Website hosting, a real story of caution

Website hosting, a real story of cautionHere’s a true story about how poor website hosting service can cost a business dearly and how we helped a customer get control

One thing I hate about the world of website design?

There's no governing body or standards enforcement, anyone can claim to be a website designer and I kind of like the democracy of that.

However, it assumes people behave decently, and mostly people do. But when they don't in this industry, they can really damage a small business’s reputation and income

A local website designer was refusing to give the access needed to move a site to our server after the customer has asked me to take it on. They had initially been helpful with sending access details, but would not assist with the login to the site not working, even after repeated requests.

It’s not nice when someone wants to move their website out, but after 24 years of experience, we’ve learnt that you give a new website designer all the access they need, not just because it’s the decent thing to do, but so they don’t think you’re a bad person and the customer is more likely to come back to you.

FYI a WordPress site consists of files and a database, one can’t work without the other. So without site login access or the database we were stuck.

I’ve never been in this situation before, website designers are usually more cooperative and this was potentially damaging to the business. The website had been down for days and so was email. The only access we had was FTP (not even SFTP, that's just the web files, no database or email access). I checked the files for malware and the site was riddled with it!  

As we’ve said, we’ve been in email contact with the website designer and repeatedly asked for a site login so we can install a plugin to export the site, or database access so we can export it that way. They repeatedly replied that we have all the access we need and that they will be taking the site down even if the site isn’t safely up and running on our server. 

They never replied to two emails showing the extent of the malware infection. It had probably been taken down by the hosting company on and off for eight months prior, as one of the infected files had been on the server from that long ago.. 

Hosting providers will take down a site including email if there’s a malware infection to prevent their mailserver from being blacklisted and further infection. If this was the case, even if we had the database or login it wouldn’t have worked as the site wasn’t accessible. 

What we did

Rebuilt the site

It was so infested with malware it was impossible to fix, it was a simple website so rebuilding it took around 4 hours. In cases like this, starting again can be gruelling but means no malware potential, and an up-to-date system. 

SSL Certificate

Added an SSL Certificate - as soon as the website was visible via our server, an enquiry came in. We believe this was because the SSL Certicate had been just been activated and the site was free of malware. Google can detect security issues with sites and will delist them, sites without SSL Certificates are also penalised by Google. Find out about What is an SSL Certificate and why do I need one here. So, it might be safe to assume that within the few hours of the site being made safe, Google listed the site again.

Better password security 

The email and FTP login passwords were easily guessable, as they included the company name plus several characters. We’ll never know if the site was hacked because the passwords were poor, or because the security on the site hadn't been updated for well over a year. 

Basic SEO set-up

Registered the site with Google Analytics and Google Search Console and Microsoft Bing

We set up the Yoast plugin and registered the siutemap.xml with both Google and Bing.

We added a plugin by Google, called Google Site Kit, which means as well as having full admin access to the Google Analytics and Google Search Console, our client can login to the site and see how it’s performing. 

Contact form 

We added spam protection and an area on the site where the customer can access email enquiries once logged in, just in case one was missed or there was an email issue 

What to do?

It’s truly heartbreaking to think there are businesses out there allowed to operate like this, without realising the consequences it has to real lives. 

We believe the company in question is winding down their business as their phone line is down and their Google Business Profile says it’s closed permanently.  

These are potential red flags, if you’re unhappy with your hosting, and the following is true we’re here to help:

If your hosting provider is:

  • Not replying to emails 
  • Answering emails vaguely but not really effectively helping when there’s an issue
  • Not answering the phone, or it’s out of order
  • Their Google Business Profile says ‘Closed permanently’
  • You are generally unhappy and want to talk to someone in the know

You shouldn't be putting up with any of the above, if you are let us know, we want to help - contact us here