Over time, the technology that powers your website changes. Sometimes those changes are minor, sometimes they’re significant. We recognise that updates are more important to some than others, so we take a responsible, transparent approach to maintaining the websites we host and build, offering you choice along the way.
This page explains how we handle updates, why they matter, and what options you have to keep your site healthy – without paying for work you don’t need.
The background
In the past, we’ve occasionally handled these updates as a courtesy. As our client base has grown, it’s become important to make this process clearer and give every client a choice that suits their needs.
When we talk about website updates, we’re referring to changes to WordPress core, Plugins, Themes and other code libraries that bring your site to life. Each of these can receive multiple updates throughout the year. Some are small bug fixes, others are major releases that require testing. In 2024 alone:
Figures show updates in 2024 compared to average yearly updates released during the previous 10 complete years, across technology components usually in our development stack. CVE stands for Common Vulnerabilities and Exposures. It is a publicly available dictionary that provides unique identifiers for publicly known information security vulnerabilities. It is recommended to update to patch CVEs.
Data sources: WordPress.org, cve.org, nvd.nist.gov.
Managing updates
Updates regularly break things, so responsible updates involve taking a backup of a site to recreate in a new environment, testing the updates there, applying changes, and verifying everything works before your users see it.
This process can take between half an hour and half a day. With hundreds of sites on our servers, that adds up to hundreds of hours of work each year, which is why we need a structured, fair approach that reflects the effort involved.
Why updates matter
Updates are usually released to introduce new features, apply fixes or improvements to existing features, or to patch security vulnerabilities that could leave your site vulnerable to attack or exploit.
That said, not every update is critical. Older versions aren’t automatically or inherently insecure, but once they fall outside their support window, new vulnerabilities are no longer checked or patched. That’s where risk starts to grow.
We believe in balancing security against stability – updating a site for the sake of it can be risky – a single plugin conflict can take a site offline.
Security
Close vulnerabilities as they’re discovered.
Stability
Eliminate plugin or theme conflicts.
Compatibility
With modern browsers and integrations.
Performance
Stay on top of code efficiency and speed.
Peace of mind
You know your website updates are covered.
Your options
Annual Updates
Give your website an yearly tune-up.
- Updates performed once per year
- Full integration testing
- Security fixes not applied as released
Quarterly Updates
Balance security and stability.
- Updates performed every 3 months
- Full integration testing
- Security fixes not applied as released
Monthly Updates
Regular updates to cover most scenarios.
- Updates performed once per month
- Full integration testing
- Covers more (but not all) CVEs
CVEs always updated
All critical security patches, applied as soon as possible after they are released.
- Critical security updates performed when they are released
- Full integration testing
- CVE’s for core components included
All updates
Every update (including CVEs) applied as soon as possible after they are released.
- All updates performed when they are released
- Full integration testing
- CVE’s for core components included
Hosting only
Just plain hosting – we don’t do any site updates for you.
- Server-side updates (e.g. PHP) performed periodically
- No application (WordPress, plugin, etc) updates applied
- No security patches
Pay as you go
A single, standalone update cycle, performed on your request.
- Updates to all components upon request
- One-off to bring you in line with latest updates
- Includes CVEs on date of update, but not future CVEs
Update cost varies based on your website’s hosting tier, as the process and time required may differ. Billed annually. Your tier will depend on your site’s hosting requirements, and we’ll make it clear to you when commissioning a site which tier you’ll be on. You can choose to change tier.
Frequently Asked Questions
Do I have to have a maintenance plan?
No – above all else, we strive to provide choice to our clients. No one is tied to us in any area. You are free to move your site, free to use other hosting, free to get someone else to update your site or free to go without updates altogether. Maintenance plans are simply the latest evolution of our offering to provide a range of solutions for those who want (or need) to keep their sites more up-to-date. If your organisation has compliance requirements (like Cyber Essentials), you will need an active maintenance plan to stay within supported versions.
Isn’t this included in my hosting?
No. Our hosting service is competitively priced to ensure the infrastructure your website runs on is fast, secure, and reliable, but isn’t nearly enough to include unknown quantities of updates. Hosting does not include updates to the website application itself. For example, updates to WordPress core, plugins, or themes. For more information about what is (and isn’t) included in hosting, refer to our Hosting and Maintenance Policy.
Can you just turn on automatic updates?
Yes, but we wouldn’t advise it. Untested plugin updates are the number one cause of broken websites. If you feel comfortable rolling the dice, we can enable automatic updates for your website. However, any time required by Ethical Pixels to fix a site as a result of updates made independently of our maintenance packages would be chargeable at an hourly rate.
What if I want to switch plans later?
You can decide to change plans at any time. Active plans will run until their expiry date, at which point the new plan will come into effect. Some clients prefer to evaluate the impact of infrequent updates (annual or quarterly) and then take a decision on making them more regular.
Can I run updates myself?
Yes, but as with automatic updates, we wouldn’t advise it. Untested plugin updates are the number one cause of broken websites. If you feel comfortable making updates yourself, we can enable automatic updates for your website. However, any time required by Ethical Pixels to fix a site as a result of updates made independently of our maintenance packages would be chargeable at an hourly rate.
Can I hire someone else to run updates?
Absolutely, we’re not precious, and can provide the required access to another provider. However, any time required by Ethical Pixels to fix a site as a result of updates made independently of our maintenance packages would be chargeable at an hourly rate.
Will you update any WordPress website?
Only sites that Ethical Pixels has created and is currently on an active hosting plan with us are eligible for Maintenance Packages. We don’t maintain sites built by third parties as this would mean accepting any technical debt created by other developers. We can make a recommendation to providers who do, or you can ask your incumbent web designer or host.