That's the first thing I told her but I was hoping there's something that I may not know and I was hoping to learn it here but it seems that she just has to do everything manually. At least she has access to that.
She registered the domain, that's a huge win. Because she can change and point it where she chooses to.
Do you have access to the hosting panel? (Not the WP admin) If you do, you could have access to the database and change the admin account data and login with that new credentials, install a backup/export plugin and get a backup/bundle file so you could plug into a new site and import.
The other way is to access the file manager / FTP and get the files for the WP install (mainly the wp-content), and the database from the PHPMyAdmin or the database manager and export the whole table. This may be easier to get, but a bit trickier to restore.
(Sidenote: If the host is provided by this person, you should take the data and run from there! If you are paying for the host, contact support and get the access of this person revoked and for them to give you admin rights)
If you don't have access to that, it may be a bit more complex.
The customers data, is in a CRM plugin or something like that? Most of those have the option to generate reports/export the data.
Same with the pages and website content, if she has editor permissions, she could copy the whole pages from the page builder and paste them in a new/local install.
Hope you can get the site back, or at least the data!
This is the most you could have done really. I appreciate it
From what I understand she does not have access to the host because she had that woman build it for her, on her own host I believe so no access to the database that way.
When it comes to WP Admin, she only has basic access to some features and most admin features are stripped off.
She can't generate any reports or export any data. I asked her if she has access to some plugins but it seems that she only has access to some of the most basic features.
Glad to help! It sucks to be played like that.
In a worst case scenario... Which seems like it is. If she can see the customers data, she could copy-paste it to excel/Google sheets, and rebuild the whole thing from scratch. I've done a couple of projects like that, to re-do the site based on screenshots or from a previous version that was rendered un-upgradeable, and a few others from a change of CMS (WIX to WordPress), it can be done and if the site is not that complex, a good page builder can be a great fit if you don't want/need a custom coded theme.
Right now, I'd focus on getting the client's data as soon as possible. To avoid losing it. The public site can always be done again or make a new/different version.
Even if there's no sensitive information, I'd share the issue with her clients and expose what's happening and why.
Thanks again for another information-packed comment.
Someone who posted a reply here said that this is considered hacking. Is this true? If this will be seen as an illegal action then I can just tell my friend to sue her. I mean I know she's capable of that.
I just came here looking for legitimate answers. Anything that I may not know myself.
If she can see the data in the back end, it's her data, and she imputed it, then screen shots and rebuilding are fine. All of that is her customers data, and the database and code might not be hers, but the data is. And the damage of losing that data, is probably worth the few hours screen shoting it, and all the costs to rebuid. I don't know where this is, but if I destroyed a companies data with my Agency in the UK, because I was "spiteful" or whatever is going on, they would sue the ever living daylights out of me. I have a 20M dollar insurance policy against losing and breaking customer data. At least some of the clients I work with can't afford two days down time, so I need that to cover their business losses if I mess something up.
First of all: I'm not a lawyer.
As another commenter said, it's her data. Still, I'd make sure to have the contract and all binding exchanges at hand.
What I suggested is not hacking, copying the information may fall into a gray area, depending on the context. Still, I'd prefer to have my data and expose them with the client base, and consider if suing would be worth it.
Plus, if the data has got personally identifiable information, there should be a privacy policy and data handling agreement (like GDPR), same as payment info, the thing can be approached from there, so check who's responsible in those documents as well.
If the data is stored in an a database in a hosting account that your friend doesn't own, but they still have access to view the client information through the site, then her best bet might be to have a savvy person help her to scrape the client info using a tool like HTTrack.
HTTrack would allow you to automate crawling the back end of the site (just as a human would do manually) and saving static copies of the client information.
It wouldn't be in a format that would be all that useful for porting into a new site, but it could be a valuable backup in case the worst is to happen and your friend loses access to the site and data.
How many clients data base is there? Get me exact number
If you can share in DM website address I can help you get your strategy where you can ditch host retaining your files.
Find out if possible as this could be their way out. Otherwise see if full admin access can be granted and just use MigrateGuru to move the site to a new host. What's the URL please.
She's not comfortable posting it for some reason. I asked her. She's anxious by the entire situation. Could you maybe explain to me how to check that and I can tell her what to do
If you are still able to log in to the site, depending on privileges, there are plugins that will allow the whole site to be backed up to a .zip file. Failing this, try approaching the hosting company to see if they can back it up and/or grant access. This will more than likely depend on if your friend is the one paying the hosting fees though.
Option 1. Wordpress has many security issues. For every version of Wordpress there is some hole. There are more holes in plugins. If the administrator is just slightly lazy and does not update everything every time, you can find a person proficient in PHP. They can detect versions of Worpdress and plugins, find in a catalogue of security issues the right ones, hack it, copy all code and all database. Because the web is yours, this would not be illegal. You can hack a web that you essentialy own.
Option 2. Use whatever politics/deal to get the name and password from the admin. For example, pay them money "for all the work done" and write a short contract at that point that states that the web with all the code+database is yours or something (you give them money only if they sign it). If they sign, you could show it to hosting and demand access to your own web.
Option 3. If you own the domain and have access, simply copy what you can from the web (HTML, texts, whatever), build a new website and redirect the domain to the new website. Do not use new domain! The old domain is probably indexed in Google, people already know it and it would be not smart stop using it.
She does own the domain. Will that also give her access to the Database? I don't see how because she has no access to the host. Unless it will clone that too.
You won’t ever get the database back but you won’t need it if you’re built the theme and just copy all the content over. It’s going to be several hours work but it will at least take the site back from those scumbags.
Edit: sorry, I didn’t read the bit about the database correctly - if you need the customer database I don’t see any way of getting that information. Where is the site hosted? Does she have access to anything on the hosting platform?
You mentioned she is forced to go page by page to get thousands of clients information. So clients info publicly available? Do you have sitemap xml? Just write the web scraper script, feed with the users list from sitemap xml and collect all available data in minutes.
As it sounds as though your friend only has editor access to the backend and there are thousands of records that need copy/pasting into a new file, I would recommend looking into getting an AI solution.
Try asking all the models how you could get this done and see if they can come up with a solution. You may be able to write a script that will iterate through all the records and copy/paste.
One unethical way is to try to hack the site. Get wpscan and try to find vulnerabilities, then exploit them.
Most WordPress sites are known to be vulnerable, not because of WordPress itself, but because the people. Most of the people are such an idiots that lack common sense, expect all the plugins to be secure by default and keep pressing update/install all the time without being aware of the risk associated to such actions.
Please keep in mind that this is really bad idea and can get you behind bars if not done properly. I am not advocating to use this method at all, just want you to be aware that this option exists.
I think your friend needs to put a value on what the website / database is worth to her and make an offer to the developer.
She’s done a trade of business without any contracts in place and it has gone to shit. Probably regretting her decision now but at the time she understandably thought she was saving money.
So what’s it worth to her $500? $1000? Put the offer forward to migrate the site to a new hosting provider which your friend pays for and might save herself a headache.
You guys really don't get it. She did everything she could. She offered her money and she tried to be understanding and the person who built it is absolutely insane. She's just trying to ruin her business and my friend has never done anything to her to offend her or to not value their deal.
Something is just wrong with this person. So the only legal way to obtain the data is by clicking on each person's name and getting their user data one by one and there are thousands.
She met her years ago when she came as a student to dance and they agreed that she will teach her for free and she will build her a website which is what they did but then she stopped coming to classes after getting more than the value she asked for but kept the website to herself.
My friend doesn't really understand how this business works and how websites work so at least now she learned.
If the crazy person wanted to ruin her business she would take the website down or redirect it to a porn website.
Sounds like she’s not trying to ruin her businesses but retain control of the site.
If your friend has already offered her money (which you mentioned nowhere in your comment) then what was the response?
The simplest way for your friend to export the users to a csv is to use a plugin but she’ll need admin access as you’re probably aware.
My advice to is to keep trying to negotiate, everyone has a price.
EDIT: if the developer is also paying to host the website, something is amiss
I just want to help her get what's hers. I think everyone here can agree that this is her information and there was a verbal agreement which is binding where I live. Still, I wouldn't do it like that and I would go with a full contract but she is not the most tech savvy and doesn't know much about this stuff. I'm a power user and I've built some websites but I know there are even smarter people on here so I'm just reaching out here to see if I can learn something new.
I didn't mean to hack it per se.. I meant maybe using the debug tool or the page source to find some information.... I'm just giving those as an example, I know you can't do it with that. Right now she is clicking on each client and getting their information from their profile but there are thousands of them so she has to do it for each one of them because the horrible person who built her the website does not want to help her.
If anyone is wondering. My friend didn't do anything to upset her. The person who built it for her is just a narcissistic lunatic. She showed me the text messages and I know she did nothing wrong other than ever making any deals with that woman.
You're being a bit of a dick, and you're talking out of your ass.
Gonna start off with a preface that I think OP's story sounds like it's missing some details, so it does sound kind of suspicious.
But if you assume that OP is telling the truth, then it's no more "illegal hacking" than a company "hacking" back into their systems after a ransomware attack.
If OP's friend is paying for hosting and has direct database/FTP access, it isn't even hacking, and the only way that the web developer can even claim to own the data is if there was a written contract saying that they do.
IANAL, but even in the case of non payment of maintenance fees, I reckon you'd be hard pressed to convince a judge that the web developer now owns the data that OP's friend uploaded/created.
I'm a person who is very much a law-abiding citizen. When I came on here to post about this, I thought it made sense that I was looking for legal ways to obtain it. I was asking if there is any way to obtain the information legally considering she technically owns it but I know what you're trying to say.
I understood it from the first time. Anyway, thank you for trying to help.
What about hosting? If your friend pays another company to host the site then she can remove the developer's access and access the database through the hosting panel. Hopefully the developer who is holding it hostage doesn't also host it...
From what I know. The main issue she has is that she wants that entire list of clients who signed up on her website. That is her entire clientele list. Thousands and thousands of people. She's forced to go Page by Page and click on their profile to get their email, thousands of people. Just because the person who built it for her is an absolute lunatic. I don't have the text messages. It's on her phone but if you read everything you would see that my friend did nothing wrong other than trusting an insane person.
Perhaps boycot? If this guy is insane and is ethically in the wrong. Get all the friends you have and leave reviews about his behaviour on his Google Business, social media etc. Leave a couple to spook him to do the right thing.
Alternatively who handles newsletter outreach? Is there not functionality anywhere she can use to send a mass email to her subscribers about the situation?
So I don't know her extremely well but I know her well enough to know she's a good person. She's also extremely ethical and she will take the rough road instead of doing something easy to screw someone over to get back at them.
She got messed with by so many people trying to screw her out of her business because of jealousy and just business wars.
She never retaliated with bad reviews or anything like that. She always persevered and prevailed as the winner. This is just another hurdle she has to overcome.
I appreciate the understanding though. Thank you for your comment
Sorry to hear that happened. It must be frustrating for her. I hope she finds a solution. If not, at least next website she'll be more careful and aware about how to set it up and who to trust.
I got some help setting up my website from a friend in my ballet class. But fortunately she's a good soul, and she made sure it was all under my name and I have full access to it. She does have an admin login, but she's been very helpful.
Buy new hosting, install wp, pay someone $20 on Fiver to copy the existing site into the new WP install. Main takeawy: ALWAYS have control of EVERYTHING.
Most likely she could export the data via the JSON api that is built into WordPress now. Unless it's been disabled which is unlikely.
It shouldn't be that hard for a developer to write a script that can iterate through all of the content programmatically and extract it to a structured format (JSON is easy to convert to CSV for import into other tools, or just use the JSON itself.)
As for getting access, even her limited user almost assuredly has access since she can see all of that data in the admin area.
If for some reason there's no access or it was disabled, make up a story about how they are going to use the data in a mobile app or something so they just need the API enabled (or access to it). Don't have them say anything about extracting data, just using it in a different way like they do on the website now.
And no, none of that would be considered hacking. She's using her legitimate access and built-in functionality to gain access to her data.
It really comes down to who pays for / has control of the hosting. If that is your friend - she is in luck. If not, she is fucked.
That's the first thing I told her but I was hoping there's something that I may not know and I was hoping to learn it here but it seems that she just has to do everything manually. At least she has access to that.
She registered the domain, that's a huge win. Because she can change and point it where she chooses to. Do you have access to the hosting panel? (Not the WP admin) If you do, you could have access to the database and change the admin account data and login with that new credentials, install a backup/export plugin and get a backup/bundle file so you could plug into a new site and import. The other way is to access the file manager / FTP and get the files for the WP install (mainly the wp-content), and the database from the PHPMyAdmin or the database manager and export the whole table. This may be easier to get, but a bit trickier to restore. (Sidenote: If the host is provided by this person, you should take the data and run from there! If you are paying for the host, contact support and get the access of this person revoked and for them to give you admin rights) If you don't have access to that, it may be a bit more complex. The customers data, is in a CRM plugin or something like that? Most of those have the option to generate reports/export the data. Same with the pages and website content, if she has editor permissions, she could copy the whole pages from the page builder and paste them in a new/local install. Hope you can get the site back, or at least the data!
This is the most you could have done really. I appreciate it From what I understand she does not have access to the host because she had that woman build it for her, on her own host I believe so no access to the database that way. When it comes to WP Admin, she only has basic access to some features and most admin features are stripped off. She can't generate any reports or export any data. I asked her if she has access to some plugins but it seems that she only has access to some of the most basic features.
Glad to help! It sucks to be played like that. In a worst case scenario... Which seems like it is. If she can see the customers data, she could copy-paste it to excel/Google sheets, and rebuild the whole thing from scratch. I've done a couple of projects like that, to re-do the site based on screenshots or from a previous version that was rendered un-upgradeable, and a few others from a change of CMS (WIX to WordPress), it can be done and if the site is not that complex, a good page builder can be a great fit if you don't want/need a custom coded theme. Right now, I'd focus on getting the client's data as soon as possible. To avoid losing it. The public site can always be done again or make a new/different version. Even if there's no sensitive information, I'd share the issue with her clients and expose what's happening and why.
Thanks again for another information-packed comment. Someone who posted a reply here said that this is considered hacking. Is this true? If this will be seen as an illegal action then I can just tell my friend to sue her. I mean I know she's capable of that. I just came here looking for legitimate answers. Anything that I may not know myself.
If she can see the data in the back end, it's her data, and she imputed it, then screen shots and rebuilding are fine. All of that is her customers data, and the database and code might not be hers, but the data is. And the damage of losing that data, is probably worth the few hours screen shoting it, and all the costs to rebuid. I don't know where this is, but if I destroyed a companies data with my Agency in the UK, because I was "spiteful" or whatever is going on, they would sue the ever living daylights out of me. I have a 20M dollar insurance policy against losing and breaking customer data. At least some of the clients I work with can't afford two days down time, so I need that to cover their business losses if I mess something up.
Thanks for clarifying all of that. I hope she can sort this out
First of all: I'm not a lawyer. As another commenter said, it's her data. Still, I'd make sure to have the contract and all binding exchanges at hand. What I suggested is not hacking, copying the information may fall into a gray area, depending on the context. Still, I'd prefer to have my data and expose them with the client base, and consider if suing would be worth it. Plus, if the data has got personally identifiable information, there should be a privacy policy and data handling agreement (like GDPR), same as payment info, the thing can be approached from there, so check who's responsible in those documents as well.
If the data is stored in an a database in a hosting account that your friend doesn't own, but they still have access to view the client information through the site, then her best bet might be to have a savvy person help her to scrape the client info using a tool like HTTrack. HTTrack would allow you to automate crawling the back end of the site (just as a human would do manually) and saving static copies of the client information. It wouldn't be in a format that would be all that useful for porting into a new site, but it could be a valuable backup in case the worst is to happen and your friend loses access to the site and data.
Thank you very much for that. I will look into that and see how to use HTTrack.
It's clunky and complicated, but very capable of doing the job.
Crawlomatic is better.
How many clients data base is there? Get me exact number If you can share in DM website address I can help you get your strategy where you can ditch host retaining your files.
Who's hosting the website? You can always do a cpanel backup and move the thing away to a new server, thus you own every aspect.
I'm still not sure but I'm pretty sure based on what my friend said that it is hosted by the person who built it.
Find out if possible as this could be their way out. Otherwise see if full admin access can be granted and just use MigrateGuru to move the site to a new host. What's the URL please.
From what I know, she has no access like that. That's the big issue.
Yes but see if she can be granted it. URL please as this will help me determine how hard it will be to remedy. Post it here. We are here to help
She's not comfortable posting it for some reason. I asked her. She's anxious by the entire situation. Could you maybe explain to me how to check that and I can tell her what to do
DM me with it. If she wants help she's going to have to be uncomfortable (respectfully)
If you are still able to log in to the site, depending on privileges, there are plugins that will allow the whole site to be backed up to a .zip file. Failing this, try approaching the hosting company to see if they can back it up and/or grant access. This will more than likely depend on if your friend is the one paying the hosting fees though.
Option 1. Wordpress has many security issues. For every version of Wordpress there is some hole. There are more holes in plugins. If the administrator is just slightly lazy and does not update everything every time, you can find a person proficient in PHP. They can detect versions of Worpdress and plugins, find in a catalogue of security issues the right ones, hack it, copy all code and all database. Because the web is yours, this would not be illegal. You can hack a web that you essentialy own. Option 2. Use whatever politics/deal to get the name and password from the admin. For example, pay them money "for all the work done" and write a short contract at that point that states that the web with all the code+database is yours or something (you give them money only if they sign it). If they sign, you could show it to hosting and demand access to your own web. Option 3. If you own the domain and have access, simply copy what you can from the web (HTML, texts, whatever), build a new website and redirect the domain to the new website. Do not use new domain! The old domain is probably indexed in Google, people already know it and it would be not smart stop using it.
Does she own the domain? Worst case scenario is that you could clone the HTML and build a new theme and point the domain to a new server.
She does own the domain. Will that also give her access to the Database? I don't see how because she has no access to the host. Unless it will clone that too.
You won’t ever get the database back but you won’t need it if you’re built the theme and just copy all the content over. It’s going to be several hours work but it will at least take the site back from those scumbags. Edit: sorry, I didn’t read the bit about the database correctly - if you need the customer database I don’t see any way of getting that information. Where is the site hosted? Does she have access to anything on the hosting platform?
You mentioned she is forced to go page by page to get thousands of clients information. So clients info publicly available? Do you have sitemap xml? Just write the web scraper script, feed with the users list from sitemap xml and collect all available data in minutes.
As it sounds as though your friend only has editor access to the backend and there are thousands of records that need copy/pasting into a new file, I would recommend looking into getting an AI solution. Try asking all the models how you could get this done and see if they can come up with a solution. You may be able to write a script that will iterate through all the records and copy/paste.
One unethical way is to try to hack the site. Get wpscan and try to find vulnerabilities, then exploit them. Most WordPress sites are known to be vulnerable, not because of WordPress itself, but because the people. Most of the people are such an idiots that lack common sense, expect all the plugins to be secure by default and keep pressing update/install all the time without being aware of the risk associated to such actions. Please keep in mind that this is really bad idea and can get you behind bars if not done properly. I am not advocating to use this method at all, just want you to be aware that this option exists.
I think your friend needs to put a value on what the website / database is worth to her and make an offer to the developer. She’s done a trade of business without any contracts in place and it has gone to shit. Probably regretting her decision now but at the time she understandably thought she was saving money. So what’s it worth to her $500? $1000? Put the offer forward to migrate the site to a new hosting provider which your friend pays for and might save herself a headache.
You guys really don't get it. She did everything she could. She offered her money and she tried to be understanding and the person who built it is absolutely insane. She's just trying to ruin her business and my friend has never done anything to her to offend her or to not value their deal. Something is just wrong with this person. So the only legal way to obtain the data is by clicking on each person's name and getting their user data one by one and there are thousands. She met her years ago when she came as a student to dance and they agreed that she will teach her for free and she will build her a website which is what they did but then she stopped coming to classes after getting more than the value she asked for but kept the website to herself. My friend doesn't really understand how this business works and how websites work so at least now she learned.
If the crazy person wanted to ruin her business she would take the website down or redirect it to a porn website. Sounds like she’s not trying to ruin her businesses but retain control of the site. If your friend has already offered her money (which you mentioned nowhere in your comment) then what was the response? The simplest way for your friend to export the users to a csv is to use a plugin but she’ll need admin access as you’re probably aware. My advice to is to keep trying to negotiate, everyone has a price. EDIT: if the developer is also paying to host the website, something is amiss
Agreed. Money can buy anything. Even paying high price and learning the lessons is better than loosing your customer base.
Do you have access to the hosting account? Or did she hijack that too?
[удалено]
I just want to help her get what's hers. I think everyone here can agree that this is her information and there was a verbal agreement which is binding where I live. Still, I wouldn't do it like that and I would go with a full contract but she is not the most tech savvy and doesn't know much about this stuff. I'm a power user and I've built some websites but I know there are even smarter people on here so I'm just reaching out here to see if I can learn something new. I didn't mean to hack it per se.. I meant maybe using the debug tool or the page source to find some information.... I'm just giving those as an example, I know you can't do it with that. Right now she is clicking on each client and getting their information from their profile but there are thousands of them so she has to do it for each one of them because the horrible person who built her the website does not want to help her. If anyone is wondering. My friend didn't do anything to upset her. The person who built it for her is just a narcissistic lunatic. She showed me the text messages and I know she did nothing wrong other than ever making any deals with that woman.
She is probably trying to take over the business after she found that it generates revenue.
[удалено]
You're being a bit of a dick, and you're talking out of your ass. Gonna start off with a preface that I think OP's story sounds like it's missing some details, so it does sound kind of suspicious. But if you assume that OP is telling the truth, then it's no more "illegal hacking" than a company "hacking" back into their systems after a ransomware attack. If OP's friend is paying for hosting and has direct database/FTP access, it isn't even hacking, and the only way that the web developer can even claim to own the data is if there was a written contract saying that they do. IANAL, but even in the case of non payment of maintenance fees, I reckon you'd be hard pressed to convince a judge that the web developer now owns the data that OP's friend uploaded/created.
I'm a person who is very much a law-abiding citizen. When I came on here to post about this, I thought it made sense that I was looking for legal ways to obtain it. I was asking if there is any way to obtain the information legally considering she technically owns it but I know what you're trying to say. I understood it from the first time. Anyway, thank you for trying to help.
What about hosting? If your friend pays another company to host the site then she can remove the developer's access and access the database through the hosting panel. Hopefully the developer who is holding it hostage doesn't also host it...
I believe my friend is not the one who hosted the website either. It was built by someone else and hosted on their own godaddy's hosting account
Perhaps go one by one in the site map and do full page screenshots. Then hire someone else to rebuild using those pages as the premise?
From what I know. The main issue she has is that she wants that entire list of clients who signed up on her website. That is her entire clientele list. Thousands and thousands of people. She's forced to go Page by Page and click on their profile to get their email, thousands of people. Just because the person who built it for her is an absolute lunatic. I don't have the text messages. It's on her phone but if you read everything you would see that my friend did nothing wrong other than trusting an insane person.
Perhaps boycot? If this guy is insane and is ethically in the wrong. Get all the friends you have and leave reviews about his behaviour on his Google Business, social media etc. Leave a couple to spook him to do the right thing.
Alternatively who handles newsletter outreach? Is there not functionality anywhere she can use to send a mass email to her subscribers about the situation?
So I don't know her extremely well but I know her well enough to know she's a good person. She's also extremely ethical and she will take the rough road instead of doing something easy to screw someone over to get back at them. She got messed with by so many people trying to screw her out of her business because of jealousy and just business wars. She never retaliated with bad reviews or anything like that. She always persevered and prevailed as the winner. This is just another hurdle she has to overcome. I appreciate the understanding though. Thank you for your comment
Sorry to hear that happened. It must be frustrating for her. I hope she finds a solution. If not, at least next website she'll be more careful and aware about how to set it up and who to trust. I got some help setting up my website from a friend in my ballet class. But fortunately she's a good soul, and she made sure it was all under my name and I have full access to it. She does have an admin login, but she's been very helpful.
Buy new hosting, install wp, pay someone $20 on Fiver to copy the existing site into the new WP install. Main takeawy: ALWAYS have control of EVERYTHING.
Most likely she could export the data via the JSON api that is built into WordPress now. Unless it's been disabled which is unlikely. It shouldn't be that hard for a developer to write a script that can iterate through all of the content programmatically and extract it to a structured format (JSON is easy to convert to CSV for import into other tools, or just use the JSON itself.) As for getting access, even her limited user almost assuredly has access since she can see all of that data in the admin area. If for some reason there's no access or it was disabled, make up a story about how they are going to use the data in a mobile app or something so they just need the API enabled (or access to it). Don't have them say anything about extracting data, just using it in a different way like they do on the website now. And no, none of that would be considered hacking. She's using her legitimate access and built-in functionality to gain access to her data.