Within every organization, someone is responsible for the website. It may never have been in their job description, but they become the person who knows how it works.

They know how to post a news item. They know images need to be resized before upload. They understand page builders, custom fields, and specialized configurations. They carry processes in their head that were never documented.

When they leave, all that legacy knowledge walks out the door.

If you're reading this, it's probably because this just happened to you. Your web developer, IT coordinator, communications manager, or "the person who just knew how the website worked" is gone. And now you're trying to figure out what to do next.

For the national nonprofits and associations we typically work with, this isn't a volunteer disappearing. It's a paid staff member, often mid-level, whose job description never formally included website management but who absorbed it over time because someone had to.

That distinction matters because the replacement path is different. You're not looking for a volunteer to step up. You're deciding whether to burden another professional employee with responsibilities outside their expertise, or whether to solve the structural problem that created the crisis in the first place.

We've stepped into this situation more times than we can count. Here's how to handle it.

First 48 Hours: Stabilize

Immediate action steps for nonprofits when their web developer leaves unexpectedly

Before you worry about the long term, address the immediate risks.

Secure Your Credentials

This is the most urgent step. Determine whether the departing person had exclusive access to any of the following:

  • Domain registrar (where your domain name is registered: GoDaddy, Namecheap, Cloudflare, etc.)
  • Hosting account (where the website files live)
  • WordPress admin account (the actual login to the website's back end)
  • Email service (if contact forms or newsletters are tied to a specific provider)
  • Payment processor (Stripe, PayPal, or whatever processes donations)
  • Analytics and search console (Google Analytics, Google Search Console)
  • CDN or security services (Cloudflare, Sucuri, etc.)

If any of these were tied to the person's personal email address, you have a time-sensitive situation. Most services have account recovery processes, but they're easier to work through while you still have the departing person's cooperation. If they left on good terms, reach out immediately and ask them to transfer ownership or share credentials. Don't wait.

If you don't know where your domain is registered, run a WHOIS lookup. It'll show the registrar. Domain access is the most critical piece. Without it, you can't move DNS, renew the domain, or ultimately control where your website lives.

Check What's Running

Determine whether anything on your website is time-sensitive or actively running:

  • Are donations being processed? If the site handles online giving, verify that the payment processor is still connected and transactions are going through.
  • Is a campaign or event registration live? If there's an active campaign, registration page, or form collecting submissions, make sure those still work.
  • Are automated emails firing? Membership renewals, welcome sequences, event confirmations. If these are tied to the website, confirm they're still operating.

The goal here isn't to fix everything. It's to identify what's actively serving your mission right now and make sure it doesn't break while you figure out your next steps.

Don't Touch Anything You Don't Understand

This is important. The instinct to "get in there and see what's happening" is strong, but if you're not experienced with WordPress, making changes in the admin panel can create problems. A deactivated plugin might take down a critical feature. A modified setting might break the homepage. A well-meaning update might create a compatibility conflict.

If the site is working, let it work. The priority is stability, not exploration.

First Two Weeks: Assess

Once the immediate risks are addressed, take stock of what you actually have.

Run a Website Audit

Either internally or with a prospective new partner, assess the current state:

Software status. Are WordPress core, plugins, and themes up to date? How far behind are they? Sites managed by a single person who's left often have months or years of deferred updates.

Security posture. Is there an active firewall? Malware scanning? When was the last security scan? Is the SSL certificate current and properly configured?

Backup situation. This is a critical question. Are there backups? Where are they? When was the last one taken? Can they actually be restored? Many organizations assume their host "handles backups" without ever verifying that those backups are complete, recent, and restorable.

Technical debt. Are there broken features, deprecated plugins, or custom code that nobody understands? Has the site been running on an outdated PHP version? Are there database tables from abandoned plugins consuming resources?

Documentation. Is there any? In most cases where a single person managed the website, the answer is "very little" or "none." Processes lived in that person's head. This is one of the biggest problems the departure creates, and it's one of the hardest to see until you need information that doesn't exist.

Assess What You Actually Have

This is a good moment to document what the audit reveals, because the findings are usually eye-opening.

When we step into these situations, we consistently find a few patterns:

  • The site is running a PHP version one or two releases behind current.
  • There's a mix of active and abandoned plugins, sometimes 30 or more, with no documentation explaining which ones are critical and which are leftover experiments.
  • Custom code exists that nobody on the current team wrote or understands.
  • Security monitoring, if it ever existed, stopped running when the web person left.

The security gap is particularly concerning. Breaches at organizations without active monitoring are discovered an average of 467 days after they occur. If your web person left three months ago and security scanning stopped with them, a breach could already be underway with no one aware of it.

Understanding the site's true state determines the kind of support you need going forward. A basic brochure site with a donation form needs a different level of partnership than an association platform with member portals, CRM integrations, and role-based content access.

The Decision: Replace or Outsource

Decision comparison between hiring a replacement web developer and outsourcing to a managed services partner

With the assessment complete, you're facing the same question every organization in this position faces: Do you hire a replacement or outsource website management?

We've written a detailed cost comparison of these options, but here's the core of it.

Hiring a replacement means finding someone with the right technical skills, going through a months-long recruitment process in a tight labor market, and paying $55,000 to $85,000 or more in salary and benefits. The replacement cost for a departing digital specialist, including recruitment, onboarding, and lost productivity, averages roughly $127,000.

Then you're onboarding them to a codebase they didn't build, hoping they'll stay longer than the average nonprofit tenure of roughly 5 years. Nonprofit staff turnover runs 19-21%, driven by too much work and too little support (59% of departures), limited growth opportunities (54%), and inadequate compensation (50%). You're recreating the same single-point-of-failure that just failed, with the same structural pressures that caused the original departure.

Outsourcing to a managed services partner means engaging a team for $200 to $500 per month, gaining immediate senior-level expertise, eliminating single-point-of-failure risk, and gaining 24/7 monitoring and support. The partner documents everything, shares knowledge across their team, and provides continuity that survives personnel changes on either side.

For most nonprofits, outsourcing is a significantly better option, both financially and structurally. The math is stark: $2,400 to $6,000 per year for a team versus $85,000+ per year for one person. But beyond the math, outsourcing eliminates the structural vulnerability that just caused the crisis you're dealing with.

What Recovery Looks Like with a Managed Services Partner

When we step into the "web person left" situation, the process follows a consistent path.

Phase 1: Take over and analyze. We collect all available credentials, access the hosting environment, and perform a thorough audit of the website. We identify the CMS version, theme, plugins, custom code, integrations, security status, and backup situation. We document everything we find.

Phase 2: Walk the organization through WordPress. We meet with the people who will be managing content going forward and learn what they need to do regularly. Post news items, update event listings, add staff bios, and manage blog content. We make sure they're comfortable and confident handling those tasks.

Phase 3: Learn what makes the site unique. Every website has its specific configurations. Page builders, custom fields, specialized plugins that handle critical functions, and unusual workflows that the previous person set up. We learn it all so we can support it effectively.

Phase 4: Listen and adjust. The people taking over content responsibilities may work differently from the person who left. We adjust the site to work the way they work, not the other way around. If a page builder is confusing, we simplify the editing experience. If a process is unnecessarily complicated, we streamline it.

Phase 5: Document everything. The processes that the previous person carried in their head get documented. Login procedures, content workflows, integration details, and update schedules. This documentation becomes the organization's institutional knowledge, independent of any individual.

This is also the right time for a full audit, and we treat it as a genuine opportunity rather than just crisis recovery. Do they have backups? A firewall? Are there pending updates piling up? Is the site running a current version of PHP? Are there abandoned plugins consuming resources?

The web person's departure is the right moment to assess the entire website and position the organization for success, because this kind of full review rarely happens when someone is embedded in the day-to-day.

For organizations in crisis mode during this transition, knowing how urgency is handled makes a real difference. Our triage system classifies incoming requests so nothing critical falls through the cracks:

  • Security issues and downtime are addressed immediately.
  • Broken forms and mission-critical functions are treated with the same urgency.
  • Planned work, like new features or content projects, is handled during business hours.

Even non-urgent tickets often get a human acknowledgment outside business hours, because organizations that just lost their web person need to know someone is actually there.

Many organizations come out of this transition with a better-managed website than before, because they now have documented processes, team-based support, and proactive monitoring, rather than relying on one person's institutional memory.

When we took over the three AIER websites (American Institute for Economic Research), we encountered this pattern at scale. Three inherited WordPress sites housing nearly 20,000 published content items, recently separated from a shared Multisite platform by a previous developer who left behind performance issues, security gaps, and bloated databases with over 150 tables on the main site alone. The first phase was stabilization: auditing all three properties, addressing inherited technical debt, and building a cross-site scholar integration system that the previous setup lacked. That's the kind of recovery that turns a departure crisis into an organizational improvement.

When we took over Genzeon's website, the situation was a different version of the same pattern. Their previous development partners hadn't been able to resolve fundamental architectural issues with the site, and the marketing team couldn't make basic content updates without developer involvement. We rebuilt the site in a traditional WordPress architecture, migrated nearly 1,000 content items, and delivered a platform the marketing team could manage independently. As their marketing manager said, "After multiple failed attempts with other firms, FatLab rescued our website project and launched it in weeks."

Preventing This From Happening Again

Whether you hire a replacement or outsource, take steps now to make sure the next transition isn't a crisis.

Use a Password Manager

Every credential related to the website should live in an organizational password manager like 1Password, LastPass, or Bitwarden, in a shared vault that's accessible to at least two authorized people, not in someone's browser, not in an email thread, not on a sticky note.

This is the single most common gap we find. We consistently encounter organizations where the domain registrar login, hosting credentials, and third-party API keys were stored exclusively in the departed person's personal browser or email. A shared organizational vault would have prevented the most urgent part of their crisis.

Maintain Documentation

Document the critical workflows: how to publish content, how forms are configured, what plugins handle which functions, and where integrations connect. This documentation should be a living reference that updates as things change.

The documentation gap we see most often isn't the big things. Organizations usually know what CMS they're running and who their host is. What's missing is the operational detail: which plugin handles the event registration vs. the general contact form, why a specific caching rule was configured the way it was, how the CRM integration maps fields between systems, or why the sidebar looks different on the events page.

That's the knowledge that lives in one person's head and causes the most confusion when they're gone. If you're working with a managed services partner, documentation of this operational layer should be part of their standard practice.

Avoid Single-Point-of-Failure Staffing

The pattern we see most often is an organization that assigns website responsibilities to one person without backup. That person becomes the only one who understands the site, and when they leave, the knowledge leaves with them.

At a minimum, two people in your organization should be comfortable logging into WordPress and performing basic content updates. More importantly, the technical management of the website should not depend on any single individual, whether an employee, freelancer, or volunteer.

Separate Content from Infrastructure

This is the framework that prevents the crisis from recurring. Staff should own content: publishing, editing, and updating. Technical infrastructure, server maintenance, security, software updates, and performance optimization should be handled by a professional team that ensures continuity regardless of staff turnover.

It's the content vs. infrastructure split that we recommend to every nonprofit. When you clearly separate these responsibilities, no single person's departure can compromise the entire website.

The Volunteer and Freelancer Variants

The "web person leaves" scenario has several common variants that follow the same pattern.

The board member's nephew. Someone's relative built the site pro bono. They did their best, but they're not a professional web developer. The site has issues that they don't know how to fix. Eventually, they get busy with their own life and stop responding. The organization feels it can't complain because the work was free. When they finally disengage, there's no documentation, no handoff plan, and a site that doesn't meet professional standards.

The freelancer who disappeared. A single freelancer handled the site on a retainer or ad-hoc basis. They were responsive at first, then response times stretched. Then they stopped returning emails. The organization has a site they can't manage and a provider they can't reach. Free isn't free, and cheap isn't cheap.

The volunteer developer. Similar to the nephew scenario, but often someone from the broader community. Generous and well-meaning, but with no SLA, no guaranteed response time, and no accountability. When they burn out or move on, the organization is in the same position.

All three variants lead to the same place: an organization without documentation, without reliable access, and without a plan. Professional management is insurance, not overhead. The monthly cost of managed services is a fraction of the crisis cost when the informal arrangement inevitably ends.

The contrast is stark when you look at organizations that built continuity into their model from the start. Club for Growth has maintained a managed services partnership for over 14 years, managing six websites with over 230,000 registered users, multi-entity donation processing, and CRM integration across more than 8,500 lines of custom code.

Over a decade of continuous operation with no slowdowns or outages, through staff transitions on both sides. That's what the alternative to the "web person leaves" crisis looks like when the structural problem has been solved.

You're Not Alone in This

If this article describes your current situation, know that it's one of the most common scenarios in the nonprofit sector. Nonprofit staff turnover runs 19-21%, and when turnover hits the person who managed the website, the impact is immediate and often severe.

But it's recoverable. And if you handle the transition thoughtfully, your organization can come out of it with a stronger web management foundation than you had before.

The financial reality often accelerates this decision. When a staff departure coincides with budget pressure, organizations face the question of whether to invest in a replacement hire at $85,000+ or engage a managed services team at a fraction of that cost. The departure becomes the catalyst for a more sustainable model.

For the full picture on outsourced website management, including what to look for in a partner, what professional management should include, and how to make the transition smoothly, see our full guide on outsourced website management for nonprofits.

Need Help Now?

If your web developer just left and you need someone to step in, contact our team. We've handled this exact situation for dozens of nonprofits and associations. We'll help you stabilize, assess what you have, and build a sustainable management plan going forward.