# Website designer has changed my password - no access



## Maryb50 (6 Aug 2017)

Hi! All,

I wrote a while back about issues with sloppy work from my Website Designer. We did get back on track, and he finished the project to my spec, and I paid him. He had given me passwords etc. However, within a few days, and after writing a good review for him, there were other issues, website was offline, my Facebook page still had his number on it, and now the passwords he has given me won't work any more, and I can't update my website through Wordpress. I have emailed and no response yet. His written contract with me stated that I was to have the passwords, so that I could easily update the website.  Is there anything I can do? Can I take it to someone else who will be able to access it/override the passwords? I have a presentation to two solicitors next week, as part of my new business, and I really need to update my website. It wasn't a particularly cheap website - the final bill was just under e1200. Any advice much appreciated.


----------



## PaddyBloggit (6 Aug 2017)

Maryb50 said:


> Can I take it to someone else who will be able to access it/override the passwords?



No you can't. If he doesn't give them to you, you are totally locked out of your site. Unless he gives them to you voluntarily you'll have to go down the legal route to get them.

Another consideration; does he or you own the domain name and hosting space? If his name is on them, then you are screwed on the triple trying to work a website where he controls them too.

At the moment, you are at his mercy.


----------



## SirMille (6 Aug 2017)

In the website business, lock smiths are called "white hats". There is a very good chance of an unpatched vulnerability being available that a WH can use to get you in, and then change the passwords.


----------



## Maryb50 (6 Aug 2017)

Yes, Paddy Bloggit, he does own the domain name and hosting space - unfortunately!!  What do you mean the legal route - there is only the Small Claims Court, and I don't think that they would be much use?

Sir Milie, what is a 'White Hat' and where can I locate one. 'White hats' sound like something dodgy from the Soviet Cold War and spy era!!


----------



## mathepac (6 Aug 2017)

You're looking for a someone like the Rt. Hon. Jim *Hacker* MP from "Yes Minister".


----------



## Maryb50 (6 Aug 2017)

Oh! God! When it's gets to the realm of having to be saved by fictional characters - I know I'm doomed! Any other suggestions ... anyone....?


----------



## PaddyBloggit (6 Aug 2017)

Going white hat isn't legal. You would be looking for somebody to hack into the site so you could take control of it.

Even if you did find someone, it would be a waste of time if he controls the domain and hosting. He could point the domain towards anything he wants or even delete the site from the server.

He holds all the cards. Have you any physical address for him? Can you approach him directly?


----------



## Maryb50 (6 Aug 2017)

Yes, Paddybloggit, I have an address for him, and he appears to be VAT registered - at least I paid VAT on the price of the website. I have tried to ring him, and have emailed him, but no response. I'm not sure I want to call around to his house - firstly, because I don't know what reception I would get, and secondly, because it seems a bit stalkerish. What do people usually do in these situations? How can I avoid this happening again? I'm surprised that he doesn't care as we both live in the same area, an area where people in business tend to know each other.


----------



## PaddyBloggit (6 Aug 2017)

I'm surprised that he isn't communicating with you. Just because you'd have the username & login to the site would mean little to him - he'd still have an annual fee from you by charging for the domain name and hosting.

A suggestion - copy all material from the website he made for you - text, images etc. just in case he deletes it.


----------



## Maryb50 (7 Aug 2017)

Thanks. I hadn't thought of copying the material on the website. My partner is going to screen shot it all today. Is this a common occurrence with website designers? How can I avoid this next time? I will maybe now have to go with a new domain name next year - it feel like I will be starting from scratch again. My partner has emailed him and said he would write a review on the web designers Facebook page detailing my experience if we didn't have the passwords by the middle of next week, though I don't think that will make much difference, given how cavalier he has been so far.


----------



## PaddyBloggit (7 Aug 2017)

Do more than screenshots .... select and copy text into notepad/word, right click and view images and then save them.

Screenshots will be of no great use to you if the site is deleted as all work will have to be done from scratch. Do it the way I suggest and you'll have actual copies of text, images etc.

Don't forget to save logos, header images etc.


----------



## Jim2007 (7 Aug 2017)

Maryb50 said:


> How can I avoid this next time? I will maybe now have to go with a new domain name next year - it feel like I will be starting from scratch again.



Realize that the site you want will cost a lot more than a couple of thousand and expect to pay more for it.  Pay peanuts and you'll get monkeys.  Competitive bids rarely work out well in IT.


----------



## mathepac (7 Aug 2017)

Forget about screen shotting, a waste of time and effort as you need the code. You could also use an application such as http://ricks-apps.com/osx/sitesucker/index.html (no affiliation) This downloads the entire website to your local system maintaining the structure and content. I'm sure there's a Windoze equivalent or ask a friend with a macOS/iOS device to do it for you.

Who do you know that has a Mac and a DropBox account you could access and download the stuff easily ....??

Sorry my Jim *Hacker* reference above proved too obscure ...


----------



## Leo (8 Aug 2017)

Given the lack of trust in this relationship, how did you not change the passwords immediately on receiving them?


----------



## PaddyBloggit (8 Aug 2017)

Leo said:


> Given the lack of trust in this relationship, how did you not change the passwords immediately on receiving them?



I think the upshot of the matter is that the OP knows very little about the subject and wasn't au fait enough to change them.

Regardless, the fact that the web designer has control over the domain name and hosting he could have reeked havoc without having the username and password to the site.

If it were me and he wasn't answering emails etc., I'd be making it my business to have a face to face meeting with him.

Op has his address, she should use it. Not for anything confrontational mind you, but to ensure she has access to what she paid for.


----------



## Leo (8 Aug 2017)

PaddyBloggit said:


> Regardless, the fact that the web designer has control over the domain name and hosting he could have reeked havoc without having the username and password to the site.



Yep, OP should ensure ownership of any domain they are paying for is registered to them, and not the designer. Designer (or ideally another reliable service provider) can be listed as technical contact, nut if you want to build a business, you must fully own and protect your online presence.


----------



## Maryb50 (8 Aug 2017)

Thanks to all of you for all the very helpful and informative replies. Though I'm a techno luddite, I'm learning quite quickly. just to give you an update. A friend put me in touch with another web designer who does maintenance on website other than those designed by him, and who helps people whose websites have been hacked. For e180, he copied my website on to the same name but an .ie rather than a .com domain name, which the original web designer had given me, though I had requested a .ie domain. The new web designer linked by Facebook and Twitter accounts to my new .ie domain which is fully registered to me. However, the only issue is that my original website with the .com domain is still up there - I'm obviously not going to use this domain name again, but I don't want it to be online until next year. Is there any way of crashing the original website - my friend was going on about this this evening, but I don't  completely understand what he meant. 

In relation to the web designer, I did give an uncomplimentary  review afterwards on his Social Media stating exactly what all that had happened including that I now had no access to my passwords. He replied on his Social Media, that he would not help me, and would only give me a one star service unless I removed by poor rating. So I think that's it. I don't know if there is any point in confronting him now. Maybe the Small Claims Court?


----------



## PaddyBloggit (8 Aug 2017)

Forget the .com domain. When people aren't accessing it, it will eventually not be visited. The web designer won't renew the .com next year - it will cost him money and he'll have no interest in it.

Get the .ie site publicised - social media etc. and it will flourish.

Is the new site on new hosting? Make sure your new site is not connected in any way to the original web designer's controlled hosting.


----------



## Maryb50 (8 Aug 2017)

Hi! Paddybloggit - I hadn't thought about that - I suppose it's letting it die a natural death! Yes, thankfully the new site is on new hosting. Hopefully all will go well from now on.


----------



## Leo (9 Aug 2017)

Maryb50 said:


> Is there any way of crashing the original website - my friend was going on about this this evening, but I don't completely understand what he meant.



Crashing a website generally entails directing so much traffic at it that the underlying infrastructure can't cope. It's illegal and unless you really know what you're doing, traceable back to the perpetrator. The affects are also temporary, so this approach only has the potential to do you more harm than good. 

It really would be best if you can get ownership of the .com domain name from the original designer. Offer to take down the negative review in exchange if needs be. At any time in the future they could put anything they like on that domain and potentially harm your reputation. If they don't agree to transfer, the only other means of taking over ownership is through the ICANN dispute mechanism which will first require that you obtain a court judgement.


----------



## Seagull (9 Aug 2017)

Maryb50 said:


> In relation to the web designer, I did give an uncomplimentary  review afterwards on his Social Media stating exactly what all that had happened including that I now had no access to my passwords. He replied on his Social Media, that he would not help me, and would only give me a one star service unless I removed by poor rating.


Add his reply to your review. If he's that unprofessional, he deserves a good kicking.


----------



## Maryb50 (9 Aug 2017)

Thanks Leo and Seagull for your replies. Yes, I did some reading last night and found out what crashing was and that it is illegal. Anyway, the old website designer has disabled my original .com website. Can he enable it again, and put say things about me on it? It's gone past me being able to buy the com domain from him. 

Seagull, he commented on my poor rating of him on Social Media and I replied underneath his comment. I had also given him the same bad review on his website, but he took this down, along with what seemed to be positive reviews from others - perhaps his friends!


----------



## Leo (9 Aug 2017)

Maryb50 said:


> Can he enable it again, and put say things about me on it? It's gone past me being able to buy the com domain from him.



Unfortunately yes, he is free to do so as he owns the domain. He however cannot defame you or misrepresent you, though you would need to take legal action to respond to that.

Sign up for a change detection alert on a site such as this. That will give you a heads up very quickly if the site becomes live or the content changes giving you the chance to review and take action before too many see it.


----------



## Seagull (9 Aug 2017)

Given the large number of website designers around, and also the number of self-build packages out there, I find it really strange that someone would behave like this. A good job, and you'll be paying him something every year indefinitely because he owns the url and you'll be wanting updates every so often. There's also the possibility of other work through recommendations. He's now guaranteed no repeat business from you, and a slagging from you to anyone you know considering having a website built.

It's probably worth seeing if you can take a case against him to get at least some of your money back.


----------



## Maryb50 (9 Aug 2017)

Hi all. This guy has now made extremely defamatory remarks on my business Facebook page, saying that he used my business - which he never did, and saying absolutely horrible things about me personally. My solicitor has emailed him this evening and is going to go for an injunction if he doesn't remove the post. The guy is a prominent person in the community here. I can't understand why he would act like this,


----------



## Leo (10 Aug 2017)

Submit a complaint via Facebook as well, but make sure you keep copies of everything he has posted.


----------



## Firefly (10 Aug 2017)

Maryb50 said:


> Hi all. This guy has now made extremely defamatory remarks on my business Facebook page, saying that he used my business - which he never did, and saying absolutely horrible things about me personally. *My solicitor has emailed him this evening and is going to go for an injunction if he doesn't remove the post*. The guy is a prominent person in the community here. I can't understand why he would act like this,



Good move.


----------

