Commissioning a WordPress site or store is not buying a product off the shelf, it is entering a relationship that is hard to walk away from halfway through. The most important decision is not about price or whose portfolio looks nicer, but about what stays in your hands once the project is over: access, code and rights. This guide gathers the questions that really separate a good contractor from trouble, plus one area almost nobody thinks about until it is too late: the law.
Agency, freelancer or in-house team
It is a choice about continuity, not quality. A single freelancer can be the best technical choice and the fastest to make decisions, but is also a single point of failure. We have seen a store grind to a halt for a week because the only person who knew its code had gone to the mountains with no signal, and the project knowledge was written down nowhere. An in-house team solves the continuity problem, but it only pays off under a steady, heavy workload; with irregular tasks a salaried role sits idle and still costs money.
An agency is the middle ground: you pay a premium for the team and the process, and in return you get replaceable people and documentation, so the project does not stop when one person leaves. The sensible middle model for most B2B companies and stores is a fixed, named engineer on the contractor’s side, but with a team and recorded knowledge behind them. The control question is simple: what happens to my project when that specific person falls ill or leaves.
What to look for instead of a pretty portfolio
A portfolio shows how something looks in a screenshot, not how it behaves under load. Three things say more than a gallery of past work.
The first is performance that is measured, not declared. Ask for a Core Web Vitals result from field data, or from a test on a mid-range phone on a slower connection, not from a laptop on fibre. The methodology and thresholds are described by the Google team in the Web Vitals documentation. A good contractor will show before-and-after numbers, explain how they handle heavy page builders and how many database queries a product page generates.
The second is how they work with code. Ask directly whether the code is version-controlled in a repository or pushed straight to the server over FTP. Version control is not a whim: it is the ability to undo a mistake, audit changes and let anyone else take over the project. No repository means you are tied to one contractor, because nobody else can step into that code without archaeology.
The third is security after launch. A site is not a painting you hang and forget; plugins need updating, and the plugin supply chain can be an attack vector. Ask who is responsible for updates after go-live and what incident response looks like. No answer means you are responsible, you just do not know it yet.
Five questions before you sign
These five questions cost a minute and save months.
- Who will hold the economic copyright to the code and design once the project ends, and on which fields of exploitation?
- Will I get full administrative access to hosting, the domain, the repository and external accounts, or are we working on your closed account?
- Is the code version-controlled and the deployments reproducible, or do changes land on the server by hand?
- Who is responsible for updates, backups and security after launch, and what does the care plan cover?
- Will I see a real performance result on a phone, or only portfolio screenshots?
If any of these gets an evasive answer, it is not a matter of knowledge but of a business model that keeps the client tied to the contractor by force rather than by quality.
Law and ownership: the area nobody thinks about early enough
This is where the part begins that is easiest to skip and hardest to fix after the fact. Under Polish law, paying for a project does not automatically transfer the economic copyright to the code, graphics or text; you need an explicit clause in the contract naming the fields of exploitation. Without it, the rights stay with the contractor and you hold only a licence to use what you paid for. Polish lawyer Tomasz Palak puts it without dressing it up: as he writes in his guide to copyright for creators, “publishing does not lose you the rights”, which cuts both ways, including on the contractor’s side, until those rights are knowingly assigned.
The same caution applies to the material you put on the site. The fact that a photo is available online, or that an AI model generated it, does not mean you may use it commercially; you have to check the licence, because, as Palak reminds us, not every “free image” is really free, and a CC BY licence is not the same as CC0. On your side it is worth securing three things in the contract:
- An assignment of the economic copyright to the code, design and content, not merely a licence.
- A declaration by the contractor that they hold the rights to all material used, photos, fonts and premium plugins, along with their licences.
- GDPR compliance if the site collects data, meaning who is the controller and who is the processor, and what happens to the data once the cooperation ends.
If you use AI tools for content or graphics, remember one rule that Palak repeats: the tool does not remove your responsibility for what you publish. Check the tool’s terms and do not feed it data you are not allowed to disclose. The same goes for the agency you hire: it is worth asking whether and how it uses AI, and who is responsible for the rights to the output.
Red flags
A few signals after which it is better to say no before signing. A contractor who will not hand over access to hosting, the domain and the code. No repository and deployments done by hand only. A price quoted in isolation from scope, without analysing the real requirements. Promises of Google rankings or “AI visibility” given on someone’s word, with no explanation of what they are supposed to consist of. Finally, silence on copyright, because that usually means the rights stay with the contractor and you will find out only when you try to change supplier.
What next
Choosing a WordPress contractor well comes down to one principle: secure what will stay in your hands once the project is done, before it starts. Access, version-controlled code and rights assigned in writing matter more than the prettiest slide in the pitch. If you are planning a site or store and want to run through this list on a concrete case, describe what the project should deliver and we will work out together what to watch for in your situation.
The legal aspects in this text are general in nature and are not legal advice; for a specific contract it is worth consulting a lawyer who specialises in copyright and new technologies.
Last updated: 11 June 2026.
