WordPress Maintenance Contract Template — Updates, Backups & Security

This WordPress Maintenance Services Agreement ("Agreement") is entered into as of [DATE]:
Maintenance Provider: [YOUR NAME/COMPANY], located at [ADDRESS] ("Provider")
Client: [CLIENT NAME/COMPANY], located at [ADDRESS] ("Client")
This Agreement governs ongoing WordPress maintenance services for Client's website.

Provider agrees to provide the following maintenance services:
WordPress Core Updates:
  - Testing and applying WordPress core updates
  - Testing in staging environment before production
Plugin & Theme Updates:
  - Updating plugins and themes to latest stable versions
  - Testing updates before applying to production
Security Monitoring:
  - Daily security scans and monitoring
  - Malware detection and removal
Backup Services:
  - [DAILY / WEEKLY] automated backups
  - [X] days backup retention
Uptime Monitoring:
  - 24/7 uptime monitoring
  - Performance monitoring
NOT Included: New features, custom development, content updates, redesigns

Maintenance Services (Included):
  - Updates to existing WordPress, plugins, themes
  - Security monitoring and fixes
  - Backup and recovery
  - Performance optimization of existing site
Development Work (Not Included, Available as Add-On):
  - New features or functionality
  - Custom code development
  - Site redesigns or major changes
  - Content creation or updates
  - New plugin installations requiring custom configuration
Development work quoted separately and requires separate agreement

Backup Frequency: [DAILY / WEEKLY] automated backups
Backup Includes:
  - WordPress database
  - WordPress files and media
  - Plugin and theme files
Backup Retention: [X] days of backups stored
Backup Testing: Provider will test backup restoration [FREQUENCY]
Recovery Timeline:
  - Critical issues: [X] hours
  - Non-critical: [X] business days
Client may request manual backup before major updates: $[RATE]

Security Monitoring:
  - Daily automated security scans
  - Malware detection
  - Vulnerability scanning
  - Failed login attempt monitoring
Response Times:
  - Critical security issues (site compromised): [X] hours
  - High priority (vulnerability detected): [X] business hours
  - Normal (routine monitoring alerts): [X] business days
Security Fixes: Included for issues detected through monitoring
Forensic analysis or data recovery: Additional fees

Update Schedule:
  - Security updates: Applied immediately after testing
  - Feature updates: Applied within [X] days after testing
  - Major WordPress releases: Applied within [X] weeks after testing
Testing Process:
  - All updates tested in staging environment first
  - Functionality testing before production deployment
  - Rollback plan prepared before production updates
Update Notifications: Provider will notify Client [X] days before major updates
If updates cause issues: Provider will rollback and investigate

Support Request Classification:
  - Critical: Site down, security breach, data loss
  - Urgent: Major functionality broken, performance issues
  - Normal: Minor issues, questions, routine requests
Response Time SLAs:
  - Critical: [X] hours (24/7)
  - Urgent: [X] business hours
  - Normal: [X] business days
Support Channels: [EMAIL / TICKET SYSTEM / PHONE]
Support Hours: [BUSINESS HOURS / 24/7 FOR CRITICAL]
After-hours support for non-critical: Additional fees

Uptime Monitoring:
  - 24/7 automated monitoring
  - Alerts for downtime or performance issues
  - Monthly uptime reports
Performance Monitoring:
  - Page load time tracking
  - Server response time monitoring
  - Database performance monitoring
Uptime Guarantee: [X]% uptime (excluding scheduled maintenance)
Hosting Issues: Provider not responsible for hosting provider outages
Performance optimization included for existing site, not new features

Monthly Retainer: $[AMOUNT]/month
Payment Due: [DAY] of each month
Payment Terms: Net [X] days from invoice
Late Payment: [X]% monthly fee after [X] day grace period
Additional Services:
  - Development work: Quoted separately
  - After-hours support (non-critical): $[RATE]/hour
  - Emergency support outside scope: $[RATE]/hour
Annual Plans: [X]% discount for annual prepayment

Client Responsibilities:
  - Provide access to WordPress admin and hosting
  - Maintain valid hosting account
  - Provide content updates (unless included as add-on)
  - Notify Provider of custom code or third-party modifications
  - Maintain valid domain registration
Client must not:
  - Install plugins/themes without Provider approval
  - Modify core WordPress files
  - Share admin credentials with unauthorized parties
Violations may result in service suspension or additional fees

Provider's liability limited to total fees paid in past [X] months
Provider not liable for:
  - Hosting provider outages or issues
  - Third-party plugin/theme failures despite proper testing
  - Client modifications or unauthorized changes
  - Data loss if backups fail despite following procedures
  - Indirect, consequential, or punitive damages
Provider provides maintenance services, not guarantees of uptime or performance
Client responsible for maintaining their own backups as secondary protection

Either party may terminate with [X] days written notice
Upon termination:
  - Client pays for all services rendered through termination date
  - Provider delivers final backup and documentation
  - Provider removes access credentials
  - No refunds for prepaid services
Provider will provide [X] days transition support at standard rates
Client responsible for finding replacement maintenance provider

Both parties agree to the terms above.
Provider: _________________ Date: _________
Client: _________________ Date: _________