Skip to content
WordPress Care & Security

WordPress Maintenance
& Security.

WordPress maintenance, security hardening, and malware removal, handled by a US-based team in Minneapolis. Monthly care plans keep your site patched, fast, and safe. One-time engagements clean up hacks and close security holes. Billed at $85/hr, weekly invoices, no lock-in.

Adobe
Moz
SEMrush
BBB · Better Business Bureau
WordPress
CTM · CallTrackingMetrics
Clutch
Adobe
Moz
SEMrush
BBB · Better Business Bureau
WordPress
CTM · CallTrackingMetrics
Clutch
Adobe
Moz
SEMrush
BBB · Better Business Bureau
WordPress
CTM · CallTrackingMetrics
Clutch

Verified Proof

We tested 21 Minneapolis web design agencies. We ranked #1.

Our site scored 98 on Lighthouse mobile with a 2.2-second LCP, the fastest in the Minneapolis market. See every agency's actual Lighthouse score, including the 16 that failed Core Web Vitals.

See the 2026 Speed Report
How We Work

Maintenance that prevents fires.
Not just puts them out.

01

Health Check

We audit your WordPress core, plugins, themes, security, speed, and error logs to see exactly where the site stands.

02

Harden

We close known holes, lock down logins, add a firewall and off-site backups, and shut off anything that should not be running.

03

Clean & Fix

We remove any malware, repair broken code and errors, and fix whatever is making the site slow.

04

Monitor

Round-the-clock uptime and security monitoring so problems get caught and handled before they turn into outages.

05

Maintain & Report

Ongoing core, plugin, and theme updates, plus a plain-English monthly report of everything we did and why.

What We Handle

What does WordPress
maintenance actually cover?

Security Updates & Patching

WordPress core, plugins, and themes updated on a schedule, tested so an update never breaks your site. Most hacks exploit outdated code, so staying current is the single biggest thing that keeps you safe.

Malware Removal & Cleanup

Site hacked, defaced, or flagged by Google? We find and remove the infection, clean the files and database, restore your site, and close the hole that let it in. Available as a one-time emergency fix or as part of a plan.

Security Hardening

Firewall setup, login lockdown and two-factor, file-permission fixes, disabled file editing, and removal of abandoned plugins. We shrink the attack surface so there is far less for a bot to find.

Performance & Speed Tune-Ups

A slow WordPress site is usually a bloated one: heavy plugins, uncached pages, oversized images, a cluttered database. We find what is dragging it down and fix it, so pages load fast and Core Web Vitals pass.

Backups & Uptime Monitoring

Automated off-site backups so you can roll back in minutes, not days, plus round-the-clock uptime and security monitoring that alerts us the moment something breaks or looks wrong.

Error & Bug Repair

White screen of death, plugin conflicts, broken checkout, a contact form that stopped sending? We track down the cause and fix it, whether it is a one-time emergency or an ongoing part of your plan.

Why WordPress securitymatters more in 2026.

For years, hacking a WordPress site meant a human sitting down and probing it by hand. That era is ending. Attackers now run automated bots, and increasingly AI agents, that crawl the web, fingerprint exactly what software each site runs, and cross-check it against public lists of known security holes, thousands of sites at a time.

AI has made the whole cycle faster. An agent can read a plugin's code, spot an exploitable flaw, write the attack, and chain several weaknesses together into a working break-in, often within minutes of a vulnerability being disclosed. The gap between "a flaw gets announced" and "bots are exploiting it in the wild" used to be days. Now it can be hours. If your plugins are a week behind, you are already exposed.

WordPress runs about 43% of the entire web, which makes it the single biggest target online. And most break-ins don't exploit WordPress itself, they exploit one outdated plugin or theme, the exact kind of unglamorous, easy-to-postpone maintenance a busy owner (or even a busy developer) lets slide. Staying patched, hardened, and monitored isn't a nice-to-have anymore. Against automated attackers, it's the whole game.

43%
of all websites run on WordPress (W3Techs), which makes it the number-one target for automated attacks.
Minutes
is how fast bots can start exploiting a newly disclosed vulnerability, far faster than manual attacks ever moved.
Plugins
and themes, not WordPress core, are where the large majority of break-ins start. Outdated add-ons are the open door.
24/7
attacks run around the clock from bots that never sleep, which is why monitoring can't be a once-a-month task.
Two Ways To Work With Us

A second set of eyes,whenever you need one.

You don't have to be between developers to bring us in. If your WordPress site is running slow, throwing errors, or just feels neglected, a second set of eyes almost always finds something, even when a capable developer is already on it. Security and performance are their own specialty, and they're the easiest things to deprioritize when someone is heads-down shipping features.

We're comfortable working alongside your existing team. You keep your developer for new features and design; we handle the unglamorous maintenance, monitoring, and security work in the background. No turf war, no stepping on toes, just fewer 3 a.m. surprises. Christopher leads the work, with a small family-owned team behind him, so there's continuity and someone always watching.

We offer monthly plans. For most sites the right answer is a monthly care plan: a set block of hours each month for updates, backups, monitoring, hardening, speed tune-ups, and the small fixes that pile up. It's predictable, it's proactive, and it means someone is watching your site when you aren't. Billed at our flat $85/hr, weekly invoices, no lock-in.

We also offer one-time engagements. You don't need a plan to work with us. Hire us for a specific job, remove malware from a hacked site, close a security hole, or repair a broken feature, and then you're on your way. Start with a one-time fix and move to a plan later, or never. Entirely your call.

Tools & Platforms

FAQ

Frequently Asked Questions
About WordPress Maintenance

Minneapolis Made bills WordPress maintenance at $85 per hour, invoiced weekly, with no lock-in. You can work with us two ways: a monthly care plan with a set block of hours for ongoing updates, monitoring, and support, or a one-time engagement to remove malware, fix a security hole, or repair errors. We scope every plan after a free site health check so the hours match what your site actually needs.

A monthly plan covers core, plugin, and theme updates, security hardening, malware scanning, off-site backups, uptime and security monitoring, performance and speed tune-ups, and repair of the small errors that pile up over time. You also get a plain-English monthly report so you always know what changed and why.

Yes. Malware removal is one of our most common one-time engagements. We find and remove the infection, clean the affected files and database, close the security hole that let it in, restore your site, and harden it so it does not happen again. If you want ongoing protection afterward, we can move you onto a monthly plan, but you are never required to.

Both. Monthly care plans are for ongoing maintenance, updates, and monitoring. One-time engagements are for a specific job: removing malware, closing a security hole, or repairing errors and broken features. Pick whichever fits, or start with a one-time fix and move to a plan later.

A second set of eyes catches what a single developer, however good, can miss, especially on security and performance. If your WordPress site is running slow, throwing errors, or overdue on updates, we can audit it, find the problem, and fix it without stepping on your existing team. Many clients keep their developer for features and use us specifically for maintenance and security.

Yes, and the risk is rising. Attackers now use automated and AI-assisted tools to scan sites for known vulnerabilities and exploit them faster than a human ever could, often within minutes of a flaw being disclosed. WordPress runs about 43% of the web, which makes it the biggest target online. Staying current on patches and hardening is no longer optional.

Keep your WordPress site
fast, patched, and safe.

Tell us what's going on, a slow site, a hack, or just updates you've been putting off. We'll run a free health check and tell you exactly what it needs.

Get a Free Site Health Check
What clients say
5.0 / 5
5.0 average from 5 Google Business Profile reviews
Verified at business.google.com/reviews
5 out of 5 stars

I have used a number of "seo guys" and webmasters who talk a good game but just took my money. CJ DELIVERS! I have relied on his sound advice and guidance for nearly a decade now and can attest to his superior approach to all things seo. My site has been number one almost all the time and I have never left page one for my most valuable search terms while my site has been under his careful eye. He understands the business and how Google changes constantly, and he helps me adapt to it. I cannot recommend his services highly enough.

Rick West
Richard West Law Office, Bankruptcy counsel in Ohio for over 40 years
Google Review
5 out of 5 stars

Mpls made has handled web design and advertising for us since 2016. It's nice to work with an organization that you are still able to deal with a human!

Steven Ehlen
Long-standing Minneapolis Made client since 2016
Google Review
5 out of 5 stars

Been putting off rebuilding my site for months. The old version wasn't terrible but it was slow, the back end was a mess, and somewhat embarrassing. Got recommended to CJ and the new site is in a different league.

Avalon Reset
Minneapolis Made web design client
Google Review
5 out of 5 stars

Great web design and SEO. Highly recommend.

Jake St. Peter
Local Guide · 55 reviews on Google
Google Review
5 out of 5 stars

Great service, fixed my site, done in 3 days, thank you kindly.

Daniel Agrici
Minneapolis Made web design client
Google Review

Minneapolis Made

10 S 5th St STE 838
Minneapolis, MN 55402
Open 24/7 · Mon–Sun

Service Area

WordPress maintenance, security, and malware removal for businesses across the entire 7-county Twin Cities metro area: Hennepin, Ramsey, Dakota, Anoka, Washington, Scott, and Carver counties, plus remote clients nationwide.

TWIN CITIES SERVICE AREA

Where we work in the Twin Cities

Headquartered in downtown Minneapolis. Dedicated landing pages for the suburbs we work in most often.

Plus Wayzata, Saint Louis Park, Richfield, Hopkins, and the broader 7-county Twin Cities metro on a project basis.

Share this view