I am a freelance developer with over a decade’s experience in bespoke WordPress sites. I recently finished a small job on a freelance website for a client who basically wanted some minor updates and a blog post added. Easy to do, asked for access to the dashboard and hosting but only got access to the dashboard and although there are 18 updates (including WordPress itself) my client refused access to the hosting control panel.
I advised that I needed access to this to run a backup but again was refused. I did the best I could and my new client seemed happy with this and paid me the full amount on time. I rang the client out of courtesy and to explain that for me to be more effective in my job that I would need access to the hosting to run backups and then Update all the plugins, WordPress and generally optimize the site and make it more secure.
What follows is the most surreal telephone conversation I have ever experienced:
Client: Thank you for helping with my site. I am more than happy. I have settled your invoice in full. Please leave the updates as they will break my site and make it less secure.
Me: Are you sure as it’s insecure as it is? The updates include security patches which will make your site less vulnerable than it already is. It’s this reason why I need access to your hosting cpanel.
Client: No that’s ok, thank you for your help on my site, but we have been hacked loads of times over the past 2 years and was told by our friend who built our sites to never give out hosting info to anyone as it’s his. My husband wishes to talk with you about his website now….
Client’s Husband: Thank you for working on my wife’s site. Can you help with mine as well? I just need some info as I can do the job myself. I have been locked out of my site for over 3 years now. WordFence has permanently locked me out. I need you to protect my site from hosting.
Me: Have you filled out the form on the WordFence lock screen? This will unlock it for you by sending an email and you will be able to gain access to the admin area of the website.
Client’s Husband: That email does not exist anymore. My friend moved hosting 3 years back, He has told me never to give out hosting info to anyone which is why I am refusing access as we don’t want to be hacked again.
I go onto explain that in order to gain full access of the website I WILL NEED full cpanel access and that I will have to delete WordFence itself and then I can reset it for him. That is the only way you can get full access.
Client’s Husband: No my friend told me never to delete WordFence as it’s protecting my site and that I should never give anyone hosting access EVER. I have done it before, I just need to change a line of code, do you know how to do this or not? What is the line of code?
Me: Yes, I know how to do it, But again I need access to hosting. As I deal with thousands of lines of code every day, I need to refresh my memory and I cannot see the code in front of me as I do not have access to your hosting.
Client’s Husband: Forget it, you clearly do not know what you are talking about and are a cowboy, you cannot tell me what line of code I need to change. I will have to figure it out myself, thanks for nothing.
I think that from memory all he has to do it whitelist his IP address. That’s usually the blocking mechanism in these security plugins
I send them both an email with links to my Facebook, Yelp, Google and Trustpilot reviews and a link to a blog post on how to gain access to WordPress by deleting WordFence. I guess his site is so well protected that even he cannot get access. I doubt I will hear of him again in the future.