How to safely grant access to your WordPress site
From time to time, you may well need to give a third party, from outside your company, Administrator access to your WordPress site. For example, we are often called in to fixing something, or perform a website review, in such cases, we’ll need to be granted Administrator access on the client’s WordPress site.
How NOT to do it!
So what you don’t want to do is this:
“Hi Joel, our WordPress login details are ADMIN, PASSWORD blah blah blah”.
There are two key issues here:
- Email is really not a super-secure medium.
Email hacks occur, and hackers can trawl your inbox for credentials like this. - You are missing out on audit and accountability
How you SHOULD do it
There are two key things which need to be done:
- Install an audit trail plugin
- Grant us our own user account
Let’s drill into those two points
[adrotate banner=”3″]
1) Install an audit trail plugin
Wouldn’t it be better to have some sort of audit trail of what the users of your site are actually doing?
Guess what, you can.
The very first thing you’re going to want to do is to install a plugin in your WordPress site which gives you such an audit trail.
Stream Plugin – accountability audit trail
We tend to use the Stream plugin for providing an audit trail log. E.g. take a look at the screenshot below, it’s showing when users logged in, what they did etc.
After you’ve installed Stream, you can move on to the next step. Oh, and if you don’t like the responsibility of installing plugins, that’s fine – we can help with that.
[adrotate banner=”3″]
2) Add us as a user on the site
Note: we also have a separate post which gives you a step by step guide for adding new users to your WordPress site.
Do not share your own login details with us.
Instead, add us a new user.
In WordPress, when you add new users, you can assign them different ‘roles‘ – where Administrator gives the highest level of access. We’ll go into roles and what the differences are in another post but for now, if you are looking to grant access to someone like us (e.g. WordPress experts who you can trust), you will need to assign them to the Administrator role.
Granting the third party their own individual account (rather than sharing your details) means that your Stream audit report will be much more useful.
Tip: If multiple people are currently sharing your single Administrator login, why don’t you set them up with their own logins, it’s easy to do.
Finally, if you are adding someone to the site to help fix something, then please take a look at our post about how to report such errors – I guarantee it will save you time!
Thanks
Joel
[adrotate banner=”4″]