A question that comes up regularly when discussing website projects with legal professionals is a reasonable one: once the website is built, why does it need ongoing attention?
The assumption is understandable. A website, once live, might feel like a finished product. Something that simply sits there, doing its job, until something visibly breaks. At that point, someone fixes it. That is a sensible model for many things. It is not, however, how websites work.
This article explains why, in plain terms, without assuming any prior knowledge of how websites are built.
What is a website actually made of?
Most people interact with a website through a browser. They see a page: text, images, perhaps a contact form. What they do not see is the collection of software components working together behind the scenes to produce that page.
A website built on WordPress, for example, is not one piece of software. It is more like a set of interconnected tools, each maintained by a different organisation, each updated independently, and each reliant on the others working properly.
Those components typically include:
- WordPress itself — the software that powers the website and allows content to be managed.
- A framework, theme or page builder (such as Tailwind or Divi) — the layer that controls how the pages look and are structured.
- Plugins — additional pieces of software that add specific features, such as contact forms, security tools, speed improvements, or cookie consent notices.
Each of these is developed and maintained by a separate company or team. WordPress is managed by Automattic. Divi is developed by Elegant Themes. Individual plugins are created by a wide range of developers around the world. None of these organisations coordinate their release schedules with each other.
Why are these components updated constantly?
Software does not stand still. Developers release updates for a number of reasons:
- To fix security vulnerabilities as they are discovered
- To maintain compatibility with other software that has itself been updated
- To improve performance or add features
- To comply with changing technical standards
This happens continuously and without warning. A plugin that worked perfectly last month may receive an update from its developer this month that changes how it behaves. WordPress itself may release a new version that affects how certain plugins function. Hosting environments update the underlying software they run, which can affect how a website performs.
None of this is unusual or alarming. It is simply the nature of software. The web is a living environment.
What happens if a website is not maintained?
If those updates are not applied carefully and consistently, a number of problems can arise.
Security vulnerabilities
Hackers and automated tools actively search for websites running outdated software. Known vulnerabilities in older versions of WordPress or popular plugins are published openly, and sites that have not been updated become targets. A compromised website can be used to send spam, steal data, or serve malicious content to visitors, none of which reflects well on any professional organisation.
Incompatibility
When one component updates but others do not, they can stop working together properly. This might cause minor display issues, or it might cause entire sections of the site to stop functioning. Contact forms may fail silently. Pages may not load correctly. In more serious cases, the site may go offline entirely.
Degraded performance
Outdated software is often slower and less efficient than current versions, which can affect how quickly pages load and how the site performs in search results.
“But can’t the site just be built without any of these third-party tools?”
This is a question worth addressing directly, because it reflects a genuine concern: if the reliance on third-party software creates ongoing maintenance requirements, why not simply build something that does not have those dependencies?
In principle, it is possible to build a website using entirely custom code, written from scratch, with no reliance on platforms like WordPress or third-party plugins. In practice, this approach:
- Costs significantly more to build.
- Takes considerably longer to develop.
- Still requires ongoing maintenance, because the server environment it runs on will still change, security issues will still arise, and browsers will still update in ways that can affect how the site behaves.
Custom-coded sites are not maintenance-free. They are simply a different type of ongoing commitment, usually a more expensive one.
For the vast majority of legal sector websites, chambers sites, law firm websites, barrister profiles, a well-maintained WordPress build is the most practical and cost-effective approach. It is the same platform used by a significant proportion of the web, including many large organisations, precisely because it is reliable, flexible, and well-supported.
What does website maintenance actually involve?
To be specific about what ongoing maintenance looks like in practice:
- Plugin updates — applied carefully and checked for compatibility, typically at least once a week.
- WordPress core updates — applied when new versions are released, tested to ensure nothing breaks.
- Theme, framework, and page builder updates — applied and tested each time developers release a new version, to ensure the site continues to display and function correctly.
- Security monitoring — keeping watch for known vulnerabilities and responding quickly when they arise.
- Compatibility checks — ensuring that updates from one component do not cause problems with others.
- Backups — maintaining recoverable copies of the site so that, if something does go wrong, it can be restored quickly.
This is not the kind of work that resolves itself or becomes less necessary over time. The software ecosystem around WordPress continues to evolve, and the work of keeping a site stable, secure, and functional evolves with it.
A useful comparison
Consider the software on a mobile phone. When a phone is new, it works well. Over time, the operating system and the apps on it receive updates, sometimes to add features, more often to fix problems and maintain security. If those updates are ignored for long enough, the phone becomes slower, less secure, and some apps eventually stop working properly.
No one would expect a phone to run indefinitely without updates simply because it worked when it left the factory. A website is no different.
What Square Eye provides and what it does not
It is worth being clear about the scope of the maintenance service Square Eye provides, because this is sometimes a source of confusion.
Square Eye provides website maintenance. This covers the ongoing software updates, security monitoring, compatibility management, and related technical work described above.
Square Eye does not provide website hosting. Hosting, the service that keeps a website connected to the internet and accessible to visitors, is a separate function, managed separately. That said, Square Eye liaises directly with hosting providers on clients’ behalf, so there is no need to navigate technical conversations with a host independently. Any hosting-related issues that arise are handled as part of the support package.
On the question of third-party incompatibilities: if an update to a plugin or framework causes an unexpected problem, Square Eye will immediately roll back that update to restore normal service. The cost of investigating and resolving the underlying issue is not covered within the standard maintenance package, since the cause lies with a third-party developer rather than with the maintenance work itself. However, Square Eye will manage the situation throughout, working with the client to agree on the most appropriate course of action. That might mean troubleshooting and fixing the problem, waiting for the third-party developer to issue a patch, removing the feature that caused the conflict, or finding an alternative solution. The website will not be left in a compromised state while that process unfolds.
A final note on reliance on third-party systems
It is natural to feel uncertain about a service that depends on software produced by organisations outside of the relationship. That uncertainty is worth acknowledging.
The reality is that almost all modern websites, including those of the largest law firms and most prominent chambers in the country, operate in the same way. WordPress powers a significant proportion of the web. The tools built around it are used by millions of organisations globally, and are actively maintained by large, well-resourced developer communities.
The alternative is not independence from third-party software. It is a different set of third-party software, at greater cost, with fewer people maintaining it.
What ongoing maintenance provides is not a guarantee that nothing will ever go wrong. It is the professional oversight that catches problems early, applies fixes promptly, and keeps the site functioning as intended, in the same way that regular servicing keeps a vehicle roadworthy, even if the roads themselves keep changing.
