Every WordPress agency page reads the same. Pixel-perfect designs, blazing-fast sites, dedicated support, a logo wall of clients you’ve never heard of. The decks are interchangeable. You could swap the names and nobody would notice. None of it tells you what you actually need to know, which is what this relationship looks like six months from now, on the Tuesday when checkout silently stops processing cards and you can’t reach anyone.
We’ve run a WordPress and WooCommerce studio for nine years. Most of our clients are in the US, some in Canada, the UK, and Australia. We’ve inherited a lot of sites built by other shops, and we’ve watched what breaks and why. So here is the buyer’s guide we wish more founders had before they signed. It includes the things you should watch for in agencies like us.
The sales page is not the product
The thing being sold to you is a launch. A nice design, a handoff, an invoice. But the design is maybe a third of the actual work, and the launch is the easy part. The hard part is everything after: the plugin that conflicts after a WordPress core update, the form that quietly stops sending emails, the image library that balloons to 40GB, the SEO migration that drops your rankings because nobody set up the redirects.
A good agency is selling you the next three years, not the launch week. The way you tell the difference is by asking questions the polished pitch doesn’t answer. Most of those questions are boring. Boring is the point. The boring answers are where the money and the heartburn live.
The questions worth asking before you sign
You don’t need to be technical to ask these. You need to listen for whether the answer is specific or evasive. Specific is good. Evasive means they either don’t know or don’t want you to.
Who actually does the work?
You met a charming account person and a senior-sounding founder. Fine. Now ask who writes the code, who builds the pages, where they sit, and whether that same person is around in a year. A lot of shops sell with their A-team and deliver with a rotating cast of contractors who’ve never spoken to you. That’s not automatically bad. Continuity is what matters. Ask: if the person who built my site leaves, who picks it up, and how do they know what was done? If the answer is a shrug, the answer is nobody.
What stack, and why this one?
There’s no single right answer, but there should be a reason. We build primarily in Bricks now, after years in Elementor, because Bricks produces cleaner markup and lets us drop into code when a layout needs it. We host on Kinsta because managed infrastructure with real staging and daily backups removes a whole category of 11pm problems. Someone else might have good reasons for a different setup. What you want to hear is a reason tied to your project, not “this is just what we always use” and not a list of trendy tools with no logic connecting them.
What happens after launch?
Push hard here. WordPress is not a set-and-forget platform. Core, themes, and plugins update constantly, and updates occasionally break things. Security patches come out the day vulnerabilities go public. Someone has to be watching. Ask exactly what’s covered after launch, what it costs, who you call when something’s down, and how fast they respond. “We offer support” is not an answer. “We patch within 48 hours of a Wordfence advisory, we test updates on staging first, and you get a same-business-day response” is an answer.
Who owns the site and the logins?
This one is non-negotiable and people forget to ask it. You should own your domain registrar account, your hosting account, your WordPress admin, your DNS, and any third-party accounts like Klaviyo or your payment gateway. The agency can have access. The agency should not be the only one with access, and your domain should never be registered under the agency’s name. We’ve untangled clients from shops that held the domain hostage during a billing dispute. It is ugly and it is avoidable.
How do they handle updates and backups?
Ask where backups live, how often they run, how far back they go, and how long a restore takes. A backup you can’t restore in fifteen minutes during an outage is decorative. On Kinsta we get daily automatic backups plus manual restore points before any risky change, and we keep an off-host copy too, because one backup in one place is one disaster away from zero backups. Ask the same of whoever you’re hiring. If they don’t have a crisp answer, they haven’t had the bad night yet that teaches you to.
How do they scope and price?
You want a fixed scope in writing with a fixed price, or a clearly defined hourly arrangement with a cap and regular reporting. What you don’t want is a vague “starting at” number that balloons through change orders nobody warned you about. A real scope says what’s included, what isn’t, how many rounds of revision the design gets, and what a change after sign-off costs. For context, a well-built WordPress store on Kinsta runs US$35 to 200 a month all-in for hosting and tooling, separate from build cost. If an agency can’t even ballpark your ongoing costs, they haven’t run sites long enough to know them.
The red flags, including the ones we’d warn you about ourselves
Some of these are easy to spot in a sales call if you know to listen. Others only show up in the contract or six months in. Here’s what we watch for.
- Page-builder lock-in with no code access. Some builders generate such tangled markup that nobody but the original shop can touch the site, and migrating off means a full rebuild. Ask whether you’ll have full access to the theme files and database, and whether the build can be maintained by another competent developer. If leaving requires starting over, you’re not a client, you’re a hostage.
- “Unlimited revisions.” This sounds generous. It’s a tell. Unlimited revisions means scope was never defined, which means the project has no end and no fixed price, which means it ends when one of you gives up. Bounded revisions with a clear change process protect both sides.
- No staging environment. If they edit the live site directly, walk. Every change should be tested on a staging copy first. Editing production is how a typo takes down checkout on a Friday afternoon.
- Vague post-launch support. “We’ll be there if you need us” is not a plan. No SLA, no defined hours, no documented response time means support is whatever they feel like that week.
- Holding your domain or hosting hostage. Anything registered in the agency’s name instead of yours is leverage they can use against you later. We’ve seen it. Insist on owning the accounts.
- Offshore churn with no continuity. We’re India-based ourselves, so this isn’t about geography. It’s about turnover. A shop that swaps developers every few months with no documentation and no handoff will lose the context that keeps your site healthy. Ask how they retain knowledge about your specific build.
That offshore point cuts at us too, and it should. Being in India is not the risk. Being a churn shop is the risk, and those exist in every country, including expensive ones in your own time zone. Judge the continuity, not the address.
The engagement model that actually works
After nine years and a lot of inherited messes, here’s the shape of an engagement that holds up. None of it is clever. All of it is the stuff that gets skipped when everyone’s excited about the new design.
Fixed scope, in writing
Both sides agree on what’s being built before anyone opens a builder. Pages, features, integrations, revision rounds, timeline, price. Changes after sign-off go through a short, documented process so nobody’s surprised by an invoice. This protects you from scope creep and protects the agency from the project that never ends.
Staging-first, always
Nothing touches your live site until it’s been built and checked on staging. Plugin updates, core updates, design changes, all of it. This is the difference between a quiet maintenance window and an outage during business hours. It’s also how you can review work before it’s public.
A real care plan, not “support”
A monthly arrangement with actual contents: WordPress core, plugin, and theme updates tested on staging, security monitoring with something like Wordfence, performance via WP Rocket and Cloudflare, daily backups with verified restores, uptime monitoring, and a defined response time when something breaks. You should know what’s covered and what costs extra. The point of a care plan isn’t to bill you monthly. It’s that the person who knows your site is already watching it when the bad night comes, instead of meeting it cold.
You own everything
Domain, hosting, admin, DNS, third-party accounts, all in your name with the agency granted access. If you part ways, you keep your business intact and hand the keys to whoever’s next. A confident agency has no problem with this, because they keep clients by being good, not by holding the door shut.
The honest close
Most of choosing a WordPress agency is just refusing to be rushed past the boring questions. The design will be fine. Almost everyone’s design is fine now. What separates a good build from an expensive regret is whether the people behind it have lived through the second year of a site they made, and built their process around what they learned. You can hear that in how they answer. Specific, a little weary, honest about tradeoffs. That’s the sound of someone who’s been paged at 11pm and changed how they work because of it.
Ask the boring questions. Read the contract. Own your accounts. And if an agency gets defensive when you ask who owns the domain or what month seven looks like, you already have your answer. If you want to compare notes on a build or a rescue, tell us what you’re dealing with. We’ve seen most of it, and we’ve made some of the mistakes ourselves before we learned to stop.
