Hacking your own website back?

feratechinc · October 5, 2023, 5:07pm

I’ve got a strange case where a client had a partner that setup their website. The partner is now no longer part of the business and spitefully locked the website.

Is there any way to get the website back for the client? They can prove ownership. They still have and use the emails under the domain.

Are there people or businesses that specialize in this?

It would be enough to just be able to download the site and set up on a new host.

The site is a typical Wordpress Site hosted by GoDaddy I believe. The problem is that GoDaddy sides with the person setting up the account and not the current business owner.

xMAXIMUSx · October 5, 2023, 5:08pm

What platform are you using for the wibesite? wordpress?

feratechinc · October 5, 2023, 10:31pm

Yes, it’s a wordpress site. I also doubt it’s been updated in a while.

xMAXIMUSx · October 5, 2023, 10:45pm

Have you seen this?

feratechinc · October 5, 2023, 11:00pm

Yes, so while the account seems like it’s still there. Nothing comes through on any of the recovery options. Don’t think they have phone numbers tied to any of the profiles.

feratechinc · October 6, 2023, 2:42pm

There was definitely some malicious intent when the other partner left. I’m not sure how this has been disabled but this is why I’m trying to find other options.

InvisibleJim · October 7, 2023, 5:18am

This is for Worpress.com - Automattic’s Wordpress hosting service so it won’t apply if the site is hosted on GoDaddy as was stated in the original post.

DrHeat · October 8, 2023, 9:14am

If you have access at the database (MariaDB/MySQL) level it’s quite straightforward to get back the Wordpress admin account and from there migrate everything to a new host. Unsure if that’s the case but maybe you luck out and the malicious person forgot to change it when they left?

tictag · October 8, 2023, 2:04pm

Getting back in to Wordpress is a relatively trivial matter, the more important challenge here is getting back into GoDaddy, which contains all your product and billing data e.g. this disgruntled employee could simply cancel your account and delete your website.

The easiest method is go through GoDaddy’s password reset system.

Assuming that this employee used his corporate credentials, you can ask your email administrator to give you access to the mailbox. Once you’ve reset the password and can access your GoDaddy portal, review GoDaddy’s instructions for logging into your website with SSH (Connect to my server with SSH (Secure Shell) | Gen 4 VPS & Dedicated Servers - GoDaddy Help GB) and use the WP-CLI command wp user reset-password (wp user reset-password – WP-CLI Command | Developer.WordPress.org) to reset this user’s password.

I hope this helps.

Edit: typo

NiallCon · October 11, 2023, 2:45pm

Do you have control of the DNS records?
If you do, a hack (of sorts) would be to setup a new Wordpress instance on another provider. Scrap the info and structure of the existing site and then change the A record in the DNS to the new provider?
It’s not ideal an definitely more work involved but easy enough to do if it’s a basic brochure type website.