Are you being held hostage by your current web designer or web host? Here are some of the danger signs to look out for and what you need to do to get free.
“Help me! I am being held hostage and can’t escape,” sobbed a woman into my phone.
It was a late midweek afternoon. I had been savouring my last tea of the day while bathing in the last of the sun’s fat rays through my office window.
“Tell me what is going on,” I responded.
“I am a small business owner and have several tiny websites, all being looked after by this web designer. He started lovely, and he set me up on his own hosting. He took care of everything for me and just billed me for stuff on my website rather than me having to do anything.
“But as the years went on, the hosting and other website bills kept going up and up. It took longer and longer for my calls and emails to my designer to be answered. It can take a couple of weeks or more for him to answer me (if at all).”
“Then my sites kept getting hacked and cost a bomb to get fixed each time. I have had my identity stolen, and I still constantly worry about when the next phone call or email will come through with yet another financial disaster I have to fix from that.”
“And it isn’t as if my websites are fabulous or high-end. They are tiny, regular small business websites. Nothing flash or fancy.
“Each site takes about 10 seconds for each page to load, and God forbid I want actually to do anything like add content at the back. I can walk around the block in the time it takes for any page to open and save.”
“The last straw was me asking him to add a single tiny button to one page on my website and them telling me that it was going to cost me an extra $1500.”
“I have wanted to get away from them for ages, but I don’t know how. He has all the licenses to everything on my site as well as my Office365 account. I don’t know where to start or what to do.”
“I can help,” I said. “Let’s talk through what you need to do and how we can get you free of where you are and back in control.”
I would love to tell you that this call was a one-off. Unfortunately, in the last few months, I have been getting at least one of these calls each week. Untangling people being kept hostage from their current web designer can be very tricky and time-consuming.
What makes it more complicated is when someone doesn’t realise they are being kept hostage in golden handcuffs, and it only comes out when they want to do something that should be super simple and cheap to do but turns out to be the thread that unravels everything.
Are Web Hosting Migrations Always Horrible?
Generally, it is easy and straightforward to move to a new web host. You choose your host, take out a plan and ask your new host to move your site for you.
Provided you have access to everything, then the migration mostly goes without a hiccup.
In this post, we are talking only about the migrations where a company has been held hostage by their current web designer or host.
Signs You May Be In A Hostage Situation
There are a few common threads we see when someone is in a website hostage situation. Some of these may sound familiar to you.
Your Web Designer Has Organised Your Web Hosting For You
If your web designer has organised your hosting for you and bills you each year, there is a 90% chance that they are using what is called a reseller account.
This is where they rent space from a bigger hosting company and then sublet that space to you (at a premium that ranges from a few dollars a year to double or triple what they pay for it depending on what they think they can charge).
The challenge with many reseller accounts is that the hosting specifications are limited, so they can squeeze in a stack of websites in that space, which means there is not much grunt available in the engine to drive your site.
In website speed terms, many reseller account hosting packages is like having your site powered by a mobility scooter. Great to meander around Coles or Woolworths to pick up a few items. OK to carry one or two thin people at a time, but not great for large weekly shops, trips to Bunnings for DIY bits, or sudden demand situations where several people try to get on all at once.
Having your site through a reseller account is OK if you have a teeny tiny website on it but are not enough for sites with moderate traffic or e-commerce websites.
You may see your site is slow to load, has regular outages, or shows pages that say 503 Service Unavailable or 504 Gateway Timeout, which shows that your hosting is overloaded.
You may also struggle to get an extra external backup as the resources max out before your backup completes.
If your site is slow to load at the front or back end and you are on reseller hosting, it is time to upgrade your hosting.
The hostage situation kicks in as some web designers have buried deep in their trading terms and conditions, handcuffs in terms of how long you guarantee to keep your hosting with them, as well as how much notice you need to give them that you are leaving otherwise you are liable for additional fees.
We often have to do a careful fine-print read of anything you may have signed to look for these hidden financial landmines.
There can also be challenges in getting your current web designer to give you full cPanel or Plesk access to your hosting, which may take some careful negotiation if your relationship with them is strained.
Extra Challenge: Incorrect Web Hosting Set-Up
About 5% of web designers don’t know what they are doing, so they simply add client’s websites to their personal website hosting plan.
We see this often with many graphic designers who move into web design or beginner web designers. They don’t know what they don’t know, so they create significant problems for their clients.
This set up means your website jostles every other site on their overloaded hosting plan, and there are no security partitions between each of the sites, which means if one is hacked, they all get hacked.
The first you know that you are part of a chaotic plan is when the designer will not give you cPanel (or Plesk) access to your site, simply because it would show all of the other client websites that have in there.
This adds an extra challenge to getting you free from your hostage situation but is not impossible.
(If you are new to web design, a VA or a graphic designer moving into web design and want to learn how to do the technical set up bits correctly, I recommend MaAnna from BlogAid’s Webmaster Training. It is the best skill development investment you will make!)
Your Host Moved Part of Your Account (But Didn’t Tell You)
Web hosts constantly monitor resources. Sometimes they move all or part of your account over to different servers and then forget to tell you where that bit went and how to access it.
Unpacking your hostage situation means tracking down all the fragments of your account and regaining access and control.
Your Host Shut Down Your Account
If you are on a small specification hosting plan, your host will constantly monitor your site to make sure you don’t use too many resources. If you max out your resources or get a sudden spike in traffic, your host may decide to shut down your account without warning.
A good host will talk with you first and find ways to expand your resources to deal with the traffic or resource requirements. A lousy host just shuts you down first and perhaps talks with you later.
Part of unpacking your hostage situation means working out what resources your website needs and moving you somewhere where they talk first and have scaleable resources.
You Organised Your Own Hosting (But Didn’t Know What You Were Doing)
We have had several small business owners who DIY’d their own websites and had taken out their own hosting, using well-known brand hosting companies.
As they went through the purchase process, they were presented with multiple “upsells” that all sounded very important, so they bought them without knowing what they were buying.
Whenever they wanted to do anything that should be straightforward, like adding an SSL or redirecting a domain name from one to another, they were hit with more fees.
Before they knew it, they were paying an awful lot of money for nothing more than the mobility scooter from our first example, with a shiny sticker on its bumper bar that says “Vroom” and a listing in a directory that no one ever looked at or used.
Sometimes getting free of brand name hosting is just as hard as other hostage retrievals.
You Don’t Own the Licenses To Your Website Theme or Plugins
Your website theme helps create the look and feel for your website, and your plugins add functionality. While many themes and plugins are free, many vital ones cost money with annual licenses payable. Otherwise, they cease to work or don’t get security updates.
Until a couple of years ago, it was common for web designers to buy these themes/licenses and bill you for them as part of the initial build or on an annual basis.
The problem was that many people didn’t know that there were paid things on their site, so when they moved away from their web designer, the plugins either didn’t work or created unpatched security holes.
Now, reputable designers will always get you to take out any paid licenses in your own right, so you maintain control over every part of your website.
Yes, it can be confusing and frustrating as they walk you through the shopping list of all the ingredients you need for your site, and yes, it would be a whole lot easier if they just did it for you, but in doing so, you are forging your own handcuffs.
This can get very tricky to manage if you don’t do a theme/plugin audit. If you had your web designer take care of everything and just bill you, you need to know exactly what licenses you need to take out when you move away from them.
I have had some situations where the moment the designer sees that a client has moved, they cancel all licenses on a site (after all, they are the legal license holder, so have complete control over your stuff).
This means when you move, you need to be ready to take out all your licenses from the day of moving just in case your old designer is a closet sociopath.
You Don’t Have Access to Your Google Analytics Account
Google Analytics gives you information about who visits your site and where they go. Many web designers don’t give you access to your account for your website, so you have to start from scratch if you move away.
I have had a situation where while the client had full access to their account, so did the old designer. The moment the old designer knew the client had left, they deleted the Google Analytics account.
Unpacking the hostage situation includes ensuring that you have access to your account and then removing the old designer before they can do any damage.
You Removed The Old Web Designer As A User On Your Website, But They Keep Coming Back
Some of my new clients tell me that they keep deleting the old web designer as a user from their website but can’t work out how their user details keep re-appearing.
If someone has access to your cPanel or Plesk panel/hosting, they can add themselves as a user whenever they want to.
Deleting them from your website and not removing their access to your hosting by changing hosts, changing passwords, rotating SALT keys and removing any plugins they may have added to access your website remotely is a waste of time. You feel good doing it, but it has no practical benefit.
You Don’t Own Your Domain Name
Web designers still make the mistake of registering domain names in their name and not the clients. This means you have to jump through hoops to regain ownership of your domain name.
You Can’t Access Your Domain Names
Even if your domain names are registered to your details, if you can’t access them to change the nameservers or to get the authorisation/EPP codes to move them to a different domain name registrar, then you are being held hostage.
Part of unpacking your hostage situation is regaining access to your domain names.
Your DNS Records Are Scattered
A DNS Record (Domain Name Server Record) tells the internet where to find different files related to your website.
One way a hostage situation occurs is when a web designer scatters some records in your cPanel/Plesk panel, some at your domain name registrar and some through Cloudflare or other content distribution network.
The problem is that you may not even know that they have done it, and none of the records match as some are outdated, so you may not be sure what matters.
What that means is unless all your records are rounded up and rationalised, then your website may work, but your emails may not after you move hosts.
You may also find any external programs that you use for part of your business, like your proposal system or newsletter system, may not work correctly.
Part of unpacking your hostage situation involves trying to track down all the scattered DNS records and bringing them together into one place.
Other Random Horrors
There are hundreds of smaller ways that a bad web designer can hold you hostage. Here are just some that we have unpacked:
- They are listed as the primary e-commerce/site admin email address or cc’d into all e-commerce transactions.
- They set up website emails using their Sendgrid free account and didn’t give the client access.
- They didn’t give Superadmin access to the client’s Office365 email account so that they couldn’t be moved without a fight.
- They used their own servers and didn’t patch or maintain them. The client was hacked through the server, and the hacker set up an [email protected] email account via the server and then stole the client’s identity.
- Web designers and/or hosts closed their businesses and didn’t return calls or emails, which meant all the client’s files/records/websites/domain names disappeared with them.
What Is The Process For Getting Out Of A Website Hostage Situation?
While each situation is unique, there are some broad steps we go through.
1. Always Start With Emails. Businesses can cope with websites being down for a few days/weeks but can’t survive if the emails are down.
We arrange to have your emails migrated off your hosting and moved to Office 365 or G-Suite. If you already have Office365 or G-Suite, our IT Support guy audits the configuration and regains full admin access for you.
2. Regain Control Over Your Domain Names. We help you regain control over your domain names and migrate them over to your new domain registrar.
3. DNS Audit. We round up your DNS records from all of the different sources we can find to reduce the impacts of your moving hosting.
4. Plugin/Theme Audit. We work out the paid plugin/themes on your site, and who owns the license for each, so you know what licenses you need to take out in your own right.
5. Take Out New Hosting. We demand a lot from great web hosts that we recommend (which is a whole topic in its own right). We are not resellers, but get you to take out a plan in your own right, and then check every detail to make sure it has been set up correctly.
In a nutshell, the right hosting is secure, reliable, cost-effective and has servers based in the main country where you are present. It also has scalability, 24/7 high-quality support and specifications able to cope with modern website demands.
We walk you through your hosting options in detail and then talk you through the process of what to click and what to enter when you take our new hosting to make setting up an account as painless as possible.
6. Migrate Your Website. Migrating your site has a lot of moving parts to it. In many cases, your new host can do the technical migration for you. In other cases depending on your current situation, we may need to MacGyver it for you.
One thing to note, you generally can’t migrate a hacked site as reputable hosts have scanning in place to stop the site from moving onto their servers. Your site has to be cleaned from the hack first.
Depending on how bad your current hosting is (we had one client re-hacked through the server less than 10 minutes after it was cleaned and restored), your site may have to make a double move – one temporarily to a specialist hack repairer and then from there to the new host.
7. Test & Secure. Moving your site is only part of the equation. Post-migration, we adjust your PHP setting to the optimal level for you, add or reset security in your htaccess/wp-config files, rotate your SALT keys, remove any access your old web designer has.
We remove any files left over from the migration, remove any leftover files/settings added by your old host (e.g. extra files that can limit your PHP variables, that add old hosting cache systems, or that turn off security auto-updates), and remove unused plugins/themes.
We also check your DKIM, DMARC and SPF records are correctly set to improve your email deliverability, that your backups are working and we remove your old web designer from your Google Analytics account.
8. Round-Up Your Details. When you move hosting, you end up with a stack of logins to different locations. We round them all up into one easy to refer to document to make it easier for you in the future.
While most website hosting moves are simple and can be done by anyone, removing people from website hostage situations does take time, skill, patience and budget.
We had one client with a series of unnecessarily complicated interwoven websites (thanks to the web designer from hell) and several external stakeholders. The migration took a week and a half of full-time research, coordination and effort between all parties to make happen.
Most website hostage situations can be sorted a lot faster.
And the results?
With one client, their website page load time dropped from 9 seconds to 2.7 seconds with no other changes than better hosting and Domain Registrar.
Another site went from 3.5 seconds page load time to 857 milliseconds just through better hosting.
All of our hostage removal clients can now get backups and happily make edits to their sites without waiting for the spinning wheel of doom to crash their sites.
And the best bit – they now have full ownership of everything to do with their websites, so that any future moves will be a simple request and move, and not something from a bad hostage negotiation drama.
If you are in a website hostage situation and want to escape, get in touch. We will see if we can help.