Programs · Operations
Platform Maintenance
keeps the lights on.
24/7 monitoring, security patches, CMS & plugin updates, performance tuning, incident response, and the on-call team that picks up the phone. The boring work that keeps the lights on. It’s also what keeps your IT director from calling you on a Saturday.
What’s included
What you get.
01 · SECURITY PATCHING
Tested patches deployed before they make the news.
We monitor CVE feeds and security advisories for every component in your stack. Patches are tested in staging before production deployment, and high-severity vulnerabilities get expedited handling outside normal maintenance windows.
02 · CMS AND PLUGIN UPDATES
Every update reviewed by a human first.
We test WordPress and Drupal core updates, plugin and module updates in a staging environment before deploying to production. No auto-updates to live. You’re notified of every change before and after it goes out.
03 · UPTIME MONITORING
24/7 monitoring, proactive not reactive.
Continuous uptime and performance monitoring with alerting. We know your site is down before your users do, and we’re already working on it before you call.
04 · ON-CALL INCIDENT RESPONSE
A senior engineer, not a help-desk queue.
For production-impacting events, site down, security breach, form or payment failure, a senior engineer who knows your stack responds around the clock. Not a tier-one triage process.
05 · MONTHLY REPORTS
Uptime, security, Core Web Vitals.
What clients say in writing
KWALL did an excellent job and had an intuitive knowledge of our project that built on attributes of similar websites that we admired. KWALL’s work was quick and thorough, and everyone at KWALL was easy to work with and friendly.
FAQ
Questions worth asking.
What’s the starting price for Platform Maintenance and what drives the cost up?
Platform Maintenance starts at approximately $3,500 per month. Cost scales based on number of sites under the program, complexity of the stack (number of plugins or modules, custom integrations), and the level of on-call SLA required.
What’s included in the monthly security and performance reporting?
Each month you receive a report covering uptime, incident log (if any), security patches applied, plugin and module update status, and Core Web Vitals trends. It’s designed to be shareable with IT directors and leadership who need visibility without needing to log into the CMS.
How do you handle plugin or module updates that might break something?
We test updates in a staging environment before deploying to production. For sites on Pantheon or Acquia, this is built into the workflow. We don’t auto-update production, every update gets a human review first.
What qualifies as an on-call incident versus a normal support request?
On-call is for production-impacting events: site down, security breach, payment or form failure, major performance degradation. Routine requests, content fixes, minor UX questions, configuration changes, go through the normal ticket queue and are addressed within one to two business days.
We’re worried about a specific plugin with a history of vulnerabilities. Can you monitor it specifically?
Yes. If there’s a known high-risk component in your stack, we add it to our specific monitoring list and subscribe to its CVE feed. You can flag concerns like this during onboarding or at any quarterly review.
Made it to the bottom? You’re our kind of person.
Two ways from here. Skim the work and see if we’d be a fit, or send a quick note through the form. The founder reads them.
p.s. we will respond. by Tuesday at the latest.