Website Care Plan Explained: What is Included, Do You Need One

Quick answers

The questions readers ask first

What is included in a website care plan?

A solid care plan covers security (weekly patches, vulnerability monitoring, SSL renewal), performance (uptime monitoring, monthly Core Web Vitals reports, page-speed alerting), search visibility (quarterly schema validation, Google Search Console monitoring), content (small changes, photo refreshes, annual sweep), and reporting (monthly performance email, quarterly audit). Anything cheaper than $300 a month that calls itself a care plan is usually just hosting plus uptime monitoring, which is not the same thing.

Do I need a website care plan if I am on Wix or Squarespace?

Usually no. Managed platforms handle security, hosting, dependency updates, and most performance work as part of the platform fee. A marketer who keeps your content fresh is more useful than a separate care plan. The exception is if your Wix or Squarespace site has heavy custom integrations that need ongoing attention beyond what the platform covers.

How much should a website care plan cost in Australia?

For a custom-built small-business site in 2026: $300 to $500 a month for an entry-level plan with weekly patches and a quarterly audit, $500 to $1,000 a month for the standard mid-tier with a guaranteed response time on breakages and monthly audits, $1,000 to $2,000 a month for high-touch plans with a faster guaranteed response time and dedicated point-of-contact. Anything under $300 a month is usually hosting plus monitoring, not a real care plan.

What happens if I do not have a website care plan?

A custom-built site without ongoing care typically slows down by 20 to 40% over 18 months (plugin bloat, image accumulation, dependency drift), drops out of search rankings as schema invalidates, develops security drift (each unpatched plugin is a potential entry point), and breaks at the worst possible moment (form submissions stop working during the busy season, contact page goes white the day a referral lands). Recovery from a single major breakage typically costs $1,500 to $5,000 plus the lost leads during the dark period.

Can I cancel a website care plan if I am unhappy?

Yes for any care plan worth signing. Cancellation notice should be 30 days; anything longer ties you to the relationship past usefulness. After cancellation you keep the site, the code, the domain, and the Google Business Profile. You just take on the maintenance work yourself, hand it to someone else, or let it slowly drift (with the consequences above).

Who maintains my website if my care plan provider stops trading?

You do, until you find a new provider. The bigger risk is what they leave behind: did they hand over the code, the hosting access, the deployment credentials, the schema source-of-truth? A well-structured care plan provider keeps everything in your name from day one (your hosting account, your domain registrar, your Google Business Profile), so transitioning to a new provider is straightforward. Avoid providers who hold any of these in their own accounts.

The short answer

A website care plan is a monthly subscription that keeps a custom-built small-business site fast, secure, and visible. For a properly-built modern website, it covers security patches, plugin and dependency updates, performance monitoring, schema validation, small content changes, and a quarterly audit. Cost ranges from $500 to $1,000 a month for most small-business sites in Australia in 2026.

You probably need one if you're on a custom build (WordPress, Next.js, Astro, or any code-based platform). You probably don't if you're on Wix or Squarespace, where the platform handles most of what a care plan covers.

The trap: you don't think you need a care plan today, then you find out you needed one six months ago when something breaks at the worst possible moment.

What a care plan actually covers

The label is consistent across providers. The contents are not. Read what's listed.

A solid care plan for a small-business site covers:

Security

Weekly security patches (WordPress core, plugins, dependencies)
Vulnerability monitoring (alert when a known security advisory affects an installed component)
SSL certificate monitoring and renewal
Malware scanning and response

Performance

Uptime monitoring (every 1 to 5 minutes from external monitors)
Monthly Core Web Vitals report against Google's "good" thresholds
Image and asset optimisation as the content grows
Page-speed regression alerting

Search visibility

Quarterly schema validation (LocalBusiness, Service, FAQPage)
Google Search Console monitoring for crawl errors and coverage drops
Structured data refresh when Google's spec evolves
Lighthouse audits flagged when scores drop

Content

Small content changes included (hours, prices, copy edits, image swaps)
New page additions covered up to a monthly cap
Photo refreshes
Annual content sweep with stale information flagged

Reporting

Monthly performance email
Quarterly audit report (what's been done, what's coming)

What a care plan doesn't cover

This is where most providers are vague and where most clients get burned by surprise invoices. A solid care plan will be specific about exclusions:

New page builds beyond the monthly cap
Major feature additions (booking systems, login areas, e-commerce)
Paid ad management
SEO content writing and strategy work
Photography
Copy rewrites at scope (small edits yes, full rewrites no)
Third-party plugin licence costs

If your provider is vague about exclusions, that's a flag. Exclusions are where the margin gets made up later.

Who needs a care plan

You need one if:

Your site runs on a custom platform (WordPress, Next.js, Astro, Hugo, plain code). Something has to stay on top of security patches and dependency updates. The bill of materials for a modern site is dozens of components, any of which can have a vulnerability disclosed at any time.
You can't comfortably do the maintenance yourself. Most owners can't, and shouldn't have to.
The site is a meaningful source of leads. If a single day of downtime costs you more than a month of care-plan fee, the maths is already done.
You have any structured data (schema), which most modern sites do. Schema specifications evolve. Sites that ship schema once and never update it eventually drift out of validity, and Google quietly stops surfacing the rich-result extracts.

Who probably doesn't

You're on a managed platform (Wix, Squarespace, Webflow, Shopify) where the platform handles security, hosting, and most performance work. A marketer who updates your content monthly is more useful to you than a care plan.
Your site is on a managed platform (Wix, Squarespace, Webflow, Shopify) AND brand-new with no revenue depending on it. The platform handles patches and uptime, so wait until traffic and leads are real before paying for any extra layer. Custom builds are different: a Next.js or WordPress site needs the security and schema work from day one regardless of traffic, because the dependency stack and schema specs evolve whether anyone visits or not.
You have an in-house person with the time and skills to handle WordPress patches, dependency updates, and basic Lighthouse audits. Few small businesses actually do, but if yours does, the care plan is redundant.

Pricing reality

In Australia in 2026:

$50 to $150 per month is hosting plus basic uptime monitoring. Not a care plan. If a "care plan" at this price doesn't list patches, audits, content changes, and reporting, it isn't one.
$300 to $500 per month is the entry-level proper care plan. Weekly patches, monthly performance report, quarterly audit, small content changes capped tightly.
$500 to $1,000 per month is the standard mid-tier. Everything above plus a guaranteed response time on breakages, more content-change allowance, monthly audits.
$1,000 to $2,000 per month is the high-touch tier. Same scope, faster guaranteed response time (4 hours), more proactive work, larger content allowance, dedicated point-of-contact.
$1,500+ per month crosses into agency-tier. Usually wrapped in a broader retainer that includes SEO content, paid-ad management, or strategy work. Not a pure care plan at that point.

If your provider charges flat retail prices without any of the above broken out, ask for the breakdown. A real care plan can be itemised. A vague one usually means corners are being cut on the work that isn't visible.

The cost of skipping one

A custom site without ongoing care typically:

Slows down by 20 to 40% over 18 months. Plugin bloat, image accumulation, dependency drift. Each one costs Lighthouse points and ranking signal.
Drops out of search rankings as schema invalidates. Google's structured-data specs change every quarter. Sites that ship and forget eventually fall out of the rich-result pool.
Develops security drift. Each unpatched plugin is a potential entry point. Compromised sites get blacklisted by Google in a single day, and recovery takes weeks.
Breaks at the worst possible moment. Form submissions stop working during the busy season. The contact page goes white the day a referral lands. Hosting expires the morning a Google review arrives.

A typical small-business site that goes unmaintained for 18 months hits one of these issues and pays $1,500 to $5,000 to recover, plus the lost leads during the dark period. That's why the maths on a $500 a month care plan works: it's insurance against an event that's not "if" but "when".

How to evaluate a provider

Six questions worth asking before signing:

Send me last month's care plan report for any current client (anonymised). If they can't, they're not actually doing the work. A real care plan generates documentation.
What's the guaranteed response time on breakages? Specific hours, or vague "we'll get to it"?
What's the cancellation notice? Anything more than 30 days is tying you to the relationship past usefulness.
What happens to my site if I cancel? Do you keep the code? Do they?
Is the care plan tied to a build with you, or can you take on a site you didn't build? If the latter, is there a one-off audit fee?
Who actually does the work? A subcontractor halfway around the world or the person you're talking to?

A provider who answers all six clearly is one you can trust. A provider who hedges on any of them is one you can predict will frustrate you in six months.

Care plan vs hosting (they're not the same thing)

A common confusion. Hosting is the server your site runs on. A care plan is the work that keeps the site running well on that server.

Hosting alone covers the server uptime and bandwidth. Maybe basic SSL. That's it. Plugin updates, schema refresh, content changes, performance work, security patches: none of that is hosting.

A small-business site can have great hosting and still rot. That's because the rot happens at the application layer (WordPress core, plugins, dependencies, schema, content), not the server layer.

If your "care plan" is just hosting, you're paying for one thing while believing you're paying for another. That's the most common pricing mistake in this category.

What Vellero offers

Two tiers, deliberately simple.

Standard ($500 a month) covers weekly security and dependency updates, uptime monitoring, monthly performance and Core Web Vitals report, quarterly schema and SEO audit, and up to one hour of small content changes per month. Cancel anytime with 30 days' notice.
Priority ($800 a month) adds a 48-hour guaranteed response time on breakages, monthly (rather than quarterly) audits, and up to three hours of content changes.

Care plans are available by default for Vellero-built sites. For sites built elsewhere, they kick in after a one-off handover audit ($400 to $600), which establishes a baseline for the existing build's security, performance, and structure.

If you're running a small-business site and not sure whether you need a care plan, send the URL through a quote and we'll audit the four highest-risk areas and tell you whether the answer is "yes, urgently", "yes, eventually", or "no, you're fine".

What is actually in a website care plan (and do you need one)