Help! I’ve lost control of my website!

Woman who has lost her login credentialsI firmly believe I could make an entire business out of helping people recover “lost” websites. The stories are similar: the client who set up his/her own site years ago, never changed it and lost all the logins; the client who lost all access to the site when the neighbor kid who designed it went off to college; the client who hired a web designer who just plain disappeared.

Recovering such lost websites is difficult at best and impossible at worst. And it’s easily preventable. Here are some simple things you can do to keep from losing control of your website:

When setting up a DIY website:

1) Keep domains separate from hosting

First, I must cop to the (likely biased) opinion that DIY (do-it-yourself) websites are a bad idea. A professional web designer will apply knowledge of user interface, user experience, and SEO to a design, elevating a site from “it exists” to something that is a functional tool for a business. Lay people lack these skills. Imagine having a toothache and opting to pull out the offending tooth by yourself with a pliers. You can, but a dentist will do it with better tools and better results.

That said, DIY sites are not going away. If you must DIY, buy your domains separately through a domain registrar such as GoDaddy or NameCheap. Hosting companies and DIY site generators always try to get you to package your hosting and domains. But the quality of hosting companies can change over time, and DIY site generators fall in and out of favor and disappear. If you find yourself needing to change hosting or create a new, different website, keeping your domains separate allows you to redirect your domains quickly and easily to a new hosting account.

2) Do not let your secretary or intern set up your accounts with their own email addresses.

In any work environment, people come and go, and email accounts go with them. Since password resets are sent to the email address on the account, it’s wise to set up a generic email account that’s independent of any one human being. An email account, such as can be forwarded to the individual(s) of choice for monitoring. Should the person reviewing the emails leave the company, it’s easy to redirect the emails to someone else, and the account stays intact.

Such independent accounts are great for setting up services like Google Analytics, as well.

That said, this tactic only works if you are diligent in recording the login credentials. Which brings us to the next tip…

3) Do not play fast and loose with your login credentials.

Treat your credentials with the same care you give your personal information—driver’s license, passport, birth certificate, SSN. If you lose your credentials, it can be impossible to make edits to your site or even cancel your site. When you set up accounts be sure to record:

  • Username
  • Password*
  • Email you used to set up the account
  • The credit card you used to set up the account (at least last 4)
  • Customer numbers unique to service
  • PIN number
  • Security questions and answers

Record this information securely, preferably in more than one place. We’ve always been discouraged from writing down passwords, but I’m going to buck that advice. I recommend pasting your account info into a document and printing a hardcopy. Put that hardcopy in a secure place, such as a locked filing cabinet. Do not keep it on your desk in plain view. Give a copy to a second person as a backup. Or put the whole document on a couple of flash drives and store those securely.

Why a hard copy as opposed to using a digital keychain or some other computer or cloud-based system? Because computers can be hacked, stolen or just plain die, taking your crucial information with them.

* Do use a secure password generator—yes, those passwords that are 20 characters long, with uppers and lowers and digits and other characters that are impossible to remember and a pain to type. Secure passwords are one of your best defenses against hacking. Copy/paste your generated password where needed. Do not rely on retyping or writing it down. And make sure the characters in your password are clearly differentiated. Ten years down the road you’re not likely to remember if that “0” was a capital letter O or a zero, or if that vertical line character was an upper case letter I, uppercase L, the number 1 or a pipe character. Make notes. It helps.

When using a web designer or agency:

Hiring someone to design your site does not grant you immunity from these issues. Not all designers are equally reputable. Do some research before hiring. Review the designer’s website and ask for references. Speak with past clients if possible. Ask for recommendations from business associates. Make sure the designer you hire is solid, stable and unlikely to disappear into the night with your login credentials.

If you do hire a designer or a design firm, ask for domains and hosting to be set up in your name or your company’s name. Ask for a set of credentials so you can access the site if needed.

Finally, ask for a contingency plan outlining what will happen if the designer or firm is unable to continue working on your website. This is particularly necessary if the firm uses reseller hosting or proprietary software or hosting. Whatever this plan is, get it in writing.

* * *

Following these suggestions won’t guarantee that you’ll never have issues with bad designers, lost domains or hosting, but they’ll help. I’m sure I speak for a lot of web designers when I say I’d rather you hire me because you want to redesign your website, not because you have to.

Related Posts