Why you should consider ongoing maintenance for your website

November 2022
5 min read
by Polly O’Hara

Your website is never a finished product, it’s living and evolving. The launch of a new site is always an exciting time but it’s only the beginning of your digital journey, and we pride ourselves on providing the support that you’ll need far into the future.

Why does a new website need maintenance?

All websites need basic ongoing maintenance to ensure its security and performance are maintained over time. If it’s not updated, your website will become vulnerable to malicious attacks, as well as a gradual deterioration of performance and functionality over time.

Your website uses many open source tools for its foundation, ranging from the programming languages used (eg, PHP, MySQL), to the CMS (eg, WordPress, Drupal), to the third-party tools used to avoid re-inventing the wheel (eg, WordPress plugins, Drupal Modules). These tools are constantly updated and improved to deliver greater performance, cater to a wider range of devices, and to provide better functionality and interactivity. Open source tools are built up by many developers over years (including contributions from our own developers to Drupal, WordPress and other initiatives).

Will regular maintenance save money in the long term?

In a nutshell, yes. Investing in regular updates to the site means that you won’t have to budget for a new site within a few years.

Here are three factors to consider:


The underlying infrastructure of your website has an expiry date. This means that, at some point, the code used will be outdated and will no longer work. Keeping your site’s dependencies up to date (like the CMS, plugins, and modules) ensures that the underlying infrastructure- the code used to build your site- can be updated periodically.

It’s also important to consider that the maintainers of each CMS (WordPress, Drupal) only release bug and security fixes for the most recent versions.

Keeping everything up to date means that you can easily implement incremental changes and updates to the functionality of the site, rather than having to start again from scratch.


Open source code is visible to everyone on the internet. While it is possible for malicious people to find security issues, more often than not these are found by developers like those on our team. When a security issue is found and fixed, a security release is published so all other developers (everywhere!) can update the websites they maintain and avoid security breaches.

Because this information is available to everyone on the internet, the release also reaches those with malicious intent, showing them where a security issue existed. If your site is not updated it becomes immediately vulnerable to that issue. In many cases, exploiting that vulnerability can be automated via bots that are specifically created to search for websites that use outdated code.

The cost of regular security updates is much less than the cost of investigative work and repairs to a site that has been the subject of a malicious attack.

Performance and functionality

New features and improved performance are mixed in with bug fixes and security updates. Given the volunteer nature of open source, developers typically only maintain one version of their code and work on it in a linear way, with each new version overriding the last.

Other developers contribute new features, bug fixes, and performance improvements in addition to security fixes, all of which feed into that same linear path the code takes. By keeping your website up to date not only are you benefiting from improved stability and security, but your CMS will continue to support new browsers and devices, and deliver the functionality that both your users and your web editors grow to expect.

Ensuring that you’re supporting new devices and making the site easy to use means you’re less likely to have bugs slowing down your site’s users.

There are other factors to consider as well, but these three are enough to make the case for regular maintenance over your site’s lifespan. At the end of the day, it is about having up-to-date code to ensure your site remains functional, is protected against security breaches, and is delivering to its full capacity.

What can Soapbox offer in terms of maintenance and ongoing support?

At Soapbox we want to build long-lasting products for our clients to help them make the most of their investment. When we build a site we think of its potential for growth. We work with our clients to think of all the possible avenues that could be explored in the future in order to build a product that can serve those ambitions.

Our maintenance plan offer includes a periodical review and update of the codebase; reviews of error logs for deprecated code warnings and other warnings (and putting fixes in place); occasional updates in the infrastructure versions, and; quick reactions to Drupal and WordPress security releases including modules and plugins.

Website maintenance is the bare bones of what’s required to keep your site functioning well, whether you choose Soapbox, or another supplier. A website is always a work in progress and the amount of long-term work required depends on many internal and external factors.

We separate our post-launch services into maintenance and support. Maintenance, as described above, is a regular scheduled review of available updates and their implementation. This typically rumbles on in the background; we’ll let you know what’s needed and you can relax in the knowledge it’s being taken care of.

We can also offer continuous improvement services where we work with you to make further changes and additions to the site; whether we’re adapting your CMS to your evolving organisational needs; or adding new features to meet the needs of changing audiences and organisational goals.

We think of website support as periodically carrying out a site health check to make sure that it is fully supporting all your activities and that you’re capitalising on the latest trends and technologies. More than ensuring your code is up-to-date and your site is protected, we look at your content and activities and how the site is performing for you as your organisation evolves.

In practice, we recommend clients set aside an annual budget for ongoing development work. On our end, we keep an eye out for features that we think will work for you, and keep an open-ended communication line with you to make recommendations and work with your expectations, timelines and budget.

If you’d like to know more, please contact our team for a discussion about how this could work for your organisation.

Polly is Soapbox's Chief Operating Officer. She is based in London.

Like what you see? Let’s work together

Get in touch