Questions to Ask Before Buying a WordPress Care Plan

Buyer asking a care-plan provider the questions that reveal real ownership

/ Post · 9 min readBody

Ask about updates

Updates are routine, but they are also where many site problems begin. How a provider handles them tells you how careful they are.

Are updates tested before going live, or auto-applied?
What happens if an update breaks the site — is there a rollback?
Are high-risk plugins (payment, forms, booking) handled differently?
Do you update custom themes and custom code, or only off-the-shelf plugins?

Ask about recovery

The recovery answer is the single best test of whether a provider is serious. Anyone can “take backups”; few have actually tried to restore one.

How often do backups run, and is that enough for how fast my data changes?
Where are backups stored — off-site?
Have your restores actually been tested?
How quickly can you roll back a broken site?

Ask about security and support scope

Get the scope in plain language before you buy. Ask exactly what is included — content edits, plugin setup, forms, checkout, email delivery, WooCommerce help, malware cleanup — and what counts as separate project work. Then ask the security question that matters: when (not if) something gets flagged or hacked, who responds, how fast, and do they fix the cause? With 96% of vulnerabilities in plugins (Patchstack, 2025), the security answer is not optional. A clear checklist helps you hold the answers to a standard.

The answer that reassures vs the answer that worries

It is rarely the question that reveals a provider — it is how they answer it.

Question	Reassuring answer	Worrying answer
How are updates handled?	Tested on staging, rollback ready.	“Everything’s automatic.”
Have backups been restored?	Yes, we test restores regularly.	“We take daily backups.” (no mention of restoring)
What’s the response time?	A stated time, faster for urgent issues.	“We’ll get to it.”
What’s excluded?	A plain list of what’s project work.	“We do everything.”
Who fixes a hacked site?	Named process, fixes the cause.	Vague or “that’s extra.”

How to use the answers

Score the conversation, not just the brochure.

Reward specifics, distrust vagueness

A provider who answers with concrete process — tested updates, tested restores, stated response times — has thought about your bad day. Vague “we handle everything” usually means undefined scope.

Weight recovery and response most heavily

Updates and backups are table stakes; the restore test and the response-time answer are what actually protect you in a crisis. Let those answers carry the decision.

Match the depth to your site

A store needs the WooCommerce and checkout answers; a membership site needs the access answers. Use care plan examples to know which questions matter most for you.

Buying mistakes these questions prevent

Accepting “backups daily” without asking whether a restore has ever been tested.
Trusting “we handle everything” instead of getting excluded work in writing.
Not asking the response-time question until the site is already down.
Ignoring how the provider handles a hacked site and its root cause.
Choosing on monthly price before any of these answers.

The two questions we’d lead with

In our experience, you can shortcut the whole evaluation with two questions: “Have you actually restored a backup recently?” and “Who fixes my site at 1am, and how fast?” A provider who answers both with calm specifics has the ownership you’re paying for; one who deflects does not. Everything else — the feature list, the price — matters less than whether someone is genuinely responsible when things go wrong.

Lead with the restore-test and response-time questions.
Get excluded work and covered tasks in writing.
Ask site-specific questions (store, membership) too.
Judge the answers on specificity, not enthusiasm.

Frequently asked questions.

What is the biggest red flag in a WordPress care plan?

A plan that promises “everything” but cannot plainly explain backup restores, update testing, response times, and excluded work. Vagueness is the warning sign — real ownership comes with specifics.

Should a care plan include hosting?

It can make ownership cleaner when one team handles hosting and site care together, but the support and recovery process matters more than whether hosting is bundled. Ask about response and restore quality before you weigh the hosting question.

What is the single most revealing question to ask?

“Have you actually restored one of my backups, and how long did it take?” Almost everyone takes backups; far fewer have tested a restore. The answer tells you immediately whether the provider is serious about recovery.

How do I compare two plans that both say “unlimited support”?

Ask each to define a covered task versus project work, and to state response times for urgent, customer-impacting issues. The one that answers in plain, specific terms is the one whose “unlimited” actually means something.

Research sources.

This guide was checked against current platform and search documentation before publication.

/ Keep readingRelated

/ More on operations

The rest of the operator playbook.

Care PlansWordPress Care Plan Alternatives: Host, Freelancer, Agency, or Specialist?A neutral comparison of every way to get ongoing WordPress support — DIY, managed hosting, a freelancer, an agency, or a specialist care plan — and how to pick based on what the site is worth.Read post →Care PlansWordPress Care Plan Checklist for Business OwnersA practical checklist to test whether a WordPress care plan actually covers what your site needs — core protection, the customer paths that make money, and support scope — instead of marketing claims.Read post →Care PlansWhat Is a WordPress Care Plan? (And Do You Actually Need One?)A plain-English guide to what a WordPress care plan is, what it should include, what it costs, and when it is genuinely worth paying for — versus when a lighter option is fine.Read post →