During the past five months I’ve received a stream of accusations. Everything from “stealing” clients to IP theft. The latest of these came in the way of a personal threat against both myself and my family, specifically my children:
Ironically, the simple fact that this and a number of other messages have been sent to me via the contact form on my website is just another indication that the people leaving these threats are both gutless and lack any real intelligence or knowledge about websites or hosting. Although other people’s email addresses were used on the forms – which is a federal offence – and obvious implied threats made against my family, their ineptitude is highlighted by the fact that in two other form submissions made within minutes of the above threat, the party involved implicated itself by claiming I had stolen clients from them. The fact that their IP address is also trivial to obtain, which can then be traced directly back to them, demonstrates the level of technical ineptitude we’re dealing with.
That IP address, along with all details taken from the website and web server, have been passed on to the appropriate federal authorities.
It is, however, that same ineptitude that prevents people like that from understanding just how it is not only possible, but incredibly easy, to move a website from a hostile or unhelpful host if the client so wishes, without any requirement for “insider information” as they continually suggest. I’ll detail the process below, but before then, lets clarify how we got to this point.
The History
Late in 2016 it became apparent to me that my former employers were considering divesting themselves of the department that I ran at the company. With an uncertain future, I proceeded to undertake a number of (expensive) courses so that I could go into business for myself if or when that occurred. The first course was for developing online training courses and the second was for running a high end web agency targeting corporate clients. When my former employer finally made it known within the company, around March of 2017, that my department would be sold, I indicated that I would be willing to stay on in a caretaker role until the business was sold. I was not allowed to mention anything about the sale to clients. When the business was finally sold in December of 2017, I was kept on for the handover then for one additional week to assist the new owners with answers to any questions, which I did. I finished up with that employer on 23 December, 2017.
At that point, as far as I was concerned, that was it. I was walking away, ready to do my own thing. I had already registered a company and a number of business names that had NOTHING to do with the healthcare industry, and started building websites for those entities. Indeed I had built a few websites for long-term clients of my own that had nothing to do with the healthcare industry. My intention was to take a few months off because I had been working ridiculously long hours preparing everything for the transition to the new owners, during which time I would complete my business website and prepare some marketing to get started in my new business.
Ironically, during my time in my previous job, I had been invited to connect on LinkedIn by a number of clients, and similarly had invited a number of clients to connect. I therefore had a number of former clients in my LinkedIn connections – a very common situation in today’s social media driven world. On 19 January, 2018, less than one months since I’d finished in the role, one of those former clients obtained my contact details via LinkedIn and attempted to contact me for assistance with their website. I still have that text on my phone. As it was no longer my job or place to do that, I didn’t even respond to the attempted contact.
It wasn’t long after that when I was contacted by another former client, in this case pleading for my assistance because the new owners of the business were refusing to help with his issue, which was that the booking buttons had disappeared from his website and clients could no longer book. The “solution” offered to him by his new hosts was to build a new website at a cost of $2000. Very reluctantly I agreed to assist him AT NO CHARGE because it was about a 10 minute job to put his booking buttons back. The client provided me with his login details for his website so I fixed his booking buttons.
Within a month that same client was back in touch with me asking for further assistance, again because his new hosts were unwilling or unable to help him. I again assisted him AT NO CHARGE, this time it was about a 15 minute task. During this time, his new host was still charging their fee for “managed hosting” yet none of the underlying system – WordPress, plugins, theme – had been updated for over four months. The client therefore asked me if I was interested in taking over his hosting. I explained that I didn’t have a hosting product that I could offer, but I had been working on an generic managed hosting platform to offer through my MaintainWP business, but that wouldn’t really be ready for some months.
It concerned me, though, that his website wasn’t being updated, which I expressed to him at the time. After all, that is what “managed” hosting is, and it simply wasn’t being done. On the basis that there were also a few elements broken on his website, I decided to have a look through some of the other sites of former clients – the list of domains hosted on that server is trivial to obtain via a reverse DNS lookup, which, again, they would know if they knew anything about web hosting. What I found was dozens of sites with numerous issues, some quite “broken”.
Again, though, this was not my issue, so although I felt sick to my stomach for the clients that their websites were being allowed to deteriorate in such a manner, I felt it wasn’t my place to do anything about it.
In around August of 2018 I was again contacted by the same client who was again having issues with which he couldn’t get any assistance. Upon further investigation, at his request, it became apparent that the issues were significant. There had been no updates run on any of the underlying system since December of the previous year and the servers were horribly slow. The new host simply blamed the existing website configuration and once again offered to update the clients site for $2000.
At this stage, I felt that I was letting these people down, many of whom I’d formed very good working relationships with, by allowing them to continue paying for a service they simply weren’t receiving, and worse, for their websites to be, in some instances, unusable. I therefore contacted a handful of those former clients on LinkedIn, indicating that their websites had issues and offering assistance. Keep in mind this is now NINE MONTHS after their new hosts took over that service.
In an attempt to fix the issues for some clients I created, at NO CHARGE TO THE CLIENT, a fix for a number of the sites on which the navigation menu was broken and not working, and sent that fix to the clients with a suggestion that they ask their host to implement the fix for them. The host did, indeed, implement my fix, and it is still in use on those sites as I write this.
What followed was a series of clients asking me to take over their hosting, so I rapidly built a website and put services in place to enable that. During the period when I was doing this, some clients sites were offline for more than a WEEK, with little or no explanation from their host.
After migrating the first couple of client’s sites, using backups they were entitled to obtain, the charming folks from their former hosts sent derogatory emails to those clients and made their first round of threatening form submissions on my website. A telephone conversation between myself and the owner of that business ensued, in which I openly told him of all the issues with those sites and why those clients no longer wanted to use their services. I was threatened with legal action and called a few choice names during that conversation – the same language as used in the form submission above – but ultimately, despite me outlining everything they needed to do to fix the issues – some of which I had already fixed for them, free of charge – they still made no attempt whatsoever to rectify any of the problems with the sites, instead offering to do their $2k “upgrades”.
So the stream of defectors has continued. And with that stream of defectors a continual stream of accusations, all because I have the knowledge and ability to move sites without needing anything from them.
So, how is it possible to transfer a site without the current host knowing, and without “insider” information?
The Process
Well, it isn’t just possible, it is actually relatively easy for anyone with decent skills and an ability to actually think. It is easier with a backup, which the first few clients were able to obtain, but that isn’t actually necessary, and after their derogatory emails to the first few clients, I thought it better to just leave them out of the process altogether until it was completed.
The first requirement is that the client has “admin” level access to their site. So I asked the clients to request that level of access. They are their websites, after all! With admin level access, the rest is trivial:
- WordPress, the theme, the forms tool (Gravity Forms), the Newsletter system and a number of other features, all have Export options. So the first step is to use the export options on all those tools and save the files they create.
- Most (well configured) sites use a “child” theme. The child theme contains the customisations for that particular site. Normally, without access to the server, it is challenging to get hold of the child theme. Challenging, but not impossible if you can write a bit of php code. Most sites have some method of adding code. It is trivial to write a “shortcode” that creates a copy of the child theme and puts a link to the copy on a page on the website. Simply accessing that page creates the copy of the child theme, then once it has been downloaded via the link, a second shortcode added to the page is used to delete the copy. So that is how the content and child theme is obtained. Oh, and child themes are NOT considered “intellectual property” because they simply contain code that any developer worth their salt could easily replicate. And in any case, the client paid for their site to be built. It wasn’t built for free, so the site belongs to them, child theme and all.
- Obtaining the parent theme is trivial – in fact I owned a copy of that parent theme before it was ever used on those sites. I built my sister’s website with it long before it was used on those sites. Otherwise it would have just been a case of purchasing a license.
- In the same way it is trivial to create a copy of the child theme, it is also trivial to create a list of all the plugins used on the site. Another shortcode and the list can be copy / pasted into a file. Obtaining those plugins is then also, you guessed it, trivial! Most are free, some are commercial and of the commercial ones, most are plugins that all developers use, which I do, so I already owned licenses for them.
- For some of the older sites, rather than obtain a copy of the existing (fairly basic and very OLD) theme, it was simpler and quicker to just build a similar looking theme with a page builder (in this case, Beaver Builder). The rest of the process was the same.
- From there it is a simple matter of installing a new copy of WordPress on my servers, add the parent and child theme (or my own template built in Beaver Builder), adding the plugins then importing the content. The entire process takes only a few hours.
- Then, in the case of the sites that use a child theme, there were updates that needed to be applied and various elements fixed.
As an indication of how the sites looked before being transferred, then how they looked after, here is a before and after shot of the Country Chiropractic site:
That site had been “broken” in that manner, with terrible alignment and code in the footer area, for almost SIX MONTHS – I have screenshots taken at various times to prove it – and it was more than just the home page, yet no apparent effort had been made by the host, who was being paid for “managed” hosting, to fix the issues. It took no more than a couple hours to both fix the issues and give the site a bit of a facelift once we had the site transferred. That client has since had us make a few additions to the site to support her new clinic location.
The final part of the transfer process is delegating the domain and transferring email accounts. There are a couple of solutions for transferring email accounts, the IMAPSize app on Windows or the online IMAPSYNC service. That process just needs the email account details from the client. Delegating the domain is simple once the domain is under the management of the client, again a relatively simple task.
So that’s the process. Not difficult for someone who actually knows more than how to just make disgraceful threats against children. If anyone wants to see the process in action, I’m quite happy to demonstrate. Indeed, when I get time I’ll make a video showing exactly how easy it is.