Resources · Maintenance & Support

21 Questions to Ask Before Hiring a Website Maintenance Partner

Last Updated: December 13, 2025

Choosing a website maintenance partner is not just about who can “update plugins the cheapest.” You are effectively asking someone to look after a critical business asset: the system that prospects, customers, and partners see before they ever talk to you.

This article gives you practical, non-fluffy questions you can use in discovery calls. You don’t have to ask all 21, but if a provider can’t answer most of them clearly, that’s a signal.

You can also send this list to potential partners in advance and see how they respond.

1. Strategy and Fit

These questions help you understand whether they think like a partner, or just a “button-clicker”.

1. What type of clients do you usually support?
   • Are they mostly small sites, eCommerce, SaaS, agencies, or something else?
   • Do they work with tech stacks similar to yours (CMS, hosting, integrations)?
2. What does “maintenance” mean in your company?
   • Is it just updates, or do they include monitoring, incident response, performance, and basic security?
3. How do you handle sites you didn’t originally build?
   • Do they insist on an initial audit?
   • Do they refuse to support certain “legacy” setups or high-risk configurations?
4. Where do you draw the line between maintenance and new feature work?
   • This matters for avoiding “scope fights” later.
   • A good answer clearly separates routine tasks from new projects.

2. Scope, SLAs, and Response

You want to know what happens when something breaks at 10:00 on a Monday.

5. What’s included in your standard maintenance plan?
   Ask them to be specific about:
   • Updates (core, plugins/modules, themes)
   • Backups (frequency, location, retention)
   • Uptime monitoring
   • Security checks
   • Small fixes or adjustments
6. What’s not included that clients often assume is included?
   This answer will reveal where misunderstandings often happen.
7. What are your response and resolution times for incidents?
   • Do they have different priorities (e.g., critical vs low impact issues)?
   • Are there written SLAs or just “best efforts”?
8. What is your support channel and schedule?
   • Email, ticketing system, chat?
   • Do they operate in your time zone?
   • Any weekend or after-hours coverage?

3. Security, Backups, and Risk

If a provider can’t speak confidently about security and backups, that’s a red flag.

9. How do you handle backups?
   • How often do they back up?
   • Where is the data stored?
   • How long is it retained?
   • When was the last time they tested a restore?
10. What security measures do you typically put in place?
    Listen for things like:
    • Web application firewall (WAF)
    • Rate limiting or login protections
    • Regular update cadence
    • Monitoring for suspicious activity
11. How do you handle a security incident or suspected compromise?
    • Who investigates?
    • What steps do they take first?
    • How do they keep you informed?
    • Is incident response included or considered a separate project?
12. How do you manage admin access and credentials?
    • Do they use named accounts instead of shared “admin” logins?
    • Do they store credentials in a password manager?
    • What happens if a team member leaves?

4. Tooling, Process, and Change Management

Good partners treat your site like software, not like a random DIY blog.

13. Do you use a staging or test environment for changes?
    • If not, why not?
    • If yes, what types of changes always go to staging first?
14. How do you communicate and approve changes?
    • Do they send change summaries?
    • Do they ask for approval before major updates or structural changes?
15. How do you document the work you do on our site?
    • Is there a changelog or maintenance log?
    • Can you see what changed, when, and why?
16. What monitoring or alerting do you have in place?
    • Uptime monitoring?
    • Basic performance trends?
    • Error logs or alerts?

5. Communication, Reporting, and Transparency

It’s not just about “doing the work”, it’s about keeping you out of the dark.

17. What does your regular reporting look like?
    • Monthly or quarterly report?
    • Does it include updates performed, incidents handled, basic metrics?
18. Who will be our main point of contact?
    • Is there a named person?
    • How do you escalate if you’re not getting what you need?
19. How do you handle disputes or misunderstandings?
    • Do they have a structured approach?
    • Are they open to reviewing scope and updating agreements?

6. Pricing, Contracts, and Exit

Maintenance relationships usually last longer than one project, so clarity matters.

20. How is your maintenance pricing structured?
    • Fixed monthly retainer?
    • Different tiers for complexity or size?
    • What causes price changes over time (traffic growth, complexity, extra environments)?
21. What happens if we want to pause or stop working with you?
    • What notice period do they require?
    • Do they help with handover to another provider?
    • Will they share relevant credentials, notes, or documentation you’ve already paid for?

A confident, transparent partner will answer this clearly instead of getting defensive.

Red Flags to Watch For

While you’re asking these questions, pay attention not just to the words but to how they respond.

How to Use This Question List

Here’s a simple way to use this article:

1. Pick the top 8–10 questions that matter most to you.
2. Send them to potential partners before your call.
3. See how they respond in writing and live.
4. Compare answers between providers.

You’re not looking for perfection. You’re looking for:

• Clear thinking about reliability and risk
• A process you can understand
• A communication style that fits how your team works

---

If you’d like to see how Alison Prime answers these questions, you can send us this list and we’ll walk through it with you transparently.