A client called me at 9pm on a Tuesday last March. Her contact form had been silently dropping submissions for three weeks. We dug in: a WP Rocket update had quietly changed how it cached form responses, and Contact Form 7's spam filter was now flagging everything. She'd lost — at minimum — twelve leads. That afternoon I'd already spent two hours rolling back a Yoast update that broke her sitemap.
That night was the moment we knew we had to build BrightSite.
Here's the thing about WordPress: the platform is free. The headline number you see — $5/month for hosting, $50 for a theme — is real. It's also the smallest part of the bill.
The line items nobody puts in the brochure
Plugins. A typical client site we inherited from another agency runs 23 plugins. The free tiers stop solving real problems quickly, so you upgrade. Yoast SEO Premium: $99/year. WP Rocket: $59/year. Gravity Forms Elite (because you need Stripe integration): $259/year. UpdraftPlus Premium: $99/year. WooCommerce Subscriptions if you're doing memberships: $239/year. The conservative budget for a real production WordPress site is $500-1,500/year in plugin licenses.
Hosting that actually stays up. The $5/month shared hosting plans work until your site catches a small wave of traffic. We've watched Bluehost sites collapse from a single Instagram mention. Managed WordPress hosting that handles real load — Kinsta, WP Engine, Pressable — starts at $35/month and scales fast. Most of our clients with meaningful traffic land in the $100-300/month range.
Security. WordPress runs ~40% of the web, which means it's the single largest attack surface online. Wordfence Premium: $119/year. Sucuri firewall and malware scanning: $200-500/year. Either you pay these line items or you pay for cleanup after a breach (we've billed $4,000+ to clean up a single compromised site).
Backups. Your host's backups are usually inadequate — most retain only 7-30 days and restoration takes hours of support tickets. UpdraftPlus Premium, BlogVault, BackupBuddy — pick one, budget $50-150/year.
The maintenance retainer. Somebody has to update plugins, test that updates didn't break the site, roll back when they did, fix the things that broke anyway, and patch security holes within hours of disclosure. Agencies charge $100-500/month for this. If you don't have it, you're doing it yourself — and the time cost is real. I used to spend 6-8 hours a week on plugin update Tuesdays before we built BrightSite. I have those hours back now.
The actual annual bill
For a typical small business site we used to run on WordPress — no e-commerce, managed hosting, agency maintenance retainer — here's the real cost we used to quote clients:
- Managed hosting: $1,200/year
- Plugins (licenses): $800/year
- Security + backups: $250/year
- Agency maintenance retainer: $2,400/year
Total: $4,650/year. Before anyone has touched the actual website to ship a single content update or design change.
This isn't a gotcha. This is what running a production WordPress site costs. The platform's flexibility is real — and the maintenance burden is the bill for that flexibility.
The unfixable root cause
Plugin updates are the core problem, and they're not solvable inside the WordPress architecture. Each plugin is independently developed, on its own release schedule, with its own bugs. WordPress core releases break plugins. Plugin updates break each other. Updating one breaks two. The maintenance retainer exists because somebody has to be on call when an update takes the site down at 9pm on a Tuesday (see paragraph one).
You're also paying for an architecture designed for 2003. WordPress was originally for blogs — many editors, one site, lots of plugins. The database structure, the request lifecycle, the plugin hook system are all tuned for that shape. It runs everything from e-commerce to membership sites today because the web ran on it for fifteen years, not because it's the right tool for those jobs.
What we built instead
After that night, I sat down with my co-founder Courtney and we sketched out what we actually wanted: one platform, no plugins, no maintenance, with the features every site needs already built in. That became BrightSite.
The plumbing is invisible: hosting, security, backups, updates, performance optimization, forms, analytics, session replay, SEO — all included, no separate vendors. Pricing is fixed at $39, $79, or $149/mo per site. No plugin licenses to renew, no maintenance retainers, no 9pm phone calls.
The trade-off is real: BrightSite isn't a fit for every project. Custom WooCommerce stores with deep plugin dependencies, sites that need 50 niche integrations, or teams that have already invested heavily in WordPress expertise should probably stay where they are. We're not trying to replace WordPress for everyone — we're trying to replace it for the small businesses and agencies who never wanted to be in the plugin maintenance business in the first place. If that's you, see how BrightSite compares.
The point isn't that WordPress is bad. WordPress is a remarkable piece of software that powers a meaningful chunk of the internet. The point is that "free" comes with a $4,650/year bill, and you should know what it is before you sign up.