Your executive director is reviewing the latest web support invoice from your vendor. The line items are vague: "website maintenance," "emergency support," "platform updates." She can't tell if you're paying too much, too little, or for work that should have been included last month. Your membership director mentions in passing that the vendor is now billing separately for things they used to cover. Nobody knows if that's normal or if you're being nickel-and-dimed. You realize your retainer agreement is three years old and probably no longer reflects what's actually happening.
Most associations pay for website support in one of three broken ways: a single overworked staff member juggles updates while handling membership and events, a vendor relationship has drifted so far from the original scope that nobody knows what's actually covered, or the organization has no retainer at all and pays surprise invoices when something breaks.
The problem isn't that associations don't want to manage websites well. The problem is that the market has no standard definition of what "association webmaster services" actually means. One vendor's retainer covers security updates and SSL certificates. Another includes theme customization and quarterly reporting. A third will charge separately for anything not explicitly listed in a contract written three years ago.
Here's what a defensible retainer should include, what you should avoid, and how to structure an arrangement that actually works for an association of your size.
What Goes Into a Real Retainer (And Why It Matters)
A retainer isn't just "someone handles the website." It's a defined set of services that map to the actual work your organization generates every month. If you use iMIS, Nimble AMS, or MemberSuite, your webmaster needs time for AMS updates, member data syncing, and portal maintenance. If you don't track that time explicitly, the vendor will absorb it one month and invoice separately the next.
A baseline retainer for a mid-size association (500–2,000 members) should include:
Core maintenance: WordPress or your CMS security updates, plugin updates, and database optimization. This is non-negotiable. An unpatched WordPress site from 2024 running on PHP 7.4 will be compromised within weeks. That's not theoretical—that's the standard attack surface. Budget 8–12 hours per month for this work alone if you have customizations or integrations.
Content updates: Defined scope. "Content updates" without boundaries is a vendor trap. Instead: News posts (3–5 per month), event updates, staff directory changes, policy page revisions. If you publish 20 news items monthly, that's different from 3. Make it explicit. Most associations underestimate this. A typical board meeting generates updates to committee pages, timeline pages, and event calendars—easily 4–6 hours of work if nobody owns content governance.
Member portal maintenance: If you have SSO (single sign-on) connected to your AMS, your portal gets heavy traffic. Members log in to renew, update profiles, attend events, access resources. When the AMS sync breaks—and it will—your webmaster is the translator between iMIS support and your site. Budget 4–6 hours monthly just for troubleshooting and escalation on portal issues.
Email campaign support: If you send emails from your website (welcome sequences, event confirmations, renewal reminders), somebody maintains templates, bounces, and list hygiene. Too many associations leave this to the default platform settings and wonder why deliverability drops.
Reporting: Monthly uptime reports, traffic trends, and conversion data for key pages. Not dashboards you never read. Actual insights: "Email signup conversion dropped 15% this month because the form moved" or "Event registration page has a bottleneck on step two." That work is rarely included and it's worth 6–8 hours monthly.
Red Flags in Retainer Agreements
Watch for these language patterns that signal future conflict:
"Reasonable requests" instead of defined scope. This means "we'll decide what's reasonable when the invoice is due." Instead, demand hour budgets: 30 hours per month for content, 10 hours for integration issues, 5 hours for reporting.
"Excluded: custom development, design work, and plugin configuration." This is honest—but it means your webmaster spends time explaining why they can't fix something and then you hire a second vendor to do it. Clarify what triggers the "excluded" category. Is updating a plugin configuration excluded? Is resizing images custom work or content support?
"First response time: 48 hours" for website downtime. For a paying-member site, 48-hour response time is a failure. Members can't access the portal for two days and the board gets email complaints. Push for 4-hour response SLA on downtime, 24-hour for security issues.
"Maintenance windows" that aren't your maintenance windows. If a vendor updates your site at midnight on Tuesday, they're choosing convenience over member experience. Your AMS might sync at 2 AM Wednesday. Your peak traffic is Thursday morning. Real retainers schedule around your business rhythm.
"Termination fee if you leave before 12 months." This incentivizes the vendor to do minimum work and you to tolerate poor service. A real retainer should be month-to-month after the initial term, with 30-day notice.
What Costs Extra (And Why)
These categories typically generate surprise invoices beyond your retainer:
AMS-to-website integration custom code. If you need iMIS event registration to auto-populate your calendar, or MemberSuite profiles to sync membership status to the portal, that's API integration work. Budget $2,000–$8,000 depending on complexity. This should be quoted separately before it starts, not invoiced after.
Website migration. Moving from one platform to another (Drupal to WordPress, WordPress to Craft, or any CMS change) is a project, not a retainer activity. Content inventory, URL mapping, 301 redirects, member data import, SSO reconfiguration. Most associations miss that migrating 200 pages takes 60–100 hours. Budget $8,000–$25,000 and plan for 8–12 weeks. Planning a Website Migration Without Losing Member Data.
Emergency incident response beyond retainer. If the site gets hacked and needs forensics, malware removal, and code audit, that's separate from standard maintenance. A 4-hour emergency response SLA costs $250–$500/hour. Know the pricing before you need it.
Performance optimization and redesign. If your site loads in 8 seconds and members complain, that's a project: image optimization, CDN configuration, caching strategy, possible theme/code redesign. Budget $3,000–$15,000 and 40–80 hours of analysis and implementation.
Third-party integrations beyond the AMS. Connecting Fonteva to Zapier, syncing MemberSuite to your email platform, or integrating a new learning management system. Each integration is custom work. Budget $1,500–$5,000 per integration and get a scope document before work starts.
Right-Sizing Your Retainer for Your Organization
The retainer cost should reflect actual association complexity, not a generic template:
Under 300 members, volunteer-driven organization: 20–30 hours per month retainer. Cost: $1,800–$3,000. Scope: Core maintenance, monthly news updates, 2–3 hours event calendar support, annual reporting. Vendor might be a local freelancer or small agency.
300–1,000 members, staff-run, one AMS: 35–50 hours per month retainer. Cost: $3,500–$5,500. Scope: Everything above plus active portal maintenance, member email support, monthly reporting, and 4-hour emergency response. Vendor should have AMS integration experience.
1,000–5,000 members, multiple departments, complex AMS integration: 60–100 hours per month retainer. Cost: $6,000–$12,000. Scope: Multi-user content workflows, active portal with sophisticated member experience, API integrations, advanced reporting, and priority support with dedicated contact. Vendor should be experienced with enterprise AMS platforms.
5,000+ members or mission-critical member services: In-house team or retainer 100+ hours with vendor acting as strategic partner. Cost: $12,000–$25,000+. This is business continuity, not webmaster services.
The Questions to Ask Before You Sign
Pressure-test any retainer proposal with these questions:
What happens if we hit the hour budget? Do overages get charged hourly, or do you bill separately? Do unused hours roll over? (They shouldn't—it creates perverse incentives.)
Who maintains the AMS-to-website sync? Is that part of retainer hours or billed separately? If it breaks at 3 AM, is there a response SLA?
How do you handle content from multiple staff members? Do we get training on the CMS, or do you manage all updates? If we have 8 staff who publish, is the retainer scoped for that?
What's covered in "maintenance"? Ask for a specific checklist: plugin updates, WordPress updates, theme patches, SSL renewal, database optimization, backup verification, security scans. Get it in writing.
If we leave the vendor, what do we get? Full backups, content audit, URL mapping, access to code and databases. Too many vendors hold organizations hostage by refusing to hand over clean data.
What We Do Differently
We review retainers not by asking "is this price fair?" but by asking "is this scope realistic?" Most associations are paying for either too little (and dealing with downtime and outdated plugins) or too much (and getting invoices for work that should be in the retainer).
Outsourcing Website Management for Trade Associations: When You Need a Technical Partner (Not Just a Designer) covers how to build a vendor relationship that scales with your organization. Emergency Website Support for Trade Associations: What to Do When Your Web Partner Disappears explains what SLAs actually matter when something breaks.
The Next Step
If you're evaluating your current arrangement—or wondering if you even have one that's written down—we'll review what you're paying for, what's missing, and what a right-sized retainer looks like for your specific setup. You'll walk away with a clear list of what needs renegotiating and exactly what your retainer should cost. Reach out to set up the review.