Most agencies talk about long-term partnerships. Few have clients that have been with them for nearly a decade. We do — and the story of how that relationship works is probably the most honest answer we can give to the question of what WordPress support actually means in practice.
Marisa.BG is a Bulgarian online fashion retailer. They came to us eight years ago with a site that was, frankly, a mess. They’ve been our client ever since. Here is what those eight years have actually looked like.
Year One: The Rescue
When Marisa first contacted us, they weren’t looking for a maintenance partner. They were looking for someone to fix an immediate crisis. Their WooCommerce store had been built and modified by multiple developers over the years, and the result was predictably bad: broken checkout flows, plugin conflicts causing intermittent errors, performance slow enough to lose customers on product pages, and security vulnerabilities that their previous developer had acknowledged but never fixed.
They had lost confidence in the site. When you can’t trust that a customer’s order will go through, you start routing customers to phone orders and direct bank transfers. That’s what was happening. The site was nominally running but practically unreliable.
We started with a full audit. Forty-two plugins, of which seventeen were either unused, redundant with other plugins, or hadn’t received an update in over two years. The database had no foreign key integrity to speak of — orphaned records everywhere from deleted products, abandoned carts, and plugin installations that had come and gone. The PHP version was two major releases behind.
The initial overhaul took about six weeks. Plugin consolidation, database cleanup, security hardening, checkout flow rebuild, and a performance pass that brought the site from eight-second load times to under two seconds. We rebuilt trust systematically — fixing one category of problems completely before moving to the next, so they could see clear progress rather than a long list of work in flight.
Sales increased 25% in the first quarter after the overhaul. Not because we did anything clever with conversion optimisation — just because customers could now reliably complete their purchases without encountering errors.
What Monthly Maintenance Actually Looks Like
After the rescue, Marisa moved onto a maintenance retainer. Here is what that has involved, concretely, over the years.
Updates, every week. WordPress core, WooCommerce, every active plugin and theme. Not applied blindly — applied to a staging copy first, basic smoke testing across the checkout flow and key product pages, then pushed to production. This process takes 30–90 minutes per week depending on the volume of updates and whether anything needs investigation.
This is the part that looks the most boring and is the most important. In eight years of weekly updates, we have caught update-related compatibility issues before they reached production on dozens of occasions. We have also closed hundreds of security vulnerabilities in the window between patch release and exploitation.
Uptime monitoring, around the clock. We receive an alert within a minute if Marisa’s site goes down or returns an error. In eight years, we have had a handful of genuine outages — hosting issues, one database corruption after a botched plugin update, a brief DNS propagation issue during a hosting migration. None lasted more than 30 minutes because we were notified immediately and responded immediately.
The value of this is asymmetric. On a normal day, uptime monitoring costs nothing. On the day something breaks, it means you know about it in a minute rather than when a customer emails to say they can’t place an order.
Performance monitoring. Page load times are tracked continuously. We notice when something degrades — a new plugin that adds a blocking script, a database query that’s grown slow as the product catalogue expanded, a third-party widget that started loading a heavier SDK. Catching these proactively means they get fixed before customers notice, not after.
Database maintenance, monthly. Order data accumulates. Session records accumulate. Post revisions accumulate. Transients expire but don’t self-clean. A WooCommerce database that isn’t actively maintained grows without bound, and the queries that drive the store grow slower as it does. We run a maintenance pass monthly: clean orphaned records, prune revisions, clear expired transients, check table fragmentation.
Security scanning. Weekly file integrity checks and malware scans. We have detected and cleaned one genuine infection in eight years — a PHP backdoor that was planted via a then-unknown vulnerability in a popular form plugin, discovered within 48 hours and cleaned before any customer data was accessed.
Pre-sale infrastructure review. Marisa runs seasonal sales events. Before any significant traffic event — the big annual sales, Black Friday, campaign launches — we review the current state of caching, check that the server is configured to handle elevated load, and run through a pre-event checklist. This review has caught several potential issues that would have degraded performance under sale traffic.
How the Site Has Evolved
Maintaining a site for eight years means watching a business evolve and making the technical infrastructure keep up.
When we started, the product catalogue was a few hundred items. It’s grown to thousands, and the way products are managed has changed — different variations, different supplier feeds, different pricing structures. The WooCommerce configuration that was correct in year one has been revisited and updated as the platform itself has evolved through multiple major versions.
Payment methods have changed substantially. Eight years ago, the options were bank transfer and a local payment gateway. We’ve added Stripe, multiple BNPL options, and a Bulgarian mobile payment integration that required custom development. Each of these was integrated, tested, and maintained as part of the retainer.
The design has been refreshed twice — not full rebuilds, but significant frontend work to modernise the appearance and improve the mobile experience. Mobile now accounts for a majority of Marisa’s traffic. The site’s mobile experience in year one was functional. Today it’s genuinely good.
SEO has become more important. The structured data implementation has evolved through several iterations as Google’s requirements have changed. Product schema, BreadcrumbList, organisation schema — these have been updated, validated, and adjusted as new requirements emerged and as we audited what was generating rich results.
Two hosting migrations. The original host became inadequate as the site grew. The second migration was triggered by the host’s persistent performance issues under load. Both migrations happened without downtime.
What Ongoing Support Actually Costs and Returns
Maintenance retainers are an easy cost to cut when budgets come under pressure. They feel like insurance — you’re paying for something that mostly isn’t needed.
Here is how we think about it from the client’s perspective:
The retainer fee per month is a fixed cost. The incidents it prevents — a hack that wasn’t caught, a compatibility issue that broke checkout for two days, a performance degradation that drove conversion rate down for weeks — have variable but significant costs.
In eight years, the incidents we’ve prevented or caught early at Marisa have included:
- Multiple vulnerabilities closed before exploitation
- One actual infection caught within 48 hours
- Three significant compatibility issues caught on staging that would have broken checkout in production
- Countless minor performance regressions caught and reversed before they became customer-visible
- One database corruption caught and reversed from backup before any data loss
The alternative to monthly maintenance isn’t a free outcome. It’s an accumulation of deferred risk that eventually materialises as an emergency — at emergency prices, with emergency disruption to the business.
There is also a less quantifiable benefit: the ability to make changes confidently. When you have a trusted technical partner who knows your site, you can say “I want to add a loyalty programme” or “I want to restructure the categories for the new season” and get a considered response from someone who already understands your codebase and your customer base. You don’t spend half the engagement bringing someone new up to speed.
The Relationship Behind the Contract
Business relationships that last eight years aren’t just contractual. They’re built on something else.
For us, that’s this: we treat Marisa’s site as if it were our own business depending on it. Not because the contract says we have to, but because after eight years of working with a business, you understand what it means when the checkout breaks at 10pm on a Friday. You know what a bad week of sales feels like for them. You have enough context to anticipate problems they haven’t thought to worry about yet.
For Marisa, the value isn’t primarily that we’re technically competent — they could find technically competent developers elsewhere. It’s that they can call us when something is wrong and know that someone who already understands their site is on it immediately.
That’s what long-term support actually looks like. Not a ticket system and an SLA. A technical partner who knows your business as well as you do.
If you’re managing your own WordPress site without a maintenance plan, or on a plan that’s more ticket queue than active partnership, our WordPress Security Checklist is a good place to start understanding what proper maintenance covers — and what you might currently be missing.