Your web developer has disappeared. What to do next.
It happens more than you would think. The freelancer stops replying, the agency folds, the one person who understood your site moves on. Your website still works, for now, but nobody is minding it. Here is a calm order to do things in, whether you hand it to someone else or take it on yourself.
Work top to bottom. The early steps protect you even if you do nothing else.
First, do not panic, and do not pay to be held to ransom
A quiet developer is a nuisance, not a disaster. Your site is still up, and in most cases you own more of it than you think. If someone is withholding access and asking for a lump sum to hand it back, slow down. Work out what you already control first, because it is usually more than the pressure suggests, and a calm hour now saves a rushed payment you did not need to make.
Step 1: List what you can still get into
Write down every account your site depends on, and mark which you can log into and which you cannot. The usual list:
- The domain name (your registrar, for example GoDaddy, 123 Reg, Namecheap).
- Hosting or the server (where the site actually runs).
- The CMS or admin login (WordPress, Shopify, a custom dashboard).
- Business email, especially if it runs on the same domain.
- Analytics, and any payment processor such as Stripe or PayPal.
Step 2: Secure the domain first, then the rest
The domain is the keystone. Whoever controls it controls where the site points and where the email goes, so start there. Log into the registrar, reset the password, set your own email as the account owner, and turn on two-factor. If the domain is registered in the developer's name rather than yours, getting it transferred to you is the single most urgent job on this page. Once the domain is safe, do the same for hosting, then the CMS.
Step 3: Find out who owns and hosts it
If you are not sure where things live, a WHOIS lookup on your domain shows the registrar and the expiry date, and the site's nameservers point to whoever hosts it. If you are locked out, every reputable registrar and host has an account recovery process for the rightful owner, usually proven with ID or billing details. That route is slower than a password, but it does not depend on the developer answering the phone.
Step 4: Take a backup while you can
Before you change anything, save a copy of everything you can reach: the site files and the database, or an export from your CMS. Even a partial backup buys you options, and it means a mistake or a lockout later cannot wipe you out. Keep it somewhere that is yours, not on an account the developer might still control.
Step 5: Judge the risk honestly
Now rank what would actually hurt if it broke tomorrow. Is the site still taking payments or holding customer data? Is the software years out of date, which is the most common way sites get broken into? Is the domain close to expiring? A site that just shows your opening hours is a very different risk to one that takes bookings and card details. Fix in order of what you cannot afford to lose.
Step 6: Decide who runs it now
You have three real options, and each has a trade-off:
- Find another freelancer or agency. Fast, but if nothing else changes you may be back in this exact spot in a year.
- Run it yourself. Fine if the site is simple and you have the time, risky if it is not.
- Hand it to someone who will take it on and keep it supported, so it stops being one person's secret.
How we can help
This is exactly what we do. With website and software adoption, we work through the steps above for you: get everything back into your own accounts, take a full backup, close the urgent security holes, and then keep the site running and supported long term. We do not need the old developer, the passwords or any documentation to begin, and you own everything at the end. If a rebuild would genuinely be cheaper, we will tell you that instead.
Common questions
The developer is holding my website hostage. What can I do?
Check what you already control before you pay anything. If the domain is registered in your name, you hold the keystone: you can point it wherever you like and recover the email. Registrars and hosts have account recovery for the rightful owner, so being locked out is often less final than it feels. Do not send a lump sum under pressure until you know what you can recover on your own.
How do I find out who my domain registrar is?
Run a WHOIS lookup on your domain. It shows the registrar, the registration and expiry dates, and sometimes the registrant. From there you use the registrar's account recovery to prove you are the owner and regain control.
Should I just rebuild instead of recovering it?
Sometimes, but decide with the facts, not in a panic. If the site still works and holds value, recovering and supporting it is usually cheaper and faster than a rebuild. If it is old, insecure and hard to maintain, a clean rebuild can be cheaper over a year. Get an honest look before you choose.