“He Stole My Website” – How WordPress Website Owners Can Protect Sites From Bad Webmasters

We hear this repeated to us over and over: “My last web guy took my website and won’t give it back.” Getting the site back isn’t impossible, but sometimes it can be costly, sometimes it can be a pain. The pain of having trusted someone, and then having that trust betrayed is often worse than the effort it take to recover it. If you know what to ask for, how to protect yourself, bad developers and webmasters won’t be so certain they can give you a hard time. They’ll think twice before trying to steal your site from you.

My Last Web Guy Stole My Website

How does a domain owner retain ownership over their online properties?

Learn how to protect content developed and published through the owned domains, including and not limited to “websites”.

Basic Terminology & Concepts Around Domains & Hosting:

A DOMAIN, also called a DOMAIN NAME, is a registration, a reservation purchased for the purpose of publishing web content and web functionality.

These reservations are administered by DOMAIN REGISTRARS, businesses given authority to sell DOMAIN NAMES to buyers  and reserve the names on global REGISTRIES.

These registries are managed by the Internet Assigned Numbers Authority (IANA), a department of the Internet Corporation for Assigned Names and Numbers (ICANN). These authorities guarantee that two parties are do not concurrently possess the right to publish using the same domain name at the same time.

Back when the Internet became public, the decision was made to employ a NETWORK PROTOCOL called TCP/IP. This protocol depends on the computers attached to the internet having unique numbers given to each machine and appliance connected to the Internet. If a device did not use TCP/IP it could not be found by other devices. The unique numbers assigned to devices are like phone numbers assigned to phones. It doesn’t make sense for two phones to have the same phone number. In the same way it doesn’t make sense for two devices to share the same Wide Area Network Internet Protocol address (WAN-IP). These numbers look like XXX.XXX.XXX.XXX, for example 173.13.69.63 or 8.8.8.8. A device like a home router, when Comcast is someone’s internet provider, might be assigned an IP address temporarily. Servers, computers housed at facilities where web hosting occurs, rarely change their IP addresses. Servers need to be given fixed IP addresses. The reason why is explained next.

Domain names are used to point WEB USERS, people visiting web sites, to the computers, the servers that the web content is hosted on. By virtue of the registrars publishing and maintaining the IP addresses where domains are hosted, domain owners can confidently store web content on servers knowing that visitors will find the websites when entering a domain in a browser.

Let’s go through the steps of setting up a website from scratch:

  • First, the person who will be the owner of the site, the publisher, purchases the DOMAIN REGISTRATION from a registrar, let’s say for example GoDaddy. Typically this fee for purchase is small on the order of ten dollars per year per domain.
  • Second the person who is the owner of the site chooses a web hosting company and engages in a contract with the web hosting company to host a named domain for some period of time. Most web hosting companies charge month-to-month anywhere from $5 per month to several hundreds of dollars per month depending on the expected traffic and hosting features required.
  • Third, the site owner tells the registrar what the IP addresses are for the computers that will be hosting the site. It may take up to a day for the propagation of this “news” across the internet.
  • Fourth, the site owner then uploads content to the hosting account given to them. Content could be as simple as a single “index.htm” text file which can also be called a “web page”. Content could also be several gigabytes of images, videos, code and text.

Today’s websites are published using code that’s uploaded to the site. This code connects to database instances running on the same computer. Databases are simply tables of information that have some relation to one another, imagine spreadsheets that have the same “columns” of information to link what’s being stored in one table to the information on another.  When someone requests a web page, or navigates to a domain using this kind of code/database system, the code knows to grab the appropriate data from the database and put it together into a “web page” that’s served out to the visitor’s browser.

The most popular type of code that does this, makes website more than just static files that never change, is called WordPress. WordPress is a content management system, the most popular means to publish websites today. It’s popular because of its ease of use once it’s set up. It’s so easy to use that average people who don’t have the ability to code can publish new web content frequently, on their own, without requiring an HTML able person as was the case in the early days of the web.

WordPress allows web publishers to make “backups” aka “exports” of the content published through it. This lets sites be easily moved from server to server – and to have the files that allow this duplication of content to be stored locally, on home computers, laptops, thumb drives etc. If you have the “backup” file of a WordPress website you’ve got the content stored in the event the machine goes down or gets hacked.

So, this leads us to the answer to the question “How can I make sure my web host/ web developer doesn’t steal my site?” This is a question asked a lot by people who’ve gotten into bad situations with web experts and lost access to their site.

Reassuring Facts:

  • Reassuring Fact #1: A person who owns a domain name can always “move” the resolution of the domain name to another host.
  • Reassuring Fact #2: should a domain be moved to another host, the website can be re-created quickly re-established on the new host from the saved backup files.

Content vs. Components

It should be noted that WordPress uses two types of other components beside the user-generated content to create a website. These components are the THEME and PLUGINS. The theme of a WordPress website imparts the appearance and some degree of the functionality to the site. Think of it as the site’s “clothing”. When the theme is changed, the appearance of the website changes, but it doesn’t change the content. It only changes how the content is packaged. The PLUGINS involved in a WordPress site give the site functionality that’s separated from appearances. The plugins give the site abilities.

Some themes and plugins may be completely free, able to be used without cost. Other themes and plugins are licensed, meaning the users of them agree to pay for the use of them. Themes are typically paid for once while plugins are typically paid for as part of a yearly agreement.

If a publisher of a website desires moving the site to a new host, taking control of a website from an unscrupulous web developer holding it hostage, the content is what’s critical. Themes and plugins can be re-purchased but content is specific to a site.

The Critical Steps You Need to Take Now To Protect Your Site

A website owner should always make sure of three things:

  1. The website owner should always insist on having what’s called an ADMINSTRATOR account in WordPress where they have a unique login separate from anyone else working on the site including web developers and web hosts. A web developer or web host that does not provision a publisher with this level of access, or revokes this level of access for a website owner is not acting in the best interest of the website owner. This should be a giant red-flag if a host or developer doesn’t insist the publisher is able at all times to access WordPress or other content management systems with top level access. If the developer or host insists that it’s too much of a liability for the publisher to have that level of access then the publisher needs to engage with others to perform those duties.
  2. The website owner should always be aware of the Plugins and Themes being employed on the site, and ensure they are not proprietary and there are terms that are affirmed that give the website owner the ability to aquire those same resoruces form their publishers independedly of developers or hosts. Know your licenses and keep them safe, recorded someone outside the site.
  3. Make sure backups, aka exports, are drawn from the site as frequently as the site is being updated. For example, if content changes daily (in the case of an e-commerce site) the backup frequency should be daily. There are 3rd party services that back up sites independently (for example JetPack) that web publishers should establish accounts with independent of whoever Is in the role of web developer, site administrator, site editor or host.

If publishers understand the technical framework and steps of setting up and maintaining a site, and follow those 3 recommended steps, they can always guarantee their site won’t be “stolen” by web experts should the relationships sour. Site owners who do not understand the above and neglect the 3 recommended steps are have found themselves unable to “get their sites back” from the people they once trusted. Never assume. Always protect your assets yourself. It’s never safe to assume someone else will for you. That’s how people have lost their sites. Don’t let it happen to you.