It’s a recurring nightmare I hear about in my work as a web designer. I sit across the table (or get a desperate email) from a prospective client whose website has been hijacked by their previous web designer. Here are a few of their stories:
- They’ve been locked out of the site and can’t make any changes.
- The project has been abandoned halfway through.
- Their home page is a blank screen with an error message and they have no idea how long it’s been that way or what happened to their website.
- Emails and phone calls to their web designer (web developer, webmaster, or other web professional) go unanswered.
If it hasn’t happened to you, you’ve probably heard a story or two from someone in your network of writer friends. And sadly, this nightmare occurs more than you might think. But it doesn’t have to be a nightmare for you if you take some precautionary steps. In this article I’ll share a few steps that will keep you in charge of your website, even if you have to rely on a website or technology expert to do the heavy lifting for you.
Let’s start with some basic definitions.
Domain Name: This is your URL. It’s what people will type in their web browser to find your website. Domain names are not “purchased,” they are registered. This registration must be renewed annually or you may lose your domain name. If you know you will keep your domain name, you may consider registering it for multiple years. You can usually get a discount when you do this, and you won’t have the hassle of having to renew each year. Annual renewal rates are usually less than $20, unless you have a premium domain or other special circumstance.
Website Host: This is usually a third party, like GoDaddy, Bluehost, or something similar. Your web designer/developer may act as web host (many web hosting companies offer “reseller” accounts for web professionals). In this case, you’ll be billed by your web designer directly, instead of GoDaddy, etc. Most web designers won’t actually host your site on their own (or a leased) server. They’ll use a third-party service as mentioned above.
Hosting is usually billed monthly, though you may get a discount for annual billing. Cost for basic hosting ranges from $3.99/month (usually for the first year only, annual contract) to $15/month. There are several add-ons that can greatly increase this price, depending on your website traffic and security needs.
If your web professional does certain kinds of monthly maintenance, this will affect your monthly cost as well.
Server: Files saved on your computer are saved on your “local” hard drive, located within your computer. A server is a hard drive accessed through a network. So instead of saving the files on your own computer, the files are on a hard drive that can be accessed by other computers. While your website files may be stored on your computer as a backup, the files accessed by the public will be stored on a server. This is where the web hosting company comes in. They provide the server, along with security protocols, maintenance, and software updates to keep everything running smoothly.
CMS Admin Panel: This is the interface that allows you to add blog posts, pages, photos, and other elements, depending on which content management system you’re using for your website. You’ll have a login username and password. There are usually different levels of access or user types. For instance, an “admin” might have FULL access to the website functionality, but a “user” might only be able to upload a blog post or add a new page with photos. I usually provide my clients with BOTH an admin login and a lower level user login. As a precaution, I advise them to login with “user” status until they become comfortable with the way their website operates. This ensures they won’t “break” the site or delete important files accidentally. Most people feel more comfortable logging in at a level with fewer permissions, at least initially.
Note: CMS means Content Management System. WordPress and Weebly, for instance, are content managements systems.
FTP: This stands for File Transfer Protocol. It’s the backdoor access to your website. Files can be uploaded to and downloaded from your site through FTP. Your website directory and code can be altered by anyone with full FTP access.
Okay, those definitions should give us a good foundation for our subject today. We’ll dive a little deeper in future blog posts. Are you still with me? Good, because next I’m going to tell you how to keep your website from getting hijacked. Are you ready?
What You Need to Know
There are several pieces of information you should request from your web designer (if you don’t already have this in your records).
- Which company is your domain name registered through?
- There will be an account number with username and password to access your domain registry online. Make sure you have this account information. If your web professional tells you that your domain name is under their account, create your own account and have the domain transferred to your account. YOU MUST BE IN CONTROL OF YOUR DOMAIN NAME. If your web professional lets this annual registration lapse, you may lose your domain name. Your website (domain name) is probably printed on your business cards, books and other marketing materials. This is where you are sending readers, agents, publishers, and other professionals. It is the hub of your business so treat it as a valuable asset. Keep it secure. In a worst case scenario, even if you lose your website files, if you have your domain information secure you can always rebuild. Without it? Well…that really is a nightmare.
- How is your website hosted? (Through which company? Does your web designer have a reseller account? If not, is the account in their name, or your name?)
- If you are hosted through a third-party host (like GoDaddy, Bluehost, etc.) make sure you have the account number, username, password, and PIN (many hosting companies require a PIN to provide account access and information over the phone). Even if you trust your web designer, you may want to request that your email address be added as a contact for the hosting account. This way, if a monthly payment is missed (because of an expired credit card, or a card that is over the limit) you will be notified of the problem before the web host takes action by cancelling your account. If you are NOT listed as an account contact, you may miss vital communication from the web host.
- If your web designer has a reseller hosting account, ask which company it’s hosted with. Most importantly, ask your web designer to provide you with cPanel username and password. The cPanel account can be accessed with http://YOURDOMAIN.COM/cpanel. I won’t go into the details on cPanel now, but this information will give you (or your subsequent web designer) full access to your website files and databases.
Website (CMS) Admin Access
- Make sure you have admin login credentials at the highest level, even if you don’t use these credentials for your day-to-day website upkeep. While being locked out of your website admin panel is a problem, if you have the information in #2 above, you can gain entry to your hosting management and then reset any user passwords you don’t have.
- Also, you can use the “forgot password” or “help” link on the admin login page. However, if your email address is not linked to the username you’re trying to log in with, the “reset” function there won’t be helpful.
Unless you’re into hands-on web technology you probably won’t ever use FTP. However, it’s good for you to have this password in case you need access.
The above information will help prevent a hostage situation where your website is concerned. Any web professional should be happy to provide this information to you. That’s part of being a professional –taking care of your clientele. Once the information is provided, access these accounts yourself to ensure you have the correct login info. Also, it’s a good idea to get familiar with accessing these accounts now (while your web designer is available to help you).
Keep in mind that I have only addressed the access issue here, not security. (I will address security issues in a future article.) Retaining the information above will ensure you have ACCESS to your website files and the usual accounts associated with it. This gives you the power to take back control of your website if the need should arise. (And of course, if you need to revoke access, all passwords would need to be changed.)
I’ve covered the basic services here but you should do some further investigating to ensure you’ve got everything covered. Ask if your email is provided through the website hosting account or a separate email server. If it’s separate, be sure to get the email hosting info as well—hosting company, account name, and login information. Finally, ask your web designer if there are any other accounts or services attached to your website. Request necessary information for each of those services and keep all of this for your records.
I hope you found this information helpful. As I said, I plan to cover some basic security measures in a future post, but this is my question for you:
What else would you like to know about on the topic of websites?
Here’s your chance to ask a web professional. And if you haven’t subscribed yet, join our email list here so you won’t miss out on anything.