10-12-2008, 03:47 PM
Hey folks, just looking for a bit of advice on how to perhaps handle a tricky situtation. I created a website about a year ago for a client on a very small budget which they wanted to "update themselves" in every way possible so as not to have PAY for updates (yeah, I mean why would clients want to pay you, right?)
So I put a couple canned scripts in for them to perform various functions on the site - now it is a year down the road and their website got hacked. Nothing was damaged, but it appears that one of the scripts had a security flaw and was out of date or they had used a very poor username/password combination. Anyway, I spent about 6 hours fixing things to get it back to normal and upgrading the script for them to the latest version and explaining to them again how they needed a more complex password and why.
The problem is that they do not want to pay anything because they feel everything should "just work" and the project was done. They can't grasp that scripts need to be updated and things need maintenance beyond just them clicking a few buttons. So how would you go about billing clients for things like this where they think they should not have to pay and it should be fixed simply because "it broke" and "you made it"???
I don't want to leave them high and dry obviously and get a bad rep even though they are the ones who don't comprehend technical aspects of a website, but at the same time I can't be working 6 hours for free... I have bills to pay. :eek: Any thoughts?
10-12-2008, 05:26 PM
In the future, I would put a clause in your contract when you initially are hired for a job that says something about future work/updates and what the process will be if they need/want more work done on a script or site, and how much it will cost. I don't know what you can do in this particular situation right now because you already have done the work and it sounds like you don't have a prior agreement that says you required payment for the extra work. But for the future, I'd definitely make room for that in the initial contract so people don't just assume that future updates and work is included in the initial price. And I'd definitely require that a portion of the money is received up front.
10-12-2008, 06:45 PM
Yeah, that's a good idea for sure. I should note that I already have a standard development contract, whereas this project was managed through another company I work for. I guess a good idea would be to have them sign the contract since they are sub contracting the work to me - although we have a pretty loose business relationship which is why I did not have one for this particular project - I really should though.
I think there still remains some gray area though in the fact that the client has the mentality that "if something breaks, you're required to fix it". They don't grasp the concept the same as if it were a car and it's old.. it can break down... they for some reason think a website is good forever.and ever, until the end of time. :) Gotta love web development.
Edit: now that I think about it, I think my question is more like what is the best approach in explaining to the client that their website is not going to be bullet proof if they don't maintain it, or pay money for the proper people to do it. It's sort of like having the office secretary play web designer and expecting nothing to go wrong.
10-12-2008, 06:56 PM
Websites are like cars. Sometimes parts break. They wear down and need to be replaced. Sometimes the same part breaks over and over. Sometimes you think you know what the problem is, but the real problem is in another area.
If you go to a mechanic and tell them the alternator they replaced last year doesn't work now and you want a free one, they'll probably pay you for the laugh you gave them.
You don't know that this script was the problem. It may have been, but then again, someone at the hosting company may have had an insecure password on root which enabled someone to exploit the site. Or another app may have given the hacker access. Botttom line, you delivered a working product to the client. I personally tell clients the only 100% secure server is one that's shut off, has all its data erased and is buried 100ft underground in 10ft of solid cement.
I've been burned a few times by clients like this. To alleviate this, I now have a "client certification form" that I have the client sign before I launch any updates. It's really a form that says "I the client agree that me (bcarl314) has completed all requirements for this project to my satisfaction.".
If they come back 2 months, or 1 year later and say something doesn't work, I charge for the time to fix it. If they say anything, I show them the document.
As a side note, clients who act like the one you're talking to aren't good clients and you should probably fire them.
10-13-2008, 03:08 PM
I don't want to leave them high and dry obviously and get a bad rep
I had that happen. I gave a solution. Got paid. Then they changed the requirements. And like a sap, I redid the job and gave them a new program. And there would be little style sheet things that wouldn't work, and then gaps in communication as they went to 'other aspects' of the project. Eventually, they just cut off communication, entirely. So I would have been 'bad' not reworking it, and was 'bad' for doing so, either way.
I think maybe going the extra mile only convinces people that you didn't do it right, the first time. That's the only thing I could guess.
Maybe there's too much undercutting out there. Maybe there are some 'resume geeks' who will paint the house for free, as it were. And it changes expectations for everyone? Maybe it's just best to agree on what is minimally needed, no less, no more, set a price, deliver, and that's that. No follow-up. If there is a need to follow-up, set new requirements, new fee, deliver, and again, that's it. And if trying to warn the customer about what is 'typical' beforehand, in order to minimize a need for any possible reworks, only causes them to accuse you of 'negotiation' or "confusion" or whatever, well . . they're not for you.
10-13-2008, 06:38 PM
I'd suggest making sure your clients understand that the web is a dynamic environment. What works today, may not work in 1 year. Features they think they need now, will become obsolete or irrelevant in a years time.
Educate them on your process. Me, I use a standard Systems Development Life Cycle
Each stage has a sign-off and approval by the client.Everyone "knows" someone that will do a site cheaply. Caveat Emptor is all I can say to that. My friend can make a bird house, that doesn't mean I want him to make my REAL house.