Menu
iThemes
WordPress Security, Backups & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

How to Package & Sell Website Care Plans for Clients

Written by Nathan Ingram on March 22, 2022

Last Updated on January 6, 2023

Can you make extra income by selling website care plans? Yes! The key to selling website care plans is education, and it must start during the first conversation with your clients.

In this guide, we’ll cover packaging, pricing, and selling website security services, along with how to educate your clients on the value of website security services.

In this guide
  • Why Offer Website Care Plans? The Power of Recurring Revenue
  • How Selling a Website Care Plan is the Starting Point  
  • The Challenge: Explaining to Clients Why They Need a Care Plan 
  • 2 Common Mistakes in Selling Website Care Plans
  • How I Present a Website Care Plan to the Client 
  • Explaining Hackers to Clients 
  • The Good News 
  • The Client's Responsibilities in Their Website Security 
  • Giving Your Client Options 
  • Pricing Your Website Care Plans 
  • Watch the Video: How to Package and Sell Website Care Plans
  • Get The Tools You Need to Provide Website Care Plans for WordPress Sites

Why Offer Website Care Plans? The Power of Recurring Revenue

Recurring income is the foundation of a successful web design business. It’s virtually impossible to survive without it.

Without a growing stream of recurring income…

  • You’re completely dependent on consistent sales for survival.
  • You’re living project to project. 
  • You only get paid when the client supplies the website assets to finish  the job (which can take days / weeks / months) 
  • You’re running walking a tightrope without a safety net. 

You need recurring revenue and your clients need a website care plan. 

Note: In this webinar, I may use the terms Website Care Plan, WordPress Management, and WordPress Security interchangeably and as part of one another. The idea is helping the client understand why  keeping their WordPress websites healthy is important and how you will do that for them. 

How Selling a Website Care Plan is the Starting Point  

You have built the client relationship, so maximize its value for the long term, not just a single project. 

Every WordPress website needs ongoing care. You should be offering these services to the client along with the initial build. 

The Challenge: Explaining to Clients Why They Need a Care Plan 

It can be challenging to explain to clients why a care plan is important. Clients are often not tech savvy, and don’t understand the challenges  or the benefits of keeping a website healthy. It’s up to us to explain these things in a language that even a non technical client can understand. 

2 Common Mistakes in Selling Website Care Plans

Let me give you what I think are the two most common mistakes when it comes to selling website care plans. (By the way, I’ve made both of these. And so I’m very familiar with each.)

1. Presenting Website Security as an Option 

  • WordPress Security is not an option, it’s a necessity if the client wants  their website to stay healthy. 
  • A care plan is not an optional extended warranty like car dealerships try to sell. 
  • A care plan is more like regularly scheduled maintenance – oil changes, fluid checks, rotating and balancing tires, etc. If you skip them, the car  will have problems sooner or later. 
  • When a client is budget-challenged, I’d rather see them spend less on the website project so that they have enough money to purchase a  care plan.

2. Waiting Until Launch to Mention the Website Care Plan 

  • If you wait until website launch before you introduce the client to the concept of a care plan, you’ll rarely sell one. 
  • In fact, it’s likely the client will feel hoodwinked since their investment will change significantly. 
  • The key to selling care plans is education, and the discussion has to  begin from your first meeting with the client. 
  • Care plan pricing should be part of your proposal – it’s just as important as the cost of the initial build. 

The key to selling WordPress Care Plans is education, and it must start at the first conversation. 

How I Present a Website Care Plan to the Client 

Often when I meet with a client, I will draw out a box on a notebook or a napkin. I explain why each wall is important and what we do to provide protection. 

Visual Example: The Four Walls of Protection 

Let’s unpack each of these four walls:

1. Website Hosting 

The client may or may not be familiar with $5 a month low-quality shared hosting. 

I will often mention that this kind of service is out there, much like there are cars for $500 on Facebook Marketplace. A car like that might work for a little while, but I’m not going to put my family in it.

Shared hosting is so cheap because there are thousands of other websites on the same server as yours.

The other sites can make your site run slower, affect your website’s security if they get hacked, and even cause your site to  be blacklisted if they do something bad.

Not only does our private server provide much better security for your website, but it will also be significantly faster than other alternatives.

A faster site can lead to better customer conversions and a higher ranking on Google.

Many times, the client won’t be interested in these details at all. You’ll have to make that decision.

When I’m dealing with a business owner who I can sense has no issue with spending money on value, I explain that we have our own private server that we control with only our client’s websites.

Frequently the client will simply be grateful that you can provide this  service for them and they don’t have to figure out themselves.

Remember, they’re really making a trust-based choice to invest in YOU. Sell benefits, not features.

If “gigabytes of storage space” enters the conversation, you’re probably doing it wrong.

2. Website Backups 

Since most clients will understand why backups are important as a concept, this part isn’t as hard to explain as the others. 

There are two reasons we provide backup services:

  • To mitigate the damage done by hackers – If your website should be compromised, we can immediately restore a backup to a pre-hacked condition.
  • To protect against human error. Just in case you or one of your employees accidentally delete or damage the website, we can restore a backup that’s no more than 24 hours old.

I explain that we are relentless about backups and provide a 2-tiered backup strategy. 

  1. First, we have backups at the server level. Everything is backed up to our web host’s data center each night. That’s the first line of  defense. 
  2. Second, we run a separate backup of each web site individually  on a daily basis. A 6-month archive of these backups are kept  offsite in cloud storage so that just in case something happens to  the web host, we always have a copy of your website. 

The important thing about this is that the client understands that you have a working strategy to keep the website backed up and safe. 

Sometimes too many details can muddy the waters for the client. Others want as much detail as possible. You’ll have to use your  best judgment on what kind of client you’re dealing with.

3. Software Updates 

This one is a little more difficult to explain to some clients. 

There are 2 kinds of clients I’ve found who push back on the importance of WordPress theme and plugin updates… 

  • Non-technical clients who don’t understand why you’d have to do this to begin with. 
  • Semi-technical clients who think it’s just as simple as pushing a  button (okay, in many cases it is – but we’ve all had issues where  an update has broken something and we’ve become a lot more  careful as a result). 

The best analogy I use is to relate website updates to software updates on a computer.  

Why do we apply software patches?  

The developer has found problems or security vulnerabilities, so the patch was released to fix those issues. If you don’t keep your software up to date, you could become infected with malware, or worse ransomware. 

WordPress updates are similar, but even more important since  your website is on the Internet for anyone to see. That means hackers can (and will) snoop around looking  for problems to exploit. 

We update your WordPress site each week under normal circumstances, making sure all the patches to the software on your site  have been applied and your site is functioning well. 

On average, a few times each year, a vulnerability will be revealed in WordPress software. 

We stay abreast of security news so that we are aware of these issues.

During those times when the threat level is enhanced, we perform updates more frequently. 

The goal here is for the client to understand that you have their back on these things so they don’t have to be a web security expert. 

4. Website Security 

Website Security is a three-phase approach: 

  1. Architecture – we choose only the best WordPress themes,  plugins, and code to build your website.  
  2. Launch – as part of our launch process, we perform a 43-point WordPress security lockdown.
    • Note, the 43 points are the individual features in iThemes Security Pro we enable during launch (be sure to count the  ones you use if you want to say something like this). This is the number of features we employ as of today. Of  course, this number can and probably will change in the future. 
  3. Monitoring – we monitor your website for hack attempts and  perform regular malware scans to ensure your website is clean. These are features provided by iThemes Security Pro. 

We also provide a free SSL certificate as part of our care plan. 

That way, all communication between your website and users is encrypted. Your website will show a padlock in the address bar which can  enhance a visitor’s confidence in you. It also helps your Google  ranking.

Explaining Hackers to Clients 

Many clients, especially small businesses and organizations, will not understand why a hacker would want to access their website to begin  with. 

They might also take a “so what” approach, believing that there is nothing of value on their website that they would lose even if a hack  occurred. 

It’s often helpful to explain the following to clients who push back on these things 

A Hacker Analogy 

A few years ago, we had a string of vehicle break-ins in our neighborhood. No cars were damaged but items were stolen. Turns out it was several teenagers walking driveway to driveway just checking door handles. If a car was left unlocked, they would rummage the contents for anything of value. 

That’s what hackers do. They’re just checking the doors and windows of your website to see if anything will allow them easy access. 

But a hacker doesn’t just try one door at a time. They have software that will scan the web for them looking for open doors and windows.  

It would be like the hacker pressing a button and automatically checking all the doors and windows in the neighborhood at once. 

When you think of a hacker, don’t think of a single person in their parent’s basement late at night typing away trying to break into your  website with Cheetos dust on their fingers. 

Hackers create little programs that scan the Internet looking for website vulnerabilities. When they find an open door, they’re programmed to  automatically infect the website and then report back their success to  the hacker, who will likely have hundreds of websites to exploit at once.

Why Hackers Hack 

“But why would someone do this? What value is my little site to them?” These are often a question I get. The answer is that the hacker probably isn’t after you specifically. You’re  just one of a million sites they’re trying to exploit. 

What do they have to gain? 

Server Resources – If hackers can compromise your website, they can use server resources to run complex calculations to create digital currency like Bitcoin. They can use the server’s resources to perform other tasks anonymously.

Sending Spam Emails – The server can also be harnessed to send millions of spam emails anonymously 

Content Injection – Hackers can add text and image links to products and sites  you probably don’t want to advertise (think porn and male  pharmaceuticals). 

Malware – Hackers can add code that will exploit vulnerabilities on  your visitors’ computers if they are using out of date web browsers, operating systems, or other old software. Once exposed, your visitors could have their computers  compromised with keyloggers, malware and ransomware. Nasty stuff. And you don’t want to be responsible for it.

The Good News 

Clients, especially the nontechnical ones, might be scared to death at this point. 

Assure them that WordPress is quite secure when a good security strategy is employed, like the one you’re offering to them as part of your  care plan. 

I explain that I have never had a website infected when it was managed under the care plan that I offer. 

The Client’s Responsibilities in Their Website Security 

It’s important for clients to understand that they themselves still have  some responsibility in keeping their website secure. 

The items below are detailed in my Master Services Agreement  (contract) and also explained to the client during training. 

Keeping Computers Protected 

A common way that websites become compromised is through keylogging programs that are installed on an infected computer.  

If your computer is not kept secure, the login information for any  site you visit can be recorded and sent to a hacker, who can then  log into those sites as you. 

The client must agree that any computer that they or their employees or contractors use to log into the website will be protected by: 

  • Installing and maintaining updated security software 
  • Using the most up-to-date version of your preferred web browser 
  • Keeping the operating system patched with recommended  updates

Using a Unique Password 

The client must also agree to use a strong password (as shown by the WordPress password indicator) for any account used to log into and  edit the website. 

This password must only be used on the website, it should not be used elsewhere. 

We recommend the use of a password manager (like Bitwarden, Dashlane, 1Password, etc.) so that you have unique passwords for each  website you visit. 

If the client has their “one favorite password” they use for everything, explain that it’s like a master key to their life.  

If one website they use gets compromised, a hacker can now log  into every site where they have an account. 

Suggest searching for the email and password combination at  https://haveibeenpwned.com. 

Note, iThemes Security includes HaveIBeenPwned protection for  all WordPress user accounts. I will often explain how this works, and clients love it. 

Giving Your Client Options 

When I explain the importance of a Care Plan, I give the client three options. It’s up to them to choose which is right for them. 

Do Nothing 

  • It’s a bad option, but an option nonetheless 
  • You’ll eventually get hacked or your website will break

Do It Yourself 

  • We will teach you how to keep your website updated and monitor security issues. 
  • Be sure to include sufficient time for this in-depth training in your proposal 

We Do It For You 

  • We offer a suite of ongoing services to keep your website safe and working properly. 

Pricing Your Website Care Plans 

Pricing is one the most difficult jobs for any WordPress business owner working with clients. Care plan pricing can vary wildly, but is usually dependent on one factor…  

Guidelines / Suggestions / Starting Points 

Generally speaking, the price of your care plan depends on the price of your websites. 

Typical Website Price Typical Care Plan PriceSuggested Monthly Price
Under $2000 $50/month and up
$2000-$3500 $75/month and up
$3500 and up $100/month and up

Note: It’s hard to sell a $100/mo care plan if you’re charging $1500 for a website.

Watch the Video: How to Package and Sell Website Care Plans

During this recent WordPress Disaster Week webinar, I unpack this entire approach to website care plans. I cover reach part of the process in more detail, along with answers to a few FAQs.

View session slides
View transcript

Get The Tools You Need to Provide Website Care Plans for WordPress Sites

Good news! There are tools designed specifically for make providing WordPress website care plans an easy process. I recommend and use:

  • The WordPress security plugin iThemes Security Pro for website security
  • The WordPress backup plugin BackupBuddy for website backups
  • iThemes Sync, a central dashboard for managing multiple WordPress sites, for website updates

Here’s more on my recommended tips, tools, and settings for each product when it comes to providing website care plans, including an export file of my favorite settings.

Buy the Plugin Suite

Nathan Ingram
Nathan Ingram

Nathan is the Host at iThemes Training where he teaches WordPress and business development topics via live webinar. He is a growth coach for WordPress business owners, helping them become more successful in their businesses individually and in groups. Nathan is also the creator of MonsterContracts, a service that provides contracts for WordPress client work. He has been working with clients to build websites since 1995.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
Productivity Tips for Website Owners
Productivity Tips for Website Owners
Personal Brand Website
How to Build a Personal Brand Website: 5 Essentials to Include
online marketing strategies
Best Online Marketing Strategies: 16 Tips for Beginners
Customer-Pain-Points
How to Find Customer Pain Points: 10 Questions to Ask so You Can Help Others

Get updates on new themes & plugins plus special discounts

About iThemes

  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2023 All rights reserved | Privacy Policy

A Liquid Web Brand © 2022 All Rights Reserved.

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.

Get the Report
Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap