Skip to content

Don’t Let Your Website Get Hijacked

Reading Time: 6 minutes

In this post I cover some technical aspects of website management, things you should be aware of no matter how your site is being hosted. Even if you don’t have a website yet, or if you are considering a change, please use this as a resource to ensure you maintain control of your website/brand essentials.

It’s a recurring nightmare I hear about in my work as a web designer. I sit across the table (or get a desperate email) from a prospective client whose website has been hijacked by their previous web designer. Here are a few of their stories:

  • They’ve been locked out of the site and can’t make any changes.
  • The project has been abandoned halfway through.
  • Their home page is a blank screen with an error message and they have no idea how long it’s been that way or what happened to their website.
  • Emails and phone calls to their web designer (web developer, webmaster, or other web professional) go unanswered.

If it hasn’t happened to you, you’ve probably heard a story or two from someone in your network of writer friends. And sadly, this nightmare occurs more than you might think. But it doesn’t have to be a nightmare for you if you take some precautionary steps. In this article I’ll share some tips that will keep you in charge of your website, even if you have to rely on a website or technology expert to do the heavy lifting for you.


Let’s start with some basic definitions.

Domain Name: This is your URL. It’s what people will type in their web browser to find your website. Domain names are not “purchased,” they are registered. This registration must be renewed annually or you may lose your domain name. If you know you will keep your domain name, you may consider registering it for multiple years. You can usually get a discount when you do this, and you won’t have the hassle of having to renew each year. Annual renewal rates are usually less than $20, unless you have a premium domain or other special circumstance.

Website Host: This is usually a third party, like GoDaddy, Bluehost, or something similar. Your web designer/developer may act as web host (many web hosting companies offer “reseller” accounts for web professionals). In this case, you’ll be billed by your web developer directly, instead of GoDaddy, etc. Most web designers won’t actually host your site on their own on-site server. They’ll use a third-party service as mentioned above.

Hosting is usually billed monthly, though you may get a discount for annual billing. Cost for basic hosting ranges from $5.99/month (usually for the first year only, annual contract) to $15/month. There are several add-ons that can greatly increase this price, depending on your website traffic and security needs.

If your web professional does certain kinds of monthly maintenance, this will affect your monthly cost as well.

Server: Files saved on your computer are saved on your “local” hard drive, located within your computer. A server is a hard drive accessed through a network. So instead of saving the files on your own computer, the files are on a hard drive that can be accessed by other computers. While your website files may be stored on your computer as a backup, the files accessed by the public will be stored on a server. This is where the web hosting company comes in. They provide the server, along with security protocols, maintenance, and software updates to keep everything running smoothly.

CMS Admin Panel: This is the interface that allows you to add blog posts, pages, photos, and other elements, depending on which content management system you’re using for your website. You’ll have a login username and password. There are usually different levels of access or user types. For instance, an “admin” might have FULL access to the website functionality, but a “user” might only be able to upload a blog post or add a new page with photos. I usually provide my clients with BOTH an admin login and a lower level user login. As a precaution, I advise them to login with “user” status until they become comfortable with the way their website operates. This ensures they won’t “break” the site or delete important files accidentally. Most people feel more comfortable logging in at a level with fewer permissions, at least initially.
Note: CMS means Content Management System. WordPress and Drupal are examples of content managements systems.

FTP: This stands for File Transfer Protocol. It’s the backdoor access to your website. Files can be uploaded to and downloaded from your site through FTP. Your website directory and code can be altered by anyone with full FTP access.

Okay, those definitions should give us a good foundation for our subject today. Are you still with me? Good, because next I’m going to tell you how to keep your website from getting hijacked. Are you ready?

What You Need to Know

There are several pieces of information you should request from your web designer/developer (if you don’t already have this in your records).

Domain Registration

  1. Which company is your domain name registered through?
  2. There will be an account number with username and password to access your domain registry online. Make sure you have this account information. If your web professional tells you that your domain name is under their account, create your own account and have the domain transferred to your account. YOU MUST BE IN CONTROL OF YOUR DOMAIN NAME. If your web professional lets this annual registration lapse, you may lose your domain name. Your website (domain name) is probably printed on your business cards, books and other marketing materials. This is where you are sending readers, agents, publishers, and other contacts. It is the hub of your business so treat it as a valuable asset. Keep it secure. In a worst case scenario, even if you lose your website files, if you have your domain information secured you can always rebuild. Without it? Well…that really is a nightmare.
  3. If you use an online website builder to create your site, READ THE FINE PRINT. One of my clients started small by creating a website through a popular do-it-yourself application. When they were ready to upgrade to a custom website, they contacted me to manage the project. We learned they didn’t have full rights to their domain name. My client had to register a new domain name in order to move forward with their required redesign.

Web Hosting

  1. How is your website hosted? (Through which company? Does your web designer have a reseller account? If not, is the account in their name, or your name?)
  2. If you are hosted through a third-party host (like GoDaddy, Bluehost, etc.) make sure you have the account number, username, password, and PIN (many hosting companies require a PIN to provide account access and information over the phone). Even if you trust your web designer, you may want to request that your email address be added as a contact for the hosting account. This way, if a monthly payment is missed (because of an expired credit card, or a card that is over the limit) you will be notified of the problem before the web host takes action by cancelling your account. If you are NOT listed as an account contact, you may miss vital communication between the web host and your web designer.
  3. If your web designer has a reseller hosting account, ask which company it’s hosted with. Most importantly, ask your web designer to provide you with cPanel username and password. The cPanel account can be accessed with http://YOURDOMAIN.COM/cpanel. I won’t go into the details on cPanel now, but this information will give you (or your subsequent web designer) full access to your website files and databases.

Website (CMS) Admin Access

  1. Make sure you have admin login credentials at the highest level, even if you don’t use these credentials for your day-to-day website upkeep. While being locked out of your website admin panel is a problem, if you have the information in #2 or #3 under the “Web Hosting” list above, you can gain entry to your hosting management and then reset any user passwords you don’t have.
  2. Also, you can use the “forgot password” or “help” link on the admin login page. However, if your email address is not linked to the username you’re trying to log in with, the “reset” function there won’t be helpful.

FTP Login

Unless you’re into hands-on web technology you probably won’t ever use FTP. However, it’s good for you to have the FTP address, username, and password in case you need access.

The above information will help prevent a hostage situation where your website is concerned. Any web professional should be happy to provide this information to you. That’s part of being a professional –taking care of your clientele. Once the information is provided, access these accounts yourself to ensure you have the correct login info. Also, it’s a good idea to get familiar with accessing these accounts now (while your web designer is available to help you).

Keep in mind that I have only addressed the access issue here, not security. (I will address security issues in another article.) Retaining the information above will ensure you have ACCESS to your website files and the usual accounts associated with it. This gives you the power to take back control of your website if the need should arise. (And of course, if you need to revoke access, all passwords should be changed.)

I’ve covered the basic services here but you should do some further investigating to ensure you’ve got everything covered. Ask if your email is provided through the website hosting account or a separate email server. If it’s separate, be sure to get the email hosting info as well—hosting company, account name, and login information. Finally, ask your web designer if there are any other accounts or services attached to your website. Request necessary information for each of those services and keep all of this in your records.

I hope you found this information helpful. As I said, I plan to cover some basic security measures in a future post, but this is my question for you:

What else would you like to know about on the topic of websites?

Here’s your chance to ask a web professional. Send me a quick email at and I may use your comments for future blog topics to help other authors. Thanks!

Leave a Comment