Wondering how to sell website security? Try pitching care plans.

Offer peace of mind

As a web pro, you’re already familiar with the need and steps to set up a WordPress maintenance business, why all clients should be required to sign up for a care plan, and why maintenance is an ongoing process, not just an occasional task.

You’re convinced it’s the way to go, but how do you convince clients that care plans are a key element of improving and maintaining the security of their website?

Care plans are actually a straightforward sell, focusing on just three aspects:

  • Clients understand the need for expertise — they know they want the best service.
  • Clients understand the need for optimization — they know they want the best website that brings in business.
  • But security? Most clients may guess they need it, but it’s typically not something they want to understand or deal with.

To educate clients on the need for security, I rely on five FAQs. After answering these questions, I swoop in for the pitch by tying everything back to my care plan as the solution in a bid to sell website security.

Related: How to educate your clients about website security basics 

Sell website security by answering 5 questions

Want a more clear-cut way to sell website security to your website clients? Answer these five questions for them:

  1. Why would anyone want to hack my site, and why would a hacker care about me?

  2. Why are content management systems such as WordPress a target?

  3. How do sites get hacked?

  4. What can be done to prevent hacking?

  5. But after all that, what if my site still gets hacked?

Read on for my five FAQs that will help you close the deal.

1. Why would anyone want to hack my site, and why would a hacker care about me?

Would you leave windows open while on vacation? Would you leave your laptop sitting on the front seat of your unlocked car in a parking lot? Probably not. Your website, left unattended, could be an easy target in precisely the same way.

Hacking is a crime of opportunity.


Size, traffic and popularity don’t factor into the decision about which sites to target. With an automated approach, the hacker doesn’t even know whose site it is. They crawl through many sites simultaneously, on the lookout for low-hanging fruit — in this case, vulnerabilities.

Once they’re in, possible benefits to the hacker include:

  • Using your server to send spam, perform brute force attacks or otherwise behave badly.
  • Sending your site visitors to a malicious site, or other sites generating affiliate income on their behalf.
  • Hosting pages on your domain, thereby accruing the benefits of your domain authority and good reputation.
  • Infecting your visitors’ computers with malware or malicious software.

Related: Understanding Online Security Threats 

2. Why are content management systems such as WordPress a target?

Sell Website Security WordPress Logo

There are a few reasons that WordPress sites are prime targets for hacks:


As of May 2018, WordPress sites comprised 30 percent of the entire internet, making it a prime hacking target.

Inexperienced users

Many WordPress sites are created by the DIY crowd, not web pros — so they simply don’t know what they don’t know, when it comes to protecting their site.

Lack of understanding about how maintenance plays a part in security

If a site gets hacked, it’s not the fault of WordPress, but the lack of experience around taking care of a WordPress site.

Related: GoDaddy small business website security report 

3. How do sites get hacked?

The most popular approach is to look for sites that have not battened down the hatches against known security issues. When vulnerabilities are discovered, software updates or patches are released to address them. It’s the same approach used with your computer or phone — and it’s in your best interests to install updates when they are released.

Surprisingly, only about 25 percent of all WordPress sites are running the most current version of WordPress — and the majority of infected WordPress sites are out of date in this regard. Other targeted weaknesses include:

  • Outdated or vulnerable plugins.
  • Outdated or insecure themes.
  • Weak login credentials and passwords.
  • Vulnerable hosting situations.

Related: WordPress Security Resources 

4. What can be done to prevent hacking?

Even the best, most well-maintained plugins and themes could have a security issue. One reason I stick with popular and well-maintained site components: they have staff dedicated to finding and fixing issues quickly.

Based on the previous question, it’s easy to determine some targeted preventive measures:

Sell Website Security Cybercrime

But that’s not enough. Ongoing proactive activities help identify security issues — including malware, blocklisting, malicious scripting, redirects and more — before they become serious problems. Proactive activities include:

Related: Tools to Secure a Website 

5. But after all that, what if my site still gets hacked?

There is no magic solution that can promise with 100-percent certainty that a website will never get hacked. What clients need are just two solutions:

  • A way to do everything possible to prevent hacking.
  • A way to promptly and completely clean and restore a site that still gets hacked — despite their best efforts.

Now, how does this tie into the pitch for a care plan?

Questions 1, 2 and 3 provide background material to make the case for addressing security proactively. It is no coincidence that questions 4 and 5 identify needs to be met, and the care plan fulfills those needs by:

  • Addressing the items and tasks that minimize risk.
  • Having notification systems in place, so security issues are known as soon as they occur.
  • Having the resources in place to deal with any issues that crop up — from diagnosing and removing malware, to restoring from clean backups.

Still in need of more pitch material to sell website security? Keep in mind these additional sound bites:

  • Security is a necessary obligation of owning a website.
  • Precaution is preferable to dealing with recovery.
  • The best defense is a good offense.
  • Recovering from a successful hacking attack costs money, hijacks your attention, and in general, ruins your day.
  • Paying a small monthly fee for a care plan is a valuable insurance policy.

In the end, the sale is not around security, per se — it’s around peace of mind. And addressing security concerns via your care plan is the best way to ensure that peace of mind.