Skip to main content

While You Weren’t Looking: 3 Holy Crap WTF Scenarios That Will Wreck Your Website And Ruin Your Day

By October 19, 2012February 1st, 2018Website Design & Marketing
While You Weren't Looking: 3 Holy Crap WTF Scenarios That Will Wreck Your Website And Ruin Your Day

Once in a while little things go awry that make me go, “Well that was avoidable.” Some of those things are duh-moments, the kinds of mistakes and oversights that we know we shouldn’t have made. Others are things we learn the hard way because we were either uninformed or misinformed.

Some of those things cost us money, some time and some business. Here are a few real-life “Holy Crap WTF” moments that I’ve either experienced or my clients have experienced so you can avoid the same traps.

I’m sure there are more, so when you get to the bottom of this post be sure to share your lessons in the comments so we can help each other live and learn (not the hard way).

Holy Crap WTF Scenario #1: Expired Domain Names

This is one of the more common and unpleasant consequences of the set-it-and-forget-it approach. We register a domain name for our website, we build the website aaaand… life goes on.

Here’s how domain registration usually goes: someone grabs a credit card and logs onto a registrar like Godaddy or Network Solutions.  They register a domain name and click through a mind-boggling array of upsells. There are buttons and explanations and options everywhere. At some point, said person’s brain begins to melt and the checkout button looks more like a Dali painting on crack. Said person is just glad to get that whole befuddling process over with.

The process is soon forgotten. Along with login credentials. Along with expiration dates.

One of a few possible things happens next.

The domain is up for renewal. An email notification is sent. But the person has since gotten a new email address and never updated his registrar, so notifications go into the internet ether. The domain expires. The website goes down. Panic ensues.


The domain is up for renewal. An email notification is sent. The person thinks his hosting company/web developer/some other person in the company is responsible for “website stuff” and ignores it. The domain expires. The website goes down. Panic ensues.


The domain is set up for auto renewal. The credit card expires. An email notification is sent. See scenario one or two above. The domain expires. The website goes down. Panic ensues.

One way or another, an expired domain name is a bad thing. Best case scenario, your website goes down and you repent and renew, losing hours of business and revenue.

Worst case scenario you lose the domain.

I’ve seen it happen.

A client once missed a renewal and about point-two seconds after the domain went back into the eligible pool, it was snatched up by someone else. It was a great domain name. For a competitor.

My client had to search for and purchase a completely different domain name which cost not only down time but the expense of updating every bit of marketing material with the new address, losing search ranking, links, bookmarks, and basically, ten years into the game, starting over.

Holy crap, WTF…

If you’re thinking for one single second that this isn’t likely to happen to you, you’re wrong. Even I’ve gotten busy and missed updating my credit card expiration date. It’s a tiny detail and you can prevent it from turning into a huge magilla by taking this simple precaution: pay attention to your domain name.

In this age of digital password managers and calendar popup reminders, there are 3 simple steps you can take to avoid this ever being you:

1. When you register your domain (or right now, if you’re repenting late), store your login credentials (that’s your username, password and registrar… you’d be surprised how many people don’t even know where their domain is registered) in a safe place.

2. Set a calendar reminder for yourself at two intervals: when your domain name is set for renewal, and when the credit card you used expires. Then in the event of either, you won’t be caught a day late.

3. Make sure the email address you have on file with the registrar is one that you use frequently. I know we’re all worried about privacy and spam but trust me, you don’t want to use some obscure Hotmail account that you check every two years for something this important. I promise you won’t see a single extra Viagra ad because you did this.

You can make this easier on yourself by setting your domain to auto-renew. As an extra precaution, it doesn’t hurt to check in with your registrar every so often – even if it’s only once or twice a year – just to be sure your contact info is up to date. Unless you’re a serial email changer, this should be sufficient.

Remember: no domain, no website, no business. Wouldn’t you rather take a few minutes to protect yours?

Holy Crap WTF Scenario #2: Hacked Websites

Maybe the second most common WTF. Sometimes this happens because of a low-end hosting provider with insufficient security. Mostly it happens because of human error.

When it comes to hosting providers, you can’t control what they do or don’t do to protect your site. What you can do is choose a reputable hosting provider even if it means paying a bit more. If you’re running a legitimate money-making business there’s no excuse for using free hosting. Potato chip-eating bloggers in their mothers’ basements, ten year old kids and Nigerian spammers use free hosting.

Don’t cheap out on hosting when the only thing standing between you and a wrecked website is a few bucks a month.

One of the most common hacks I’ve seen is not really a hack in the technical sense. It’s just malicious guessing and it happens when Bored Teenager A meets Lazy Business Owner B’s website.

I’m talking about you, person with password 12345. I’m talking to you, person who uses the same password for every online account you own.

Did you know that if you have a WordPress site, access to your administrative portal (and hence to the entire guts of your site) is as far away as tacking /wp-admin onto the end of your domain name?

That’s right, you – you reading this right now – can access any WordPress admin on the planet simply by going to someone’s website that’s built on WordPress and adding that suffix.

Now, that’s not entirely accurate because there are some technical things you can do to hide your admin, but guess how many small biz’s have a clue that the option even exists, let alone how to do it?

That means that the only thing standing between a malicious and/or bored “hacker” and the total destruction of your website is a good guess.

12345? Baseball? Password? Some combination of your kids’ and/or dog’s name and/or birthday… you know, all that information you display publicly and frequently on Facebook and Foursquare and Twitter?

I don’t need to tell you what someone can do to your site with access to your admin. And the single thing you can do to protect your site is in your hands: use a strong, unguessable password.

I stress this with my clients constantly. I set them up with random passwords and a long, scary speech about the perils of changing it, they nod soberly and five minutes later they change it to “mydog”.

A few years ago, one of my clients called me up right around Halloween because their website had been replaced with a vampire graphic. In the grand scheme of things, not the most offensive thing that could’ve happened (I’ve seen people’s sites replaced with total porn) but the end result was the same: no website.

We restored the site with a long, scary speech about the perils of bad passwords, audited and changed all the account logins and a week later they called me up because their website had been replaced with a vampire graphic.

This doesn’t have to be you. Right now, I want you to change your admin password to something strong (that’s generally at least 8 characters and includes letters, numbers and symbols) and keep it in a safe place. And no, a safe place does not mean the notebook on your desk.

I know it can be a pain to log into an account when you can never remember the password, so use a trick like replacing key letters in a word with numbers (instead of “password”, try “pa22w0rd” – no, I don’t mean that literally! It’s just an example.)

Try an acronym – pick a sentence, song lyric, line of a poem or something memorable to you and use the first letter of each word. Combine that with some number replacements and you’re doing better than most.

Change your password at intervals – say every 3-6 months – and please, don’t use the same password for every single online account you own!

And if you’re sitting there smug thinking you don’t have a WordPress site so you don’t need to worry about this… if you have any sort of admin, you do.

Most admins are a click away from your website home page because some lazy company thought its lazy employees would never find a stand-alone URL. I bet you could access a whole lot of admins on any platform without trying very hard. Just append /admin or /private to the end of a domain name and see what happens.

There are a lot of bored people in the world doing just that.

Holy Crap WTF Scenario #3: No Backups

Backups are like insurance. We never think we’ll need it… until the day something goes wrong.

Car insurance isn’t for the other 5,982 days that you drive and arrive safely. It’s for the one when you end up in a ditch.

And website data backups aren’t for all those days of smooth sailing (when you probably don’t even think of your website at all) but for the split second that a hard drive on a server fries or a bored teenager deletes your data and replaces it with a vampire graphic.

It’s also for when you log into your admin to fix a typo and your cat jumps on the keyboard and deletes the paragraph instead.

A lot of things can go wrong when it comes to websites. Hackers and bored teenagers not the least among them. Every day servers malfunction and administrators misfire on the keyboard. Sometimes security patches conflict with applications and plugins conflict with other plugins and things break. You can repent. Or you can prevent.

Do you know what I did once? I logged into a client’s site to make a change and accidentally deleted the entire home page.

Do you know what I didn’t have? I didn’t have a Holy Crap WTF moment because I had a backup and I restored it immediately. Oh yeah, my heart skipped a beat and a single gray hair popped out but within 60 seconds it was over. And that’s not even the worst thing I’ve done. Hey, I have a cat.

If you don’t have data backups for your website then you’re just taunting fate to throw a bad plugin your way.

If you’ve wisely chosen a good hosting provider then backups will be (or can be) part of your package. If you’ve cheaped out and someone guesses your admin password then have fun rebuilding your site. I seriously want you to imagine right now how you’d feel if you found out that year’s worth of blog posts, stacks of photos, all your content pages that you worked on so diligently until they were perfect – were just gone. Gone, completely, for good. No do-overs. That would probably suck. And the single thing you can do to protect your business and your site is in your hands: make sure you have backups.

Before you settle on a hosting provider, ask about their data backup policies. Find out how often your website is backed up. Once a month? Every day? On the hour? If it’s infrequent but you change your site often, it could be considerably out of date if you ever need to restore to a backup.

And find out what the retention schedule is. Do they keep backups for a week? A month? A year? If necessary, how far back could you go? When someone slaps a vampire onto your site and you don’t notice for a week, are your “good” backups already purged or can you go back far enough to a date when your site was ok?

A client once had a major HCWTF moment when they discovered that their admins had been uploading corrupted files. Some of their web data had been corrupted going back several months. If we’d purged their backups every month, the only thing we would have had as a “backup” would have been a corrupted site. Instead, we were able to go back nearly six months and restore to the last “good” point. I bet they have cats, too.

Unfortunately, if your hosting provider doesn’t have this service then the onus falls on you. If you’ve got a WordPress site then check out one of the myriad backup plugins and be sure that you can back up and restore your files and your database.

If you’ve got an HTML site then you may have the harder job of using FTP or a control panel to download, back up and store your site files. How you do this can depend on your hosting company so if they don’t provide backups then nag someone until they tell you how to do it yourself. And then do it. Often. Obsessively.

If you have a custom database or application then I strongly urge you to find a hosting provider that deals with backups so you don’t have to. Why give yourself the headache of being a tech expert on top of doing everything else you do to run your business? Sometimes it pays to leave these types of crucial and specialized details to people whose job it is to deal with these types of crucial and specialized details.

Just remember that it doesn’t take a major catastrophe to result in a major catastrophe. Sometimes all it takes it tapping the wrong key on your keyboard to lose valuable data.

I’ll repeat myself one last time for good measure: it doesn’t have to happen to you.

Sometimes all it takes is knowing what can go wrong so you can prevent it. Other times it takes acting on what you know. Now you know, so get busy preventing any of these things from happening to you!

Pop Quiz: The “Never Have A Holy Crap WTF Moment Again” Checklist

Answer these questions. For real. And if you can’t, then stop what you’re doing and find the answers. Fix them if they’re wrong! It’s that important.

Where is your domain registered?

What are your login credentials?

When does your domain expire?

What email address is the renewal notification going to?

Have you set up auto renewal and/or auto reminders?

Is your site admin password strong?

When was the last time you changed your password?

Has anyone besides you and your cat ever heard of your hosting provider?

Is your website being backed up?

How often?

For how long?

What would you do right now if you found out that your site was hacked or otherwise corrupted by an accidental tap of the delete key?

Got any other WTF moments to share? A cautionary tale for those of us who either don’t know any better – or do, but think we’re invincible? Please share!

Join the discussion 20 Comments

  • Adrienne says:

    I guess this happens more often then not Carol. Okay, I admit… I’m annoyingly organized so I have a spreadsheet with all my domains and when they expire. Yes, I also have my log-in information and no, it’s not easy to hack. I’ve made sure of that.

    Yes, I do know my passwords and I have a service that helps me too.

    What I do is a have a notepad on my desk and I write down everything that needs to be done for that day. When I get my email reminder, I write it on my notepad and about a week to two weeks ahead of time they should be renewed. That way, it’s all taken care of before that but I don’t set anything up on automatic renewal.

    I do back up my sites on a regular basis too so I’m all covered. Now, will it all work should something happen? I can only hope so but for now, I’ve never had to find out (knock on wood).

    By the way, I have a very reputable hosting account too. Oh yeah! Got that covered.


    • Wow, Adrienne, you’re awesome! You’re the only person I ever met who hasn’t said something like “What domain name? I don’t know where that is.” You’re really organized and that’s fantastic. You must have a lot less stress than a lot of people! Good for you 🙂

  • Hi Carol Lynn, The scenarios you describe e are scary but all too real. I have strong, unique passwords at all of my sites and a paid hosting service with a backup service. I know when my domain renewal is, though I should check the expiration date on my credit card.

    This is important information. You’re right, the consequences of these mistakes could be disastrous! Thanks for sharing this great article.

    • Good for you. Too many people are too clueless when it comes to things that matter to their businesses. Better to stay on top of the little things before they become big things!

  • Hi Carol,

    Well, your article makes me think that I’m doing all the right things.

    I am always well aware of my domains. I recently let go a huge bunch of them which I don’t need anymore, but that was intentional. So far, I’ve never, ever forgotten about a domain that was due for renewal.

    However, I did screwed up in a way for a client of mine, who decided to let go her online business, but I’d forgotten that her domains were purchased under my account and they charged me for 5 domains that weren’t mine and that nobody wanted anymore. I took pity on the girl that was broke and payed for the domains. But it taught me a lesson. NOT to ever do that again 🙂

    I have never used free hosting. I think hosting is way to important to be cheap about this. Also, I’m no tech geek, so I need an excellent customer service to take care of things that go wrong.

    I do pay for an excellent backup outside of my computer. So, no matter what happens to my computer everything is backedup up from the outside.

    Thanks for those great reminder.

    • I’m glad to hear that, Sylviane, but you’re one of the smart bloggers so I probably don’t have to worry about you 🙂 I had the same thing happen to me with a domain name I bought for someone else, too. I try never to do that but once in a while I do it as a favor then miss something. I guess it’s better than letting it expire!

  • Good post and something all bloggers should see. I have a friend that lost her domain name and was unable to get it back. She had to rename it in another way, but she had so much branding material printed that it was all now a waste. If you run a website I would hope that it was your business, so treat it that way. The stuff you mentioned like passwords is something you should have locked down like fort knox anyway.

    I hear that leaving your user name as “Admin” is just asking to be hacked and not sure why people don’t change that or even using passwords that people can figure out. Like hobbies or things dear to you is asking to be hacked. Bloggers have to be smarter than ever because of the time you invest with content and so much else. This is a great check list and I hope others read it carefully.

    • I know what you mean, Sonia, that’s the same thing that happened to someone I know, too. You’re right about “admin”! That’s usually the default and people don’t think to change it. Sometimes we have to learn the hard way but hopefully this can help some people.

  • Sue Neal says:

    Hi Carol,

    I get heart-sink when I read this kind of thing. At the moment I don’t have too many domains to worry about, but I keep a close check on their expiry dates.

    I’m with a well respected hosting company, but you’ve reminded me that I really must change my passwords more often – Aren’t passwords a total pain, though? I’ve sometimes wondered about investing in one of those password management schemes but not sure I’d trust them. Do you know if they’re really safe?

    Regarding backup, I do the freebie backup thing in WP but I also pay for a robust online backup service – as soon as I started building up some content on my site I decided this something I just couldn’t afford NOT to buy – what price peace of mind, eh?

    These are great tips – especially, for me, the reminder about password management – many thanks,


    • You’re right about backups, Sue, you can’t afford NOT to have good ones! It’s so easy to lose data or just make a mistake and no way to get back what you lost without a good backup.

      And yes, passwords are definitely important! Keep them safe. Hope this helps!

  • Kathy F. says:

    Thank you for writing this article! I’m new to the business and right now am only responsible for two domain names–and one is my own. I can start off on the right foot now!

  • Carol Minarcik says:

    Good Morning Carol, this article is so me. I need to do all of these things and thanks for reminding me. Especially the back up part. Not sure why life seems to run so fast and we forget to do all these little things. I am so taking action this morning. Thanks.

  • Sue Price says:

    Hi Carol
    Phew I pass! I did have my blog hacked about a year ago but I did have it backed up. I also then used a much stronger password.
    But I still had a Holy Crap WTF day today!! None of my browsers work for more than about 10 minutes at a time. My tech guy cannot work out why and I wont bore you with the rest.
    I love the technology when it works but when it does not Holy Crap!

    A great post Carol and good advice. I comply with most of it 🙂


    • lol, Sue… I know what you mean. There are a lot of those Holy Crap days and moments. Technology is great but you’re right, when there’s a glitch it can ruin your whole day!

  • Maarten says:

    Hi Carol,

    Brilliant piece of writing there, and so easy to recognise… I work for a hosting company myself, and you wouldn’t believe the stories I hear on a daily basis, ranging from the “I accidentally deleted my page last week, can you restore it?” to the “I’ve set up a POP3 e-mail account and deleted them all. Where is my e-mail now? Have you got a back-up?”.

    Truth be told, it is a low budget hosting provider which doesn’t provide back-ups for customers, and I do feel sorry for them when I hear them feel very sorry for themselves (and pretty stupid too). But honestly, sometimes it makes me laugh…

    “Oh hello sir, I’ve got a problem with my website, could you solve it for me please?”
    “Ofcourse madam, what is your domain name?”
    “Excuse me? My what??”

    It is unbelievable how many people do not take their online presence serious enough, and I feel everyone starting or running a business should read your post. I will personally bookmark it and provide it to customers as and when needed. Thank you!

    • Yep, all sounds very familiar! People don’t understand a lot of things about the web and their websites but they often don’t bother to learn. They assume someone else will take care of it for them and of course we know the answer to that!

      If someone doesn’t get backup service with their ISP then they really need to make sure they take care of it themselves. It will prevent a whole lot of disasters.

      I’m glad you enjoyed this and I appreciate you sharing it, maybe we’ll educate a few people along the way. Thanks!

  • I haven’t had any terrible experiences 😀

    For the last 3 years in which I have been blogging, I have most always changed domains when it came to renewing them (Different reasons though – such as branding and changing a niche bit). So, not a problem in that area.

    Passwords? Well, I remember all my passwords (there is actually no way anyone can guess my password – If you have a chance, that’s only when you know me real personally – like my parents :D).


    Ah, yes. I have been guilty of this (I never did actively backup my recent blog; I had installed the back up plugin, but didn’t set it up). Fortunately, I didn’t have any issues.

    Thank you for the reminder, though 🙂 That’s one thing I need to take care of when setting up my new blog.

    Anyways, appreciate the post, Carol!

    • Well it sounds like you’re on the right path. All I would say is definitely get those backups set up. You just never know. Sometimes we make mistakes and sometimes weird things just happen. It’s worth the time, believe me!