How to Prevent Your Website from Being Held Hostage

You’re likely reading this article because you’re about to embark on building a website or you’re having a problem with your current webmaster. My goal is to help you prepare for the unexpected but, if you’re experiencing trouble with a current site, the information is still relevant so you’ll know what’s needed to regain control of your site.

As a side note, I’ll be using the term webmaster throughout the post but it can be interchanged with web developer, web designer, IT “guy” or whomever is controlling your site.

Over the last six years I’ve heard countless webmaster horror stories. Many of them involve bad business practices but, one of the worst scenarios, is when a client can’t access their current website. By “access” I mean they aren’t able to have another developer work on the site, move it or make updates and it’s essentially held “hostage”. When building a new website it’s important to protect yourself against this scenario.

Nearly everything I’ll discuss has to do with control. You’ll want to control your registrar, hosting company, repository and access to third party services.

Control is the key to protecting your website

Key components of your site

In a hostage situation, the key components of your site are the registrar and website host. If you don’t have control of these accounts, everything becomes much more difficult.

A basic website and development environment can be seen in the following diagram.

The registrar controls your domain name, the hosting server holds your website files. Those are then accessed externally by your webmaster and the public.

You absolutely must control your registrar and hosting accounts to protect your website

Best practices for protecting your site

Setup your own accounts
It’s a good practice to create your own accounts. However, sometimes this can require technical decisions or it’s easier for your webmaster.

If your webmaster sets up your accounts, make sure to get the username and password immediately. If you setup the account, you’ll likely need to provide access to your webmaster which is OK so long as you have the current account information.

Use a password manager
When you’re sharing passwords often, it’s helpful to use a password manager. At ParaCore, we work with dozens of clients at any given moment. Each client generally has five or more passwords we need for their site and it’s associated services.

In order to maintain sanity, a password manager keeps all your passwords in one place and allows you to share them securely with whoever you’re working with at the time. We use Passpack at ParaCore but there are many others like Lastpass or Dashlane.

Accounts you want to control

Registrar
Your registrar account controls your domain name. We use GoDaddy.

If we want to renew paracore.com or buy a new domain for our company, we do that at GoDaddy. If you don’t control this account then you have lost control of your domain and a webmaster can do basically anything they want.

In some cases, you will need to give your webmaster access to this account for DNS and hosting settings. If you do give them access, find out when they’re finished with their work and change the password immediately. This will give them limited access when they need it (which they may legitimately) but protect you in the future.

Change your password after each time your webmaster needs access to your registrar

Every registrar is different, but some have two-step authentication to improve security at each login. In GoDaddy’s instance, their two-step authentication sends you a text message with a code each time you login to ensure you are the actual person logging in.

This, used in conjunction with frequent password changes, will go far in protecting your registrar account.

Hosting Account
Your hosting account holds your actual website and delivers it to the world.

Sometimes your hosting company is the same as your registrar. Companies like GoDaddy or 1 & 1 provide both services. However, it’s also very common for your domain to be registered at one company and hosted at another. Make sure you know where your domain is registered and where your website is hosted.

These are the two parts of your website that are most critical. Most hosting accounts are accessed with an FTP account. After the initial setup of your site, a webmaster generally only needs the FTP account to continue updating the site. During its initial development, they might need more access.

Code Repository
Among other things, code repositories act as a storage area for your code so multiple developers can access it remotely.

Not only do they keep the code safe in the cloud, they store different versions of the code so if errors are introduced they can be easily reverted. They are pretty incredible. Some popular code repositories are GitHub, BitBucket, Assembla, Beanstalk and others.

If your developer doesn’t use a repository, encourage them to start using it or make it a requirement from the start. Again, create the initial account and then invite your developer to access it. This will give you control of the main repository while giving your developer the access they need.

Accounts you must control

There are two critical parts of your site that you must control to avoid your site being held hostage.

1. Registrar Account
2. Hosting Account

Make sure you have passwords for these accounts and change them if you need to give someone else access. It’s OK to provide access to vendors you trust but keep control in case something goes south in the future.

Related Posts

• How To Build An Effective PPC Landing Page
• The Conversion-Boosting Amazon PPC Strategy You Need in 2022
• eCommerce Automation- Leveraging it to Reclaim Your Time
• Paid Media Advertising: The Ultimate Guide For 2022
• Calculating, Measuring and Minimizing Cost Per Acquisition
• Google Ads Best Practices to Maximize ROAS
• PPC Outsourcing The Right Way: Benefits & Best Practices
• How to Choose the Right PPC Agency
• You Can’t Overlook These 5 Landing Page Best Practices
• Stop Decorating and Start Designing
• Do You Need to Redevelop Your Website?
• How to Build a Successful Web Project