” Plugin updates, core updates, vulnerability monitoring, and a plan for what happens when a plugin you installed last year turns out to have a known exploit. This is the job most quotes include, even if the scope of what “monitoring” means is rarely defined.
Performance is the second job. Baseline monitoring against agreed thresholds. Catching the regression a plugin update introduced before it compounds. Reviewing capacity when traffic patterns change in ways that matter. Performance maintenance is less visible than security work, but a slow site costs revenue in ways that are well-documented and entirely preventable with the right coverage.
Editorial is the job that hides. Content updates, media changes, form adjustments, small text corrections — the category of work that keeps a site accurate and functioning for the people using it day to day. It hides behind the phrase “as needed” in retainer agreements. That phrasing sounds like inclusion. In practice, it bills like exclusion: the vendor treats editorial requests as out-of-scope change orders and invoices them separately. The client assumed it was covered. The first invoice that reflects reality is an uncomfortable conversation.
The calculator models all three jobs independently. The number you get from a vendor who only priced two is, at best, a partial number. At worst, it’s the beginning of a scope negotiation you weren’t expecting to have.
What the calculator actually does
It runs three line items — security, performance, and editorial — and adds them up into a monthly range.
Security starts at a $400 base and multiplies by factors for site age, plugin count, traffic volume, and the specific security-sensitive features your site runs. More plugins mean more attack surface to monitor. Older sites carry accumulated configuration debt that changes the monitoring load. Traffic volume changes the consequence of a breach. Each of those factors moves the security line.
Performance starts at a $250 base and uses the same factors — site age, plugin count, traffic — because they genuinely affect performance maintenance load in ways that track security. A high-traffic WooCommerce site with 80 plugins and a five-year-old database is a different performance maintenance job than a brochure site with twelve plugins launched six months ago.
Editorial is different. It doesn’t scale with site age, plugin count, or traffic — it scales with how much you publish and how often your content changes. A site that updates content weekly has a larger editorial maintenance obligation than one that changes quarterly, regardless of how big or how old the site is. The calculator is honest about that: editorial is gated on your publishing cadence only, and none of the other factors touch it.
Each line produces a band — a range rather than a precise number — because honest estimation works in ranges. The three bands sum to a combined monthly range, and the calculator maps that range up to a maintenance tier rather than down. That’s intentional. A retainer priced at the exact floor of what the math suggests leaves no room for the month something breaks and takes more time than a normal month. The tier recommendation builds in the margin that a floor-priced retainer quietly removes.
Nothing about how you run the calculator leaves your browser. There’s no URL scan, no email gate before the results appear, no account required. The math runs locally. I built it that way because a planning tool that requires you to hand over your domain name or your email address before showing you a number isn’t a planning tool — it’s a lead capture form wearing a calculator’s clothing.
One honest note on what the calculator can’t see: your hosting environment, whether you have an in-house technical team sharing the maintenance load, and how your backup and recovery story is currently structured all move the real number in ways the inputs don’t capture. The output is a planning estimate. It’s calibrated to be a reasonable starting point, not a substitute for a conversation with a practitioner who can see those specifics.
Once you have your range
The calculator gives you the budget; the SLA template tells you what that budget should buy. The template is a downloadable DOCX that structures the conversation about response times, named owners for each of the three jobs, and the transition-out clause — what happens when the engagement ends and the vendor hands the site back. Run the calculator first to establish the number, then use the SLA template to build the agreement around it.
Where I’m coming from with this
I’ve been working in WordPress since 2007 and have 19 plugins published on WordPress.org — several of them have been in continuous production use for more than a decade. Maintaining published plugins across major WordPress versions for that long is maintenance work at a scale most retainer agreements don’t approach. The three-job framework the calculator is built on came out of that experience: security, performance, and editorial aren’t abstract categories I invented for a tool — they’re the actual work that has to be done to keep a site healthy in production, and I’ve been doing all three long enough to know when a retainer price is leaving one of them out.
Book a 20-minute maintenance review
Your range from the calculator is a starting point. A 20-minute call confirms which line items actually apply to your site — your hosting situation, your team’s involvement, your backup and recovery position — and maps that to the right tier or tells you honestly if a retainer isn’t what you need right now.
If you’ve run the calculator and your number is pointing toward a structured engagement, the maintenance-Essential page covers how that engagement is structured and what’s included at each tier.
Product names referenced on this page — including WordPress and WooCommerce — are trademarks or registered trademarks of their respective owners. Training offered here is independent and is not affiliated with, endorsed by, or sponsored by any of these companies.