Most businesses do not think about software maintenance until something breaks. By then, a $200/month maintenance contract has become a $5,000 emergency fix. Here is what software maintenance actually covers, what happens when you skip it, and what you should be paying.
There is a predictable pattern with software maintenance that we see repeatedly. A business builds a website or custom application, launches it successfully, and then stops investing in it. The site works well for the first year. Toward the end of year two, a plugin update breaks a form. The contact form stops working. Leads go to /dev/null for two weeks before anyone notices. By the time it gets fixed, emergency rates and diagnostic time turn a trivial fix into a significant invoice.
That is the best-case scenario. The worst case is a security breach — a vulnerability in an outdated plugin or framework that gets exploited, resulting in customer data exposure, Google blacklisting the site, and a legal liability conversation nobody wanted to have.
Software maintenance is not exciting. It is absolutely essential.
What Software Maintenance Actually Covers
When we talk about software maintenance for a business website or application, we are talking about a set of ongoing activities that keep the software secure, functional, and current:
Security Updates and Patch Management
Every software platform — WordPress, Laravel, Node.js, React Native — receives regular security updates. These patches fix discovered vulnerabilities. When a vulnerability is discovered in a widely-used plugin or framework, attackers have automated tools that scan the web for unpatched installations within hours. Applying patches promptly is not optional; it is the minimum baseline of operating a software system responsibly.
Dependency Updates
Modern software relies on dozens to hundreds of third-party libraries and packages. These dependencies receive updates for security, performance, and compatibility. Outdated dependencies accumulate technical debt — a point comes where upgrading from very old dependencies requires significant refactoring, far more expensive than regular incremental updates.
CMS and Platform Version Upgrades
PHP releases end-of-life dates — PHP 8.0 went EOL in November 2023. Running PHP 7.4 on a production server today means running software with no security fixes available, on a version increasingly unsupported by hosting providers. CMS platforms like WordPress require compatible PHP versions — letting the underlying platform fall behind cascades through the entire stack.
Backup Verification
Automated backups are configured at launch and then forgotten. Many businesses discover their backups were broken or incomplete only when they try to restore from them. Active maintenance includes testing backup restoration on a schedule — monthly for most businesses, weekly for high-transaction applications.
Performance Monitoring
Page speed degrades over time. As the database grows, query times increase. As media libraries accumulate unoptimized images, page weight climbs. Active monitoring catches performance regressions before they affect user experience and search rankings.
Uptime Monitoring and Incident Response
A maintained site includes automated uptime monitoring — if the site goes down, someone is notified within minutes, not discovered two days later by a client who could not reach the contact form. Response time to incidents is a key differentiator between maintenance plans.
What Happens When You Skip Maintenance
Here is what we typically find when auditing a site that has not had active maintenance for 12+ months:
- Multiple outdated plugins or packages with known CVE (Common Vulnerability and Exposure) entries
- PHP version 2 to 3 major versions behind current
- No verified recent backup
- One or more broken features that "nobody noticed"
- Performance metrics declined from original post-launch baselines
- SSL certificate expiry approaching (or already expired, in some cases)
Remediating this state from scratch typically costs $2,000 to $8,000 depending on the platform and how far behind things have fallen. This is 10 to 40 months of proactive maintenance fees spent in a single reactive engagement.
Maintenance Plans: What to Expect to Pay
Maintenance pricing varies by platform complexity and included services. General ranges for DFW businesses in 2025:
- Basic website maintenance (WordPress/CMS): $150 to $350/month — updates, backups, uptime monitoring, minor fixes
- Professional site with e-commerce: $350 to $600/month — everything above plus payment integration monitoring, inventory sync checks
- Custom web application: $500 to $1,500/month — application monitoring, dependency management, performance baseline, emergency response SLA
- Mobile app maintenance: $300 to $800/month per platform — OS compatibility testing, store listing updates, crash monitoring, API dependency management
Emergency vs. Planned Maintenance: The Cost Math
Emergency development work — diagnosing and fixing a broken production system — is always billed at premium rates. At App Basis Inc, our standard maintenance client rate is approximately $95/hour. Our emergency incident rate for non-maintenance clients is $175/hour with a 2-hour minimum. A 4-hour emergency fix that would cost a maintenance client $380 (often covered within their plan) costs a non-maintenance client $700 to $1,400 — and that excludes the revenue lost while the system was down.
The math on maintenance contracts is straightforward: they cost less than one emergency per year.
Choosing a Maintenance Provider
Key questions to ask before signing any maintenance contract:
- What is the response time SLA for critical issues (site down, data breach)?
- What is explicitly included vs. billed hourly in addition?
- How are updates tested before deployment to production?
- What backup retention policy is included?
- Is there a staging environment for testing updates?
App Basis Inc offers software maintenance plans for websites, web applications, and mobile apps built on any platform. Contact us to discuss a maintenance plan for your software systems.