Don’t Make Me Think About It Again

Key takeaways:

• The real client brief has always been “make it look good, make it work, don’t make me think about it again”, and the industry deliberately overcomplicates this because complexity justifies higher fees.
• The third part of that brief (“don’t make me think about it again”) is the hardest to deliver, and most WordPress maintenance service offerings fail at it because they’re built around visible activity rather than invisible reliability.
• A website that genuinely disappears from a client’s mental load is the result of systems and habits built over years, not a checklist, not a monthly report, not a retainer that generates noise to justify its existence.

The brief nobody writes down but everybody means

Twenty-five years of client calls, and the brief is almost always the same. The language changes. The industry someone’s in changes. The size of the budget changes. The brief doesn’t.

Make it look good. Make it work. Don’t make me think about it again.

The first two get most of the attention. Agencies spend weeks on design reviews. Developers write documentation about feature builds. Clients give detailed feedback on button colours and font sizes. Everyone focuses on what they can see.

The third part of the brief gets mentioned once, usually near the end of a kickoff call, almost as an afterthought. “And once it’s live, we just want it to run itself, you know?” And then everyone nods and moves on and nobody defines what that actually means or how it gets measured or who owns it.

That gap is where most website relationships go wrong.

Why does the industry make this so complicated?

Complexity justifies higher fees. That’s the short answer, and it’s one I’m comfortable saying after building websites since before most of the current vendor ecosystem existed.

Back in 2003 when I started using WordPress, it was a tool that solved a real problem: letting people publish to the web without writing HTML for every page. It was genuinely simple. The complexity came later, and most of it wasn’t driven by what websites actually needed. It was driven by what agencies needed to sell and what software companies needed to charge for.

The honest truth about what most business websites require is not particularly exciting to say at a conference. You need a reliable host. You need updates applied consistently. You need backups that actually work (tested, not just running). You need someone checking that the site is up, that forms are submitting, that payment flows aren’t silently broken. You need someone who notices the slow bleed before it becomes a crisis.

That’s most of it. Not glamorous. Not a 47-slide deck. Not a “digital experience strategy.” Just competent, consistent, invisible work.

The industry built an entire vocabulary to make this sound more complicated than it is, because if it sounds complicated, you can charge more for it. I’ve watched this happen in real time over two decades. Every few years there’s a new layer of jargon layered on top of essentially the same set of tasks.

What does “don’t make me think about it again” actually mean?

It means the website disappears from the client’s mental load. Completely.

Not “I check it occasionally and it seems fine.” Not “I get a monthly report I skim and file.” Disappeared. Like electricity. Nobody lies awake worrying about whether electricity will come out of the wall tomorrow morning. It just does. That’s the standard.

Most clients who have been burned by a bad experience with a previous agency or developer describe the same pattern: something broke, they didn’t find out about it until a customer told them, and then there was a scramble. Or: the site got hacked, and they found out because of a Google warning, not because anyone was watching. Or: a plugin update silently broke the checkout and they lost two days of orders before anyone noticed.

Those aren’t horror stories. They’re the normal consequences of treating a website like a car you only service after it breaks.

I had a client come to us a couple of years ago, a mid-sized professional services firm, who’d had the same WordPress site running since 2019. Nobody had touched it since it launched. The developer who built it had moved on. No backups. Plugins years out of date. PHP version so old the host had flagged it three times. The site still looked fine on the surface. Underneath, it was one bad actor away from a serious incident.

When we audited it, there were 23 unpatched vulnerabilities. The contact form had been broken for at least four months. They had no idea. A client had been trying to reach them through it without success, and had gone to a competitor. That’s the cost of treating “don’t make me think about it again” as a passive thing that just happens if you don’t touch anything.

Why do most WordPress maintenance service offerings miss the point?

Because they’re built around visible activity rather than invisible reliability.

I’ve reviewed a lot of competitor maintenance packages over the years, both out of curiosity and because clients show them to me asking what I think. The pattern is consistent. They lead with the list of tasks. Updates applied monthly. Uptime monitoring. Security scanning. Backup frequency. Report sent on the 1st.

The report is the tell. A monthly report is a visibility artifact. It exists so the client feels like something is happening. It exists so the agency can justify the retainer. It does not exist because it makes the website more reliable or removes the site from the client’s mental load.

A client who receives a monthly report about their website has to spend time thinking about their website every month. That is the opposite of what they asked for.

What removes the website from a client’s mental load is a combination of things that aren’t on most checklists: having a single person responsible (not a rotating support inbox), having that person proactively contact the client when something needs attention rather than waiting for the monthly report cycle, and having clear escalation protocols that mean the client is never the person who discovers a problem.

The goal isn’t activity. The goal is silence. When the person responsible for a website is doing their job properly, the client hears nothing, because there’s nothing to hear.

Does every site need this level of attention?

No, and I’ll be direct about that.

A five-page brochure site for a sole trader who gets three enquiries a month needs almost nothing. Keep the hosting current, apply updates when they’re significant, make sure the backup is running. Maybe three hours of work a year. Selling that client a $300/month maintenance retainer is a misalignment.

A WooCommerce store processing orders daily, or a professional services firm whose website is the primary channel for new client enquiries, or any business where the website going down for six hours has a measurable dollar cost, that’s different. The calculation changes completely.

The question I ask clients is simple: if your website went down at 9pm on a Friday, what would it cost you by Monday morning? If the answer is “probably nothing, most of my customers call anyway,” the maintenance requirement is light. If the answer involves real numbers, real revenue, real client trust, then the calculus around what you spend on a WordPress maintenance service changes fast.

The industry rarely has this conversation honestly, because it’s more profitable to sell the same package to everyone. My team at Chillybin sizes this differently for each client, because the risk profile is genuinely different.

What does good maintenance actually look like?

It looks like nothing, from the client’s perspective. That’s the point.

Behind that silence, the work is consistent and unglamorous. Updates applied with a testing protocol that doesn’t just push changes live and hope. Backup systems that are tested by actually restoring from them, not just confirmed as “running.” Uptime monitoring with sub-five-minute alerting, and a person who responds to that alert at 9pm if that’s when it fires. Performance benchmarks tracked over time so a slow degradation is caught before it becomes a 47% drop in conversion. Security scanning that acts on findings rather than reporting them.

There’s a version of this work that takes 20 minutes a month. And there’s a version that takes 20 minutes a week. The difference is almost invisible on the surface (both websites look fine) but one of them is sitting on 23 unpatched vulnerabilities and a broken contact form, and nobody knows yet.

The thing I’ve learned from doing this since 2003 is that the work compounds. A site maintained consistently for five years is an entirely different beast from one that’s been ignored for five years and then handed to someone to “fix.” The maintenance cost is low and consistent. The recovery cost is high and unpredictable. Businesses make this trade constantly, usually without realising they’ve made a trade at all.

Back in 2003 we used to joke that the most dangerous words in web development were “the site’s been running fine, we haven’t needed to touch it.” Nothing had changed. Everything had drifted. Those are different things.

The brief is almost always “don’t make me think about it again.” Delivering that isn’t about a checklist or a report or a retainer structure. It’s about building the kind of systems and habits that make the silence sustainable. That takes time to get right. Twenty-five years, give or take.