Can You Trust Your Webmaster?

Last week a friend of mine told me about a problem that she was having with her webmaster. She no longer trusted this person who was in charge of her ecommerce website.

Their relationship is similar to most webmaster – client relationships: the webmaster understands the complexity of web design and search engine placement and the client relies solely on her / his expertise. The client's lack of technical knowledge and dependence can make them an unwitting victim of unscrupulous webmasters. That is exactly what happened to my friend.

Now, most webmasters are solid, upright citizens working hard for their clients. But the few bad apples … well, ruin it for everyone.

Webmasters are privy to many types of secure data. Some of the information that I routinely receive are client credit card numbers, home addresses, secret words or questions, usernames and passwords. Clients seem to be willing to hand over whatever information is necessary for securing their domain names, hosting service, payment gateways, and security certificate setups. In addition, I also have access to all customer purchase information: addresses, phone numbers, email addresses, credit card information, and login username and passwords.

With that in mind, security breaches and misuse of data become a possibility. Relying on a webmaster, whose moral base is, "whatever it takes to make a buck" will quickly develop into a disaster for the client.

Disaster struck my friend's business. Her webmaster set up the website and email accounts and hosted it on his web server. He controls the entire process leaving my friend out of the loop. She submits changes to him as she does not even have a username and password. If the webmaster was competent and trustworthy, the relationship could continue like this for a long time. Unfortunately, he was not.

Maybe a mistake, maybe a design error? NO. This webmaster was siphoning her client list and selling the client list to spammers. Further investigation showed that an employee was also providing the webmaster with bulk mail lists.

How did she find out she could no longer trust her webmaster? She heard it from her customers, her bread and butter. Customers were complaining that they were receiving massive amounts of spam after signing up for information on my friend's website. Knowing that she has an anti-spam policy in place, she began to investigate.

After setting up a dummy Hotmail account, she went to her website and submitted the Request for Information form. Then she waited to see if she received that request. Eventually, she received the request, but not from the original email, but a forwarded copy from the webmaster. It seemed that the webmaster had pointed the form to his email address.

This resulted in one fired employee, one distraught client, loss of customers, loss of revenue, loss of brand recognition, the additional expense of setting up a new site on a different hosting company server and a forced domain name change. The domain name change was forced because the webmaster refused to change the name servers (the way the web finds your site) to point to the new address of the site.

Does this happen all the time? No. Does it happen enough to call a webmaster's credibility into account? Yes. That is the rub. Those of us, who are working to maintain a client's trust, find we have to account for the bad apples. We have to prove we aren't one of them.

Following these simple rules will bring you piece of mind when hiring a webmaster:

  • Ask for and CHECK references. (Don't just go to their site and see their clients, pick up the phone)
  • Ensure that the contract includes specifics:
  • Design and Optimization details
    • Completion date
    • Specific recourse if the site does not meet the completion date
    • 50% retainer (do not pay for all of the work up front)
  • Put all requests in writing.
  • Specify in the contract a date for turning over the website to the client
  • Once the site is turned over, (even if the webmaster still supports the site):
    • Change all the passwords
    • Change the user permissions
    • Administrator should be the owner
    • Test all forms to ensure that you receive the contact information
    • Stay vigilant, listen to your customers