A Candid Tell All: How I Run My Security & Maintenance Plans for Web Design Clients by Katy Martin, Web Designer Beauty School

Last week, I let you in on the reasons why I set up a security and maintenance plan for my clients. In a nutshell, it was because I was wasting too much time (un-paid) and often worried about the security of my clients’ sites (usually at 2am in the morning).

After putting in many hours of unbillable work and stressing about doing it all myself, I knew it was time to find someone who could take on the duty of securing my clients’ sites. I no longer wanted to deal with it on a daily basis.

After a long search for the right service, I finally found Lance at UnHack.net (parent company, Vrazer).

UnHack.net charges $175 for an initial site lockdown and $30–50 per month for security and backups, including (most) hack repairs. If you pay for a full year up front, you get one month for free, including the initial lockdown. I decided to roll their services into my own security and maintenance plan.

I did the math and marked up UnHack.net’s prices to account for the time I put into the work and the costs of the premium plugins that I include. I pay for the whole year and offer my clients a monthly (usually their preference) or annual fee.

I had spent too many hours fixing BackupBuddy backups and related issues. I needed to start charging properly.

I now give clients an ultimatum: Take it, or take your security into your own hands.

The result is my TLC Website Maintenance Services.

I created a well thought out sales page that walks my clients through all the reasons why they would want to take the extra steps to secure their sites. This page helps make the decision a no-brainer.

Right from the get-go of planning and proposing a new website, I broach the subject of long-term maintenance so that it’s not a surprising add-on fee at the time of launch. I include an introductory letter about the TLC services with my proposal, and throughout my proposal I let them know that certain plugins are either $X up-front or they are included with the TLC plan.

Furthermore, I explain that additional hourly work, outside the scope of the main project, will be either my premium hourly rate, or a discounted hourly rate for TLC plan members.

I keep reiterating that I would love to help them maintain the security of their sites so they don’t have to worry about the headache of keeping up with maintenance or the threat of being hacked.

If my clients don’t want the plan, I recommend a one-time lockdown for with UnHack.net, which I also mark up since it does involves some back-n-forth with UnHack.net and triple checking that everything works on my behalf. If they choose this diy route, I also ask that they buy their own iTheme Security, BackupBuddy, and possibly increased space on ithemes Stash, depending on their needs. 

If they decide to forgo these steps, then I strongly let them know that their site will be at risk and that I won’t be able to assist them if something goes wrong. Ultimately, if this is what they choose, I can peacefully wipe my hands of worrying about their site because I have been upfront and I have educated them about their role and the risks.

So far, it has worked like a dream. It’s a win-win situation for everyone.

The Nuts and Bolts of My Security and Maintenance Plan

I develop all my sites using the Thesis theme, and I include the first year of theme fees in the proposal. An annual Thesis license for one site is $89 and a developer’s license is $197 for unlimited domains, plus $40 per site. Thesis has not been requesting renewal fees. When they do, I will then either include it for my TLC clients, or bill non TLC clients separately. Until then it’s a wait and see game.

I also use the following plugins on most of the sites I develop:

  • Gravity Forms
  • iThemes BackupBuddy
  • iThemes Security Pro
  • LearnDash or WishList Member for courses (I’m also seriously researching – and excited about – the brand new Doki platform)
  • PopupAlly for “polite” opt-in forms
  • SendOwl, iThemes Exchange, or WooCommerce for e-commerce functionality

Here’s my hot tip!

I also use these plugins on my sites, and by purchasing the developer’s license and setting up a paid security and maintenance service plan for my clients, I not only share the cost of the plugins with my clients, but I also reduce their costs.

For example, WooCommerce is free, but it requires some “extensions” (a.k.a plugins) to make a store function appropriately. Once my clients become members of my TLC Website Maintenance Services premium plan, they can access many of these plugins and enjoy some huge annual cost savings.

Examples of extensions included in my Premium plan:



  • Subscription payments extension: $199/year
  • Appointment bookings: $249/year
  • MailChimp integration extension: $79/year
  • 
Pay What You Want: $49/year
  • Waitlist: $49/year

Many of my clients needed the WooCommerce Subscriptions plugin, which costs $199 for a single site. If I buy a developer’s plugin for $299, I can use it on up to five sites, potentially reducing the cost to $60 per client. The next level is $399 for up to 25 sites. Even if I have only 10 sites using it, the cost is reduced to $40 per site.

So I now have two levels to my plan: a $99 basic plan and a $129 premium plan. The $129 plan covers additional WooCommerce extensions and/or course software like LearnDash or WishList Member.

I’ll let you in on a little secret, too!

Many companies, like WooCommerce, actually give you a huge discount when you renew the plugins — as much as 50% off. So my $299 extension is often only $150.

 I’m able to show the value to the client at $199, but it may only cost me as little as $30 per client for that plugin.

And there’s another benefit for my clients…

Another benefit of having a security and maintenance plan is to finally get paid for those little updates that clients ask for from time to time that take me 15 to 30 minutes each. More often than not, I happily do these updates without charging for my TLC clients. I feel good, they feel good. It’s all good.



As you can see, there is some math involved to this process, and I do have to keep tabs on my outgoing and incoming expense totals, but with the help of Lance and Brandon at UnHack.net (and Krista’s guys at WebSavers), it doesn’t take up much of my time and I can sleep well knowing the sites are safe, secure, and backed up (and in reliable hands if they sites do get hacked).

As a bonus, I have reduced the cost of the plugins that run my own two sites (Tall Poppies, and Web Designer Beauty School). And I even make some money while I sleep. It’s that what we’re dreaming about, after-all!

Before I conclude, let me revisit that final point about “making money while I sleep.” It’s very easy to feel guilty about this type of transaction, whereby you are not actually trading your time for money. Hey, I frequently do. Now, you could certainly skip the whole cost-of-plugins-included bonus, and simply set your clients up with security and maintenance plans with UnHack.net or Websavers – and still mark it up with little to no work required on your end, nor output of monies. And that’s ok! Because you are promising security, peace of mind, and help at a moments notice. The value of keeping a business up and running, uninterrupted, 24/7 is extraordinarily valuable.

Krista made a good point the other day in our Web Designer Support School Facebook group (for students of our courses): “When deciding how you want to handle security and maintenance for your clients, it really depends on you and your clients. Each site, each client, and each developer have individual needs. What is right for me may not be the right path for you. If you do set up a plan, I hope that my experience is a helpful example for you, but do carefully review your options so that you know you’re making the best decision for your own business.”

©2017 Web Designer Beauty School   ♠   Contact Us   ♠   About   ♠   Press   ♠   Login