Last year, I worked with one business, who’s domain was held in the name of an irate ex-employee. Because the domain was originally registered in this employee’s name, there was no straightforward way for Nominet (the official .uk domain registrants) to release the domain name to the business, even though it was clearly set up for the business. Not even to the current business CEO.

Thankfully, I was able to go through a process to get the domain name released so we were able to get access to it and put it in the rightful name of the business. However it was a lengthy process that required a lot of effort. If I had not been able to do this, the ex-employee could have used that domain name, and the traffic which had built up in the meantime, to make money by selling it on or seek revenge by uploading unsuitable content. A high risk situation for any business.

I see a lot of cases where people have commissioned websites, and have later tried to go back later a “re-do” their website. But suddenly they found that the only information they hold about what they paid for is a URL.

Often it is the website developer who is holding control of resource accounts such as the domain name, hosting account access and admin access to websites. What “owners” then quickly find out is that it is not uncommon for the people who built their website to charge for release of these resources.

For anyone commissioning a website or digital property here are 3 Golden Rules to know before you embark on the project.  Not only should you know this, but your developer or contractor should know you know and expect these.

Golden Rule 1: Firstly, never, ever, ever give your existing admin level account details to anyone, including anyone developing your website. Admin details means those you cannot then revoke from someone else. For example your business Facebook account, your domain name registrar account or MailChimp account. It may be tempting if you are a bit of a technophobe to give information “to the professionals”. Don’t fall into this. It may be all roses and sunshine now, but if you come into some conflict later, you leave yourself in a very vulnerable position if you cannot revoke their access. A smart developer should also never ask you for full account access as it also put them in a vulnerable position – if you were to suddenly notice something going amiss on your account, a natural human assumption is that it was the person to whom you just gave new access.

Golden Rule 2: Always get a technical description/specification of what systems your website uses or interacts with in a form that your grandma could understand. *Upfront* you should get a specification of how your web entity (website, web app or other) is built. This includes what technologies, what languages it’s built in, where each element resides and a list of all associated accounts. You should also get an upfront.

Golden Rule 3:  Ensure you “own” all new assets used in the build. Specifically this refers to your; domain name (and find out where it’s registered), your hosting, if using a CMS such as WordPress get admin (or super admin if it exists) ownership to your website – granting your developers restricted permissions account like “developer” or “editor” so that they can work on it, and at the end of the project, you can deactivate their access. If you are using any other web services such as Dropbox or Google Developer accounts, get it all in your name so that you can deactivate their access at the end of the project.

Finally, do not be afraid to explain up front (always better to explain up front) why you want this – this is to protect not you, but the developer should anything go wrong post project. Ensure this is put into the contract along with a clause about any subsequent accounts, permissions, collateral which become necessary in the course of the project.

Don’t forget, your website is your property and by paying for it you should be entitled to overall access and permissions to it if you pay someone outright to build it for you. Of course, different circumstances require different needs, however you should at least understand to your own satisfaction the logic behind why you are not being given this.