Book a call
viWebsite care

How much does website maintenance cost in the UK?

Most mid-market websites do not fail dramatically. They slip. Page speed drifts down, a plugin goes stale, a security patch waits a week too long, enquiries dip for no clean reason — and then a Monday morning opens with a 503 and a scramble. Maintenance exists to stop that. The question is what it costs, what you actually get for the money, and how to avoid the surprises.

11 min read

If you have gone looking for someone to maintain your website, you will have found that the prices do not cluster — they scatter, and the scatter is bewildering. One supplier quotes a few hundred pounds a month, another a few thousand, and the work behind each is described in language vague enough to make comparison almost impossible. The honest position is that a wide range can all be fair, because "maintenance" covers genuinely different jobs. The trick is to see what sits behind the number, so you can size the work you actually need rather than the work you happen to be sold.

This guide does that in four parts: the common ways maintenance is priced, realistic UK benchmark bands for an SME B2B site, the costs that tend not to appear in the quote, and a short worksheet to calibrate your own budget. It is a companion to our piece on how to tell whether a maintenance price is fair — that one is about judging a quote, this one is about understanding the market it comes from. Maintenance is, in any case, only one of the four elements of website management, and it is worth knowing which one you are actually buying before you weigh the price.

The four ways maintenance is sold

Almost every provider packages maintenance in one of four ways. Each can work. The traps are in the detail rather than the model.

The first is the hourly rate — you pay for time as you need it, often somewhere between £75 and £150 an hour for genuinely senior capability. It suits one-off jobs and low-commitment needs. The risk is that spend is unpredictable, nothing is scheduled, and response is slowest at exactly the moment you most need it, because you are joining a queue rather than holding a place in one.

The second is ad hoc tickets, priced per task or per incident. This is clear enough for simple, self-contained work. The risk is that every ticket becomes a small negotiation over scope, continuity is patchy because no one holds the whole picture, and a security patch can sit waiting behind a quote approval while the clock runs.

The third is blocks of hours — prepaid bundles at a modest discount, with some priority attached. The unit rate improves and you get a little more attention. The risk is that the hours quietly drain away on admin and investigation, and when the block runs dry in the middle of an incident, the meter restarts at premium rates precisely when you have least room to argue.

The fourth is the retainer: a fixed monthly fee against an agreed scope, with service levels and reporting. Done properly, it buys a reliable cadence, continuity of knowledge, and prevention rather than reaction. The risk is vagueness. If the scope is not explicit about what is included, you can be charged for every extra, or left debating what counts as "out of scope" while a problem is live and costing you enquiries. For most established businesses the retainer is the sensible default, for the same reasons it tends to beat hiring someone in-house to manage the site: you get a team rather than a single point of failure, and the cost is predictable.

Whichever model you are offered, the same things tell you whether it is serious: clear service levels, a staging environment so changes are tested before they reach live, active security monitoring, governance of the plugins and apps the site runs, performance checks tied to Core Web Vitals, and incident reporting that names the root cause rather than just confirming the fix. Where those are missing, you will feel the gap the first time traffic spikes or a third party changes something quietly.

What it costs: UK benchmark bands

These are the monthly figures we typically see for UK mid-market businesses. Your platform, traffic, integrations and compliance load all move the number, so treat them as planning bands rather than a tariff.

For a WordPress brochure or lead-generation site — say twenty to a hundred pages with a few integrations — a light profile with a low rate of change tends to sit at £400 to £800 a month. A standard mid-market cadence, with service levels and proactive tuning, runs £800 to £1,500. A heavier profile, with gated content flows, more integrations and stricter response times, reaches £1,500 to £2,500.

For Shopify — a catalogue of fifty to five hundred lines on a standard theme with a handful of paid apps — a light profile sits around £600 to £1,000 a month. A standard mid-market arrangement, with app governance and weekly checks, runs £1,000 to £1,800. A heavier profile, with custom theme sections, app sprawl and tight service levels, reaches £1,800 to £3,000.

For a bespoke or complex build — a custom content management system, multiple regions, or deep third-party integrations — pricing usually starts around £2,000 a month and commonly runs £3,000 to £6,000 and beyond, where there are several environments, compliance demands and a genuine release workflow to manage.

Annual figures are, in most cases, simply the monthly rate multiplied by twelve. Most businesses in the £2m to £20m band land somewhere between £9,600 and £30,000 a year, with the position inside that range set by risk tolerance, platform complexity, and how quickly you need incidents resolved. If you want the cheaper end of those bands to mean something, the test is always what a person is actually doing for the money — which is the subject of our companion note on fairness, and closely tied to the question of who should manage the site at all.

Three direct questions come up often enough to answer plainly. How much per month? For WordPress and Shopify in the UK mid-market, £600 to £1,800 covers most needs; heavier stacks, custom code or stricter service levels usually start at £1,800. How much per year? Multiply the monthly figure by twelve — typical annual spend sits between £9,600 and £30,000, with outliers either side. And is maintenance a fixed cost? It can be: a fixed-fee retainer with agreed service levels makes the bulk of it predictable, with hosting, media and third-party licences passed through as the variable, disclosed part.

Maintenance is insurance and performance, not housekeeping. You are mostly paying for the months when nothing happens — and that is not waste, that is the product working.

What pushes the number up or down

Four dimensions move maintenance cost, and once you can see them the spread stops looking arbitrary. Each adds load as it increases.

The first is traffic and revenue dependency. The more sessions the site carries, and the more of your pipeline or orders pass through it, the tighter your service levels need to be, the more monitoring is justified, and the faster a fix has to land. A site no one would notice was down for a day is, reasonably, cheaper to look after than one that takes orders every hour.

The second is platform complexity. More plugins or apps, more custom code, and more integrations all mean more to keep compatible and more edge cases to test before anything ships. A WordPress site with three must-have plugins and a quarterly update rhythm is a different proposition from a WooCommerce store wired into payment, ERP and product information systems with a catalogue that turns over each season. The second needs capacity held in reserve and sharper response times.

The third is compliance and security posture. Regulated sectors, or buyers with strict information-security expectations, demand harder baselines, proper change control, and reporting an auditor will accept. That is real work, and it is priced as such.

The fourth is update cadence and content operations. If you push changes weekly, you need staging discipline, automated checks, and people who know your stack well enough to ship quickly without breaking it. A site that changes monthly carries far less of this overhead than one in a constant state of release.

The surprises that aren't in the quote

The costs that hurt are the ones you do not see coming, because they are absent from the proposal by design. It is worth naming them, because the omissions are invisible right up until they are not.

Overages are the first. A retainer that flips to hourly the moment you report an incident is a retainer in name only, and the hourly rate is usually higher than you would expect. Scope creep by omission is the second — "basic maintenance" that quietly excludes performance tuning, plugin rationalisation or security hardening, so the saving you banked at the start reappears later as an outage. Missed patches are the third: vendors publish security advisories continually, and if nobody is watching, an exploit can arrive well before your monthly sweep does.

Then there is no staging. Updates that go straight to production are fine until a minor theme tweak collides with an app update and your contact form silently stops sending leads — and you find out from the drop in enquiries rather than from anyone watching. And finally third-party drift: apps, APIs and hosting environments all update on their own schedules, and without monitoring you discover the break when conversions fall rather than when the change lands. None of this matters on a site that does not matter. On a site your business relies on, all of it does, and the cost of leaving it out is borrowed rather than saved. This is the same logic that separates maintenance from support: pay for the scheduled, preventative work, or pay more later for the emergency.

A worksheet to size what you need

Rather than judging a quote against other quotes, size the work against your own site. Score each factor from one to three, add the four together, and read the total against the bands below.

  1. Traffic and dependency on leads or revenue. One: low traffic, the web is not critical to pipeline. Two: a steady flow of enquiries, some direct revenue or requests for quotation. Three: high traffic, or material revenue depending on the site staying up.
  2. Platform complexity. One: a core content management system, few plugins or apps, little custom code. Two: several integrations, custom theme elements, a moderate app stack. Three: custom modules, multiple environments, or heavy integration.
  3. Compliance and security. One: a standard posture, no specific audits. Two: customer-data considerations and periodic audits. Three: regulated, or enterprise procurement requirements to satisfy.
  4. Update cadence. One: monthly or less, low change volume. Two: fortnightly content updates or periodic releases. Three: weekly releases or seasonal peaks.

A total of 4 to 5 is a light profile — expect roughly £400 to £1,000 a month. A total of 6 to 8 is standard mid-market — expect £1,000 to £2,000. A total of 9 to 12 is complex or business-critical — expect £2,000 to £4,000 and upward. Adjust above those bands for multi-region sites, dedicated performance work, or service levels that promise a first response inside two hours.

To make that concrete: an engineering consultancy on WordPress, sixty pages, two forms and quarterly content updates, tends to land at £800 to £1,200 a month with staging, service levels and monthly performance checks. A distributor on Shopify with three hundred lines, eight apps and quarterly promotions sits nearer £1,200 to £2,000 for app governance, performance tuning and round-the-clock monitoring. A specialist manufacturer with a bespoke catalogue, an ERP integration and strict procurement security runs £3,000 to £5,000 and beyond, to cover change control, deeper testing and tighter response times.

How we structure it

We run maintenance as a fixed-fee retainer with one blended rate, clear service levels, and a flex-bank that rolls unused time forward up to a cap. The price you see is the price you pay — no timesheets, no surprise overages. The retainer covers content-management, theme and plugin updates with staging and scheduled deployment; proactive security patching with vendor monitoring and automated scanning; uptime monitoring across the key templates and journeys, with on-call response graded by severity; Core Web Vitals benchmarking and performance tuning; and monthly reports in plain English, with incident logs that name the root cause. Hosting, media spend and third-party licences are passed through at cost and always disclosed, with no mark-up. If you have a busier month, we draw on the flex-bank; if you have a quieter one, the time is not lost. And if we cannot help, we will say so and point you to someone who can.

For most of the established businesses we work with, website care does not sit on its own — it lives inside a broader marketing retainer, alongside the work that turns a healthy site into a productive one. Maintenance keeps the lights steady; conversion work and search make them brighter, and the two pair naturally under one optimisation programme. Keeping a site fast, current and secure is not separable from making it earn its keep.

The point of all this is not that you should spend more. It is that the right question is never "what is the cheapest maintenance I can buy", but "what does this particular site need to stay healthy, and am I actually buying that". Answer the second honestly — the worksheet above is a fair start — and the price tends to answer itself. If it helps to see where we land, our packages and what they include are set out in the open.

If you are weighing a maintenance quote and are not sure whether it covers what your site genuinely needs, that is worth a conversation. Thirty minutes, no pitch deck: hello@ninestones.co.uk.

Richard Bundock
Managing Client Partner
More from this author →

Twenty-five years in digital — agency-side, client-side, group-side. Cohaesus Group founder.

Richard founded Cohaesus in 2008 and has spent the intervening decades running digital programmes for British manufacturers, distributors and professional services firms. He started Nine Stones to give established mid-market businesses the kind of senior marketing partnership the larger agencies reserve for their largest accounts.

More from Notes

Reading,
in the same vein.

Web · Operations

Your website is live. So who's actually running it?

A website is not a project that finishes — it's a system that runs continuously, and most mid-market sites are quietly neglected the day after launch. What ongoing management really involves, who should own it, and how to tell whether yours is being looked after at all.

Websites · Conversion

Conversion rate optimisation: a practical guide for established UK businesses

What conversion rate optimisation actually involves — the maths, the experiments, and the process — written for the owner of an established firm who wants more from the traffic they already have.

Website care

Could I hire someone to manage my website?

The instinct is to put one person in charge of the website. It is a reasonable instinct — but website management is four different jobs, and one hire rarely covers all four. Here is how to think about it before you write the job spec.

Talk to us

Thirty minutes. No pitch deck.

We'll tell you honestly whether we can help. If we can't, we usually know someone who can.

What the thirty minutes covers: what you're trying to grow, what's worked so far and what hasn't, and an honest view on whether we're the right team to own it.