How to Prevent Your Website from Being Held Hostage
February 26, 2015
February 26, 2015
You’re likely reading this article because you’re about to embark on building a website or you’re having a problem with your current webmaster. My goal is to help you prepare for the unexpected but, if you’re experiencing trouble with a current site, the information is still relevant so you’ll know what’s needed to regain control of your site.
As a side note, I’ll be using the term webmaster throughout the post but it can be interchanged with web developer, web designer, IT “guy” or whomever is controlling your site.
Over the last six years I’ve heard countless webmaster horror stories. Many of them involve bad business practices but, one of the worst scenarios, is when a client can’t access their current website. By “access” I mean they aren’t able to have another developer work on the site, move it or make updates and it’s essentially held “hostage”. When building a new website it’s important to protect yourself against this scenario.
Nearly everything I’ll discuss has to do with control. You’ll want to control your registrar, hosting company, repository and access to third party services.
Control is the key to protecting your website
In a hostage situation, the key components of your site are the registrar and website host. If you don’t have control of these accounts, everything becomes much more difficult.
A basic website and development environment can be seen in the following diagram.
The registrar controls your domain name, the hosting server holds your website files. Those are then accessed externally by your webmaster and the public.
You absolutely must control your registrar and hosting accounts to protect your website
Setup your own accounts
It’s a good practice to create your own accounts. However, sometimes this can require technical decisions or it’s easier for your webmaster.
If your webmaster sets up your accounts, make sure to get the username and password immediately. If you setup the account, you’ll likely need to provide access to your webmaster which is OK so long as you have the current account information.
Use a password manager
When you’re sharing passwords often, it’s helpful to use a password manager. At ParaCore, we work with dozens of clients at any given moment. Each client generally has five or more passwords we need for their site and it’s associated services.
In order to maintain sanity, a password manager keeps all your passwords in one place and allows you to share them securely with whoever you’re working with at the time. We use Passpack at ParaCore but there are many others like Lastpass or Dashlane.
Your registrar account controls your domain name. We use GoDaddy.
If we want to renew paracore.com or buy a new domain for our company, we do that at GoDaddy. If you don’t control this account then you have lost control of your domain and a webmaster can do basically anything they want.
In some cases, you will need to give your webmaster access to this account for DNS and hosting settings. If you do give them access, find out when they’re finished with their work and change the password immediately. This will give them limited access when they need it (which they may legitimately) but protect you in the future.
Change your password after each time your webmaster needs access to your registrar
Every registrar is different, but some have two-step authentication to improve security at each login. In GoDaddy’s instance, their two-step authentication sends you a text message with a code each time you login to ensure you are the actual person logging in.
This, used in conjunction with frequent password changes, will go far in protecting your registrar account.
Your hosting account holds your actual website and delivers it to the world.
Sometimes your hosting company is the same as your registrar. Companies like GoDaddy or 1 & 1 provide both services. However, it’s also very common for your domain to be registered at one company and hosted at another. Make sure you know where your domain is registered and where your website is hosted.
These are the two parts of your website that are most critical. Most hosting accounts are accessed with an FTP account. After the initial setup of your site, a webmaster generally only needs the FTP account to continue updating the site. During its initial development, they might need more access.
Among other things, code repositories act as a storage area for your code so multiple developers can access it remotely.
Not only do they keep the code safe in the cloud, they store different versions of the code so if errors are introduced they can be easily reverted. They are pretty incredible. Some popular code repositories are GitHub, BitBucket, Assembla, Beanstalk and others.
If your developer doesn’t use a repository, encourage them to start using it or make it a requirement from the start. Again, create the initial account and then invite your developer to access it. This will give you control of the main repository while giving your developer the access they need.
There are two critical parts of your site that you must control to avoid your site being held hostage.
Make sure you have passwords for these accounts and change them if you need to give someone else access. It’s OK to provide access to vendors you trust but keep control in case something goes south in the future.
You must be logged in to post a comment.
I was introduced to Paracore from a respected industry professional. I interviewed several teams and decided to go with them. I was impressed from day one and continue to be six months later. They were able to quickly understand our company, goals, challenges and brand, and started driving results soon after onboarding. What I love about them most (in addition to the influx of leads :)) is they are very thorough and proactive. In fact, I consider them to be an extension of my internal team, and I feel confident knowing that I have them always looking out, keeping me in the loop and providing continued results. Every member of the team-- Veronica, Bekah and owner, Adam-- have been a pleasure to work with every step of the way. I highly recommend them for anyone needing expert level PPC strategies and executions.
We have been partnering with ParaCore since 2018. Our account is complex and they love the challenge. They work hard to earn our business by presenting new trends, testing new methods and evolving our account each month. They are organized, quick, kind, accommodating, technical and they make an effort to understand our business.
ParaCore has been our paid media partner for the last three years or more. They have been professional and super responsive to our needs, especially during these challenging times. Always taking the time to answer our questions, listen to ideas, and keep us abreast of the ever-changing digital landscape. If you're looking for paid media services, ParaCore should certainly be a partner to consider.
We have been working with ParaCore for just over 6 months. There are 4 things that really stand out with this organization responsiveness, communication, openness, and expertise. We came to them with several challenges and they really stepped up in a big way. They have always been available and provided regular updates. They are always very open about what they are seeing and what is happening. They are definitely experts in the paid search areas. They have no problem sharing exactly what they are doing. We are looking forward to a long term partnership.
What a great company to work with, they are all very professional, knowledgeable and always there when you need them. Thank you ParaCore for making it so easy to work with you.
ParaCore has been amazing. Their staff is extremely knowledgeable and professional. After trying to personally navigate Google Ad's for a couple of years I found it to be confusing and ever changing. Having a professional, knowledgeable company like ParaCore has increased the quality of leads and reduced our monthly spend. I highly recommend ParaCore.
Schedule some time to chat with our team so we can learn more about you and your business.