WordPress Maintenance: What Your Hosting Provider Doesn't Do (and Thinks It's Included)
Your WordPress site is hosted with Infomaniak, OVH, or o2switch. You pay your subscription every year. Is your site secure? No. Here's what hosting really includes—and everything it doesn't, contrary to what many website owners believe.
The myth of the all-in-one hosting provider
The confusion is understandable. You're paying for a "premium" hosting service. Your hosting provider advertises security, backups, and 99.9% uptime. It seems logical that your site should be "managed.".
The reality is: the hosting provider manages the infrastructure. The server, the network, the disks, the server firewall, physical availability. They don't manage your WordPress application. That's your application—that's your responsibility.
Infomaniak backs up its disks. This does not mean that your WordPress data is backed up in a usable way in case of infection or database corruption.
What the hosting provider actually does
Let's be fair to the hosting providers. Here's what they actually guarantee:
- Server availability — SLA 99.9% guarantee on the physical infrastructure
- Network security — Network firewall, basic DDoS protection
- Infrastructure backups — server snapshots, often with a retention period of 7 or 14 days, not always restoreable by the client
- Operating system updates — PHP, Apache/Nginx, and MySQL are kept up to date by the hosting provider
- Technical support for the infrastructure — if the server is down, they intervene
What the hosting provider doesn't do — and what you believe is included
| Maintenance task | Traditional hosting | MogaCode Care |
|---|---|---|
| WordPress (core) updates | No | Yes — monthly |
| Plugin updates | No | Yes — with before/after test |
| Theme updates | No | Yes |
| Security/malware scan | No | Yes — Wordfence Weekly |
| Cleaning in case of infection | No (additional charges apply) | Included in the contract |
| Off-server backup tested | Partial (untested) | Yes — monthly verified restoration |
| Response time monitoring | No | Yes — alert if > 3s |
| Performance optimization | No | Yes — after every major update |
| Monthly report | No | Yes — via WhatsApp |
| Minor bug fixes | No | Yes — up to and including 1 hour per month |
Is your site actually being maintained?
Check the date of the last updates to your plugins in your WordPress dashboard. If it's been more than 3 months, your site is vulnerable.
Activate MogaCode CareThe true cost of an unmaintained website
Owners of unmaintained websites make a simple calculation: 0 MAD in maintenance = 0 MAD in expenses. Here's the real calculation:
Cleanup after malware infection
Diagnosis, backdoor removal, access reset, core reinstallation, hardening. Emergency intervention.
Price upon requestLoss of income during downtime
An e-commerce site is offline for 48 hours during an active period. 48 hours x average revenue per hour.
Variable — often > 5,000 MADGoogle reindexing after blacklist
Google blacklists infected sites. Complete reindexing after cleanup takes 2 to 8 weeks. During this time, there is zero organic traffic.
Lasting loss of positioningGDPR compliance after a data breach
If personal customer data has been exfiltrated, the mandatory notification to the CNIL/CNDP and the customers concerned generates legal and reputational costs.
Potentially unlimitedWhat MogaCode Care includes
WordPress core, all plugins, the theme. Each update is tested in a staging environment before being applied to production.
Complete scan of code, files and database. Immediate alert if an anomaly is detected.
Files and databases are backed up nightly to storage separate from the production server. Restoration is tested monthly.
Automatic alert if your site takes longer than 3 seconds to load or becomes inaccessible. Intervention within 4 business hours.
Summary of actions taken, security status, performance, recommendations. Directly on your WhatsApp — no PDF report that no one reads.
Minor visual adjustments, bug fixes resulting from updates, text modifications. No additional charges.
Customer testimonial
""I thought my hosting provider took care of everything. When my site was hacked, they just told me it was my responsibility to maintain WordPress. I contacted MogaCode, the site was cleaned up in less than 24 hours, and since then I've slept soundly — every month I receive a message telling me that everything is fine.""
— MogaCode Care client, e-commerce sector, Casablanca
MogaCode Care — from 400 MAD/month
Updates, security, backups, monitoring. Your WordPress site in good hands — without you having to think about it.
Discover MogaCode Care