Skip to content
mulberryinteractive
Back to blog
Performance & Maintenance

Drupal Maintenance: What You Actually Need

Tim Abbott
Tim Abbott
23 March 2026
getty-images-0MtZ6Sl7qa4-unsplash.jpg

You've got a Drupal site that works. It's doing its job. Your content team knows how to use it.

But something happened to the person or agency who built it. Maybe they moved on, maybe the relationship ended, maybe they've gotten too expensive. Now you're looking at maintenance proposals from agencies, and the numbers don't make sense.

£2,500 per month retainer, 10 hours included, additional hours at £150/hour.

For what? The site mostly just runs. You occasionally need a small update or a bug fix. Why does that require a monthly retainer?

Let me explain what Drupal maintenance actually involves, what you really need, and what you're actually paying for.

What Maintenance Actually Means

Drupal maintenance breaks down into a few categories:

Security Updates

Drupal core and contributed modules occasionally release security updates. When they do, you need to apply them, usually within days or weeks.

This is non-negotiable. Running a Drupal site with known security vulnerabilities is asking for trouble.

Reality check: Most months, there are no critical security updates. When there are, applying them typically takes 30 minutes to 2 hours, depending on complexity and your deployment process.

Feature Updates

These are updates that add features or fix bugs, but aren't security-critical. You can install them on your own schedule.

Reality check: Unless a bug is actively bothering you, you often don't need these immediately. They can wait for a regular maintenance window.

Drupal Core Updates

Major Drupal updates (like 9 to 10, or 10 to 11) are significant projects. Minor updates (like 10.1 to 10.2) are smaller but still require testing.

Reality check: You don't do these monthly. Major updates are every few years. Minor updates are quarterly at most.

Content and Configuration Changes

Your team wants a new field on a content type, a view adjusted, a menu item changed, or some other modification to how the site works.

Reality check: This is ongoing work, but it's unpredictable. Some months you need nothing. Some months you need several changes. A retainer that includes "10 hours per month" only makes sense if you consistently use those hours.

Monitoring and Backups

Someone should be keeping an eye on the site to catch problems before they become emergencies. And you need regular backups.

Reality check: Monitoring can be automated. Backups can be automated through your hosting provider. These don't necessarily require monthly developer time.

What Agencies Are Actually Selling

When an agency proposes a £2,500/month retainer, here's what you're paying for:

  • Account manager time - Someone to field your emails and calls
  • Project manager overhead - Someone to assign tickets to developers
  • Guaranteed availability - They'll prioritize your work when you need it
  • Business continuity - If one person leaves, there's a team
  • Actually doing the work - Usually 10-15 hours of developer time per month

For some organizations—especially larger ones with constant needs—this makes perfect sense. You're buying predictable support and guaranteed response times.

But if your needs are occasional, you're paying a lot for availability you don't use.

What You Probably Actually Need

Most small to medium Drupal sites need:

On-Demand Security Updates

When Drupal releases a security update, you need someone who can:

  • Assess if it affects your site
  • Apply it to a development environment
  • Test that nothing broke
  • Deploy to production
  • Monitor for issues

Frequency: Maybe 6-12 times per year 
Time per update: 1-3 hours 
Annual cost at £100/hour: £600 - £3,600

Occasional Feature Work

When you need a new field, a modified view, a menu change, or other small updates.

Frequency: Highly variable - maybe 5-10 small tasks per year 
Time per task: 1-4 hours 
Annual cost at £100/hour: £500 - £4,000

Annual Minor Version Updates

Updating from Drupal 10.1 to 10.2, for example.

Frequency: 2-4 times per year 
Time per update: 2-6 hours 
Annual cost at £100/hour: £400 - £2,400

Major Version Upgrades (Every Few Years)

Drupal 9 to 10, or 10 to 11. This is project work, not maintenance.

Frequency: Every 2-4 years 
Cost: £5,000 - £25,000 depending on complexity

Backup and Monitoring

If your hosting doesn't handle this, you need it.

Cost: £10-50/month for automated tools, or factor into hosting costs

Do the Maths

Let's add up typical annual costs for an average Drupal site:

  • Security updates: £1,500
  • Feature work: £2,000
  • Minor updates: £1,200
  • Monitoring/backups: £360

Total: £5,060 per year, or about £420 per month in actual work.

Compare that to a £2,500/month retainer: £30,000 per year.

The difference isn't fraud - it's what you're paying for availability, guaranteed response times, and agency overhead.

If you need those things, it might be worth it. If you don't, you're overpaying.

The On-Demand Alternative

Instead of a monthly retainer, many organizations do better with on-demand support:

  • Pay hourly for work when you actually need it
  • Keep a trusted Drupal developer on call for security updates
  • Handle feature work as one-off projects

Pros:

  • You only pay for time actually worked
  • No pressure to "use your hours" each month
  • Usually significantly cheaper annually

Cons:

  • No guaranteed response time (though good developers prioritize security updates)
  • You need to initiate contact when you need something
  • Availability isn't guaranteed during busy periods

For most small to medium sites, this works perfectly well.

What About Emergencies?

"But what if the site goes down at 2am?"

Fair question. Here's the reality:

Most "emergencies" aren't Drupal emergencies - they're hosting issues. Your hosting provider should handle those, not your Drupal developer.

Actual Drupal emergencies are rare. In 20 years, I can count on one hand the number of true middle-of-the-night Drupal emergencies I've dealt with.

If you need 24/7 coverage, you probably know it. You're running e-commerce with thousands of transactions per day, or you're in healthcare with critical systems. In those cases, yes, you need a retainer with guaranteed SLAs.

But if your site is primarily publishing content, serving information, or supporting your team? Emergency coverage you'll probably never use isn't worth £20,000/year.

Questions to Ask When Evaluating Support

Whether you're comparing agencies or considering on-demand support, ask:

  1. What's your actual response time for security updates? 
    "Within 24 hours" is usually fine. "Within 1 hour" sounds impressive but probably doesn't matter for most sites.
  2. What happens if I don't use my retainer hours? 
    Some roll over, some don't. If they don't, you're incentivized to find make-work to "use them up."
  3. Who actually does the work? 
    Is it a senior developer or a junior supervised by a senior? Both have their place, but pricing should reflect this.
  4. Can I scale up or down based on actual needs? 
    Maybe some months you need nothing. Maybe some months you need a small project. Flexibility matters.
  5. What's included in monitoring? 
    Automated uptime checks? Manual code reviews? Security scanning? "Monitoring" can mean very different things.

Making It Work

If you're moving to on-demand support:

  • Find someone reliable
    You want the same person or team handling your site, building familiarity with your setup.
  • Keep documentation
    Make sure you have access to your code, your hosting, and any credentials. Never be locked in.
  • Budget realistically
    Set aside £500-1,000/month for Drupal work. Some months you'll use nothing. Some months you'll use more. It averages out.
  • Stay current
    Don't skip security updates to save money. That's where actual risk lives.
  • Plan for major upgrades
    Every few years, you'll need a bigger project. Budget for it separately from ongoing maintenance.

The Right Choice for Your Site

Monthly retainers make sense for:

  • High-traffic sites where downtime is expensive
  • Organizations with constant feature development needs
  • Sites where you need guaranteed response times
  • Teams that value having a dedicated point of contact

On-demand support makes sense for:

  • Sites with occasional but unpredictable needs
  • Smaller budgets where £30k/year for support isn't realistic
  • Organizations comfortable initiating contact when needed
  • Sites where security is important but 2-hour response times aren't required

Neither is better—they're for different situations.

The mistake is paying for a retainer when you don't actually need one, or trying to run a critical site without reliable support because you're avoiding ongoing costs.

Getting Started

If you're looking for Drupal maintenance:

  1. Calculate your actual needs - How many hours per month do you really use?
  2. Decide what response time you need - Be honest about what matters for your site
  3. Get quotes for both models - Retainer vs on-demand, from 2-3 providers
  4. Check references - Especially for on-demand, you need someone reliable

You don't need to overpay for availability you'll never use. But you do need someone you can trust when you need them.

Paying too much for maintenance?

If you're paying for availability you don't use or you just need someone reliable for security updates and occasional feature work, I can help. I take on Drupal maintenance on both retainer and on-demand bases, whichever actually makes sense for your site. 

Get in touch

Related Articles