What to Do When Your Web Designer Is Holding Your Website Hostage

web designer hostage featured

If you’re reading this because your website just started displaying a scary warning message, or because a developer is telling you it’ll cost thousands of dollars to get your own site back — take a breath. This happens more often than people think, and it’s almost never as dire as it’s being presented to you.

Here’s a real example.

The Situation

Custom-K9 Bay Area, a dog training and boarding business in Pacifica, hired a web designer to build them a new WordPress site after a rebrand. What started as a normal project turned into a nightmare: costs kept climbing with charges that were never disclosed upfront, and then — with no warning — their website started showing a threatening message claiming it had been hit by a “Russian cyberattack.”

The same company that built the site told them it would cost $3,000 to remove the “virus” and get the site working again.

They came to us instead.

What We Actually Found

This is the part that matters most for anyone in this situation: when a developer locks you out of your own website and then presents you with a bill to “fix” it, in the vast majority of cases there is no virus. There’s a login you don’t have, a host you don’t control, and a warning message designed to make you feel like you have no choice but to pay.

Once we got access, here’s what we found and did:

  • No actual malware infection on the WordPress install itself
  • Moved the site to a new host we control, so the previous developer no longer has leverage over it
  • Recovered the “locked” data — the content, pages, and files the client thought were gone were still there
  • Reset every password and credential tied to the site so the old developer no longer has access
  • Got the site back online within a day

No ransom paid. No data lost. Total cost to the client was a fraction of the $3,000 they were quoted to remove a “virus” that didn’t exist.

How to Tell If This Is Happening to You

A few warning signs that a developer situation is turning into a hostage situation, not a legitimate technical problem:

Checklist with red warning flags next to a declining chart with a question mark, representing warning signs of a predatory web developer
  • Costs that keep increasing with charges that were never quoted or explained upfront
  • A sudden “your site has been hacked” message that appeared right around a payment dispute or falling-out
  • The only people who can explain the “virus” or fix it are the same people who built the site
  • You don’t have your own login to your hosting account, domain registrar, or WordPress admin
  • Vague, urgent, high-pressure language about needing to pay quickly to avoid losing everything

If two or more of these sound familiar, it’s worth getting a second opinion before you pay anyone anything.

What to Do Right Now

  1. Don’t pay a ransom before getting a second opinion. A qualified WordPress developer can usually tell within an hour whether a site is actually compromised or just locked down by whoever built it.
  2. Find out who owns your domain. Your domain registration should be in your name, not your developer’s. If you don’t know, that’s the first thing to check.
  3. Ask for your hosting and WordPress admin credentials directly. If a developer refuses to hand these over, that’s a red flag on its own.
  4. Get a clean second opinion before paying anything. Migrating a WordPress site to a new host and recovering existing content is routine work — it should not cost thousands of dollars, and it should not require paying the same people who created the problem.

What Our Client Says

“Jason was amazing! Very responsive and in line with what we needed… Within a day, we realized our current web designer had done us wrong, and he quickly moved our website to a new server, went through the back-end of our website and retrieved all the lost/locked data that we had before, updated the passwords and now hosts our site… Jason is very knowledgeable, expedient and is NOT out to rip you off.”

Custom-K9 Bay Area (Google review)

“Jason listened to what was going on (we were panicked!) and worked with us very quickly.”

Beckie Patane, Operations Manager, Custom-K9 Bay Area (Clutch review)

If This Is Happening to You Right Now

You don’t have to figure this out alone, and you don’t have to pay a ransom to get your own website back. Reach out and we’ll tell you honestly, and quickly, what’s actually going on with your site — no pressure, no scare tactics.

Already got your site back, or just want to make sure this never happens to you? Our WordPress care plans — starting at $65/mo — mean you always own your own hosting, logins, and backups, so no developer can ever hold your site over your head again.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *