Taking over a website from another designer sounds like good deal. No need to build anything from scratch, just get the login information, check in every once in a while and write regular invoices.  We see lot's of companies try and offer our clients cheap hosting solutions and we can tell within hours if they know what they are doing or if they are going to cause our clients a ton of problems.  Don't be wooed by the rookie.  Ask them for their migration checklist and plan before you get started, if they don't have one, RUN! Ask them what servers they are using - if they say GoDaddy or 1/1, RUN!  Ask them what software they can support, if they Don't Know, RUN!  Ask them if you can host a 4 year old website on their servers, if they say yes, RUN.  That means you are sitting on a server with old, insecure websites.  I know that it sounds good to get set up with cheap hosting, but - doing it wrong is far more expensive than doing it right.

For them - Easy money, right? They get to try and change out our logo and put there's at the bottom of a site they didn't design, not knowing it's not legal (first rookie mistake). And you get to save 50-75 bucks a month only to loose 70-80% of your website performance and put your entire investment at risk.  Let's look at how we would require our team to think when they are doing a website transfer - you can use this as your benchmark on what to expect from the next friend, family or fool trying to convince you they can do it better and cheaper.

However, when you do take over an existing website, the reality is quite different. Websites don’t exist in a vacuum, there are lots of moving parts and many steps to it.

To help you avoid forgetting anything and make the process as smooth as possible, we wrote up a checklist of what to keep in mind when taking over administration of a finished WordPress website.

How to Take Over an Existing Website in 10 Easy Steps

Use the tips below to make sure you take all necessary steps to properly assume responsibility for an existing client website.

Note that not everything below will necessarily apply in your case, but it’s better to have too much information and not need it than forgetting something important.

1. Get Access to Everything Connected to the Site

When you take over an existing website, the first thing you need is access to its important components. You should get a temporary link to the website files (typically this lasts for 7 days - so you need to be quick).

This means more than simply a username and password for the WordPress dashboard. You will need to get your clients to give you access to everything possible - they are responsible for keeping the access information, not the old web provider.

In particular, make sure you have credentials for:

• WordPress back end — This is sort of a given and we have already mentioned it. However, make sure you get an administrator account and not anything below that.
  
• Hosting account — Access to hosting is necessary in order to change basic site configuration (like the PHP version) and troubleshoot problems. You should know what version the software is before you start the projects.  You can't host PHP 6 site on a PHP 7 Server.
  
• Domain registrar — Domains often come together with hosting, however, that’s not always the case. Consequently, be sure to double check that you know how to access anything pertaining to the domain.
  
• Cpanel — Some hosts have different logins for Cpanel (or any other management panel) and the hosting account. Get both. Cpanel is typically used by rookies who don't SSH into their server. This might just be the first red flag.
  
• CDN — If the site is using a CDN (which is an excellent way to speed up WordPress), make sure you have the login information for that as well or make the transfer through a staging environment - so you don't cause your new client downtime.
  
• Email accounts — If there are any email accounts connected to the site or any of the above, you need access to them for recovering passwords, updates and other administrative reasons. Make sure you know what and where the MX and Arecords are or you will cause the client challenges with their email - they need to provide this or they will cause their own pain.
  
• Plugins - You are going to need to purchase New Licenses for All of the Plugins that come with the site.  Make sure you do this quickly as the site's simply not going to work without those plugins or license keys installed.  No web company is going to hand over their developer licenses.
  

2. Change All Passwords

Once you have all of this information, the next step is to go ahead and change all the passwords you just collected — every single one.

When you take over an existing website, you don’t know who had this information before you. So, in order to keep the site safe, it’s crucial that you make sure from now on there is only one person: you.

Alright, in some cases it might be necessary to share it with other stakeholders. However, the most important thing is that nobody who is no longer on board with the project can still log in anywhere.

You can use software like LastPass to collect all logins in one place. This also makes sharing them easier if you ever give up the admin role to someone else.

Also, I don’t have to tell you that but use strong passwords. Weak credentials are one of the main reasons why WordPress websites get hacked. To create bulletproof logins use this service.

3. Become Part of the Project Infrastructure

There are often additional services and infrastructure involved in running a site. Depending on how far your role stretches, it might make sense to be part of them as well.

Here are a few examples:

• Project management software — Whether it’s Asana, Trello, Slack or any other group communication service, if the client or team uses this stuff for the organization, you should probably be on there.
  
• Dropbox/Google Drive — Should any files that are important for the future or present of the website reside on these services, make sure you have access to them. This can also be relevant for remote backups (more on that below).
  
• Github — If you are at all involved with the further development of the site (and not just its maintenance), it can make sense to join the client’s Github repos.
  
• Social media accounts — Taking over an existing site can also mean that you do some or all of its marketing. Naturally, this will require you to have access to the respective social accounts. Same if the client uses a scheduling tool like Buffer.
  
• Email marketing — What applies to the social accounts is also valid for any email marketing accounts you might be responsible for (e.g. MailChimp)
  
• Web analytics — In addition, if SEO is part of your role, ask to get access to Google Analytics, Search Console or any other relevant tracking tools.
  

As stated earlier, all of this really depends on the setup of the site you are taking over, so don’t see this list as conclusive.

4. Turn Yourself Into the Single Point of Contact

Once on the site, go to Settings > General and check whose email address is input there for notifications.

If it’s the client’s, you can likely leave it as is. In case it is the former admin’s, make sure to change it to yours or your client’s, depending on your agreement.

After that, go through the user list (Users on the dashboard) and find the person who took care of the site before you. Make sure to remove their access if they have completely left the project or downgrade them to what their new role requires.

While at it, go through the other admin-level users and check if everyone who is on there deserves to be and has the right access level.

In the best case, anyone on the site should only be able to perform they tasks they need to, not more. This reduces the chance for accidents.

Finally, check the plugin list to see if the site is connected to any management solutions that would allow remote access. Should that be the case, be sure to remove it.

5. Check the Backup Solution

Next up on our checklist for taking over existing WordPress sites is making sure that no data is easily lost. This means, that the entire site (including the database) is backed up regularly and in full.

If nothing is in place for that yet, be sure that you install a backup solution first thing and create a full backup before doing anything else. Actually, do the latter either way.

If a backup solution already exists, check that it is working properly and where the files are stored. For example, if it is backed up remotely, be sure that you can access the remote storage facility (change passwords as necessary).

6. Update Everything That is Out of Date

Once you are sure that the entire site is kept safe, it’s time to do the first round of maintenance. Show your client your maintenance plan - login to a few of your sites and let them see how well you manage monthly maintenance. That means, updating themes, plugins and WordPress core. When you take over an existing website, chances are good that at least some of this will be out of date. Make sure you change out all the custom plugins that didn't transfer with the site and make sure you purchase and install the license keys for all the plugins whereas the past agencies developer license keys were removed. They had to buy them and so do you.

If you haven’t done so in the last step, now is the time to make a full site backup. Then, update both core, plugins and themes one by one, checking regularly if the site is still working correctly. In contrast to bulk updates, this allows you to spot immediately if one component is making the site kaput.  If you do a bulk update you may just crash the whole site and attempt to blame it on the old provider. Good agencies know when this is done and will quickly be able to show you and your new client that the same files work great on their current server.  Showcasing your challenges with configuration, server, maintenance, etc upfront will make a long time skeptiple customer and you will likely be teaching someone new what we are teaching you.

You might even consider downloading the site to a local development environment or staging area and making the updates there to keep any hiccups invisible from your visitors.

7. Audit the Security System

After the backup, it’s time to deal with the rest of security. After all, keeping the site safe is one of the most central tasks when you take over an existing website.  The number of times we have seen a new company post the entire clients files on an insecure public link when they first get them is too many to count.  That's a quick way to cause yourself a security nightmare.

• Run a scan — The first task is to make sure there isn’t already a problem. Run a security scan (for example this one) for the site to make sure it is not blacklisted, malware infected or the like.
  
• Install security plugin — Should no security system exist yet, make sure to secure the site with one of the many WordPress security plugins and other security measures.
  
• Change email address — For any existing security solution, make sure that from now on alerts come your way, not your predecessor’s.
  
• Buy a new SSL — A must these days. If the administrator before you didn’t take care of this, make it a point to do so. The SSL purchased by the agency will likely not transfer to you and you need to get your own.
  

Same as for backups, if there is a premium solution in place, find out who is paying for it so you can change it if necessary.

8. Check All Premium Features

For many WordPress contractors, it’s standard practice to pay for premium components themselves and then invoice their client for them. 

Therefore, when taking over a website from another developer, it’s up to you to sniff out where the project is still entangled with its former administrator:

1. Make a list of all add-ons that are either premium or otherwise need accounts (for API usage, updates etc.).
   
2. Find out who owns the licenses and accounts. Contact the previous admin for everything still in their name (if you can) to see if a switch is possible. If it's a big company, they own developer licenses, not single and you need to buy your own.
   
3. For everything that is not possible to transfer, talk to your client about re-purchasing them.
   

9. Get Ready to Manage Site Content

If content creation and/or management will be part of your duties, there are a few more things you need to be aware of/ask for:

• Contact details — To get in touch with writers or the editorial team for coordination purposes.
  
• Content calendar — If there is a document that shows what content will come out when, be sure that you have access to it.
  
• Assets — Images and other media are a crucial part of web content. See that you know the right formatting, where to source them, etc.
  

In short, know the workflow and how you fit into it. By the way, much of that will be part of a blog style guide, so see if the site you are taking over has something like that.

10. Begin Your Job as Site Administrator

Once done with all of the above, it’s time to take on your new responsibilities as the person in charge. If don’t know what that entails, and don't have a strong maintenance and security checklist, you should tell the client and recommend they stay right where they are today... with CI Web Group, Inc.

Aside from that, it’s important that you keep vigilant. Every website is different so there may be things not included in this checklist. If that is the case, it’s up to you to get all necessary information and include them on your end.

Taking Over Existing Websites in a Nutshell

The moment you take on an existing WordPress site, it’s best to know what is expected of you. Since most websites exist in a network of different components, it’s easy to forget some of them.

For that reason, the checklist above walks you through the process of taking over a site from another designer or developer so you don’t forget anything important. Once you have this process in place (this is just the transfer), make sure you have an extremely solid plan for updates, maintenance, security, refresh's, backups, PHP, Plugin, Wordpress and theme updates.

Once fully in charge, you have other opportunities to help your client improve their website - be careful not to go changing, deleting, re-arranging everything as you may destroy years of work and results.

That way, taking over a site from someone else can result in additional income instead of a liability. However, only when you have the infrastructure, skills, experience and you make the effort.