Should I give my web developer my username and password? On the surface of it, this seems like quite the quandary.
After all, how will your developer be able to make changes to your site if they do not have the login details? But on the other hand how can you be confident that you’re not exposing your site to unnecessary risk?
The answer is deceptively simple – WordPress allows you to create new accounts for anyone who needs access to the admin backend of your site. For added security, it even lets them set their own password.
Sharing is not always a good thing
At some point or other you’ve probably been lectured about the importance of not sharing login details with anybody. But as is often the case with computer security, convenience all too often wins out over best practice.
This is all well and good, until your website gets hacked. Cleaning up after a hacker takes a lot of time and money that could be better invested elsewhere. That’s why we like to be proactive about security in the EggCup kitchen!
The good news is there’s no need to give in to the temptation of convenience. I’m going to walk you through a solution that is almost as simple as sharing your login, but much more secure. And better yet, it’ll only take a couple of minutes, I promise!
How do I give someone access to my WordPress site?
Time needed: 2 minutes.
Learn how to grant admin access to your website securely and without sharing login details with anybody else!
- Log in to your admin dashboard
Go to example.com/wp-admin/ (replace ‘example.com‘ with your own website domain). Log in using your administrator account. If you don’t have an admin login yourself, contact the person who set up your website.
- Add a new user
Once logged in, go to ‘Users‘ –> ‘Add new‘ in the sidebar menu.
- Enter a username for the new user
If you’re granting me access to your site, enter the username as ‘ipegg‘ (without the inverted commas). Otherwise use the name of your developer – natch! Once set, the username cannot be changed.
- Enter an email address
Again, if granting me access, enter the email address you’ve been using to correspond with me. Otherwise use your developer’s email address.
- Important! Check a checkbox
Make sure ‘Send user notification‘ is checked. Otherwise, I won’t know that I’ve been granted access to your site (unless you tell me and send me my details manually, which kinda defeats the whole purpose of this tutorial!).
- Important! Grant admin access
In the ‘Role‘ dropdown menu, be sure to change the role to ‘Administrator‘. I can’t work my magic without an admin account!
- Create the new user account
Hit ‘Add new user‘. I will then get an email about my shiny new account and will be able to securely set my own password.
You’ve just granted your developer administrator access to your site without having to insecurely email your login details. This approach also carries the considerable benefit that you can revoke access to your site at any time by simply removing the account you just created.
What are the risks of sharing passwords?
As a rule of thumb, most people share their logins using email. Problem is, email is not secure. It never has been and quite possibly never will be. Transmitting sensitive information via email is therefore rather risky.
As soon as you email somebody else your password, there is the danger it could be intercepted on the way. There are also now two copies of your password in two separate places. Wherever there is a copy of your password there is a place where it can stolen from.
Even if you had the perfect technical security measures in place, there is still the human element to consider. Can you trust the recipient not to share your login details with anybody else?
These dangers are magnified further if you’re in the habit of reusing passwords across different accounts. By sharing your website login you could also unintentionally be sharing access to other platforms too.
Once you’ve set the precedent to share passwords, you’ve lost control over the security of your website. Learning how to safely grant access to your WordPress site isn’t going to fix all potential security problems within your business, but it’s a step in the right direction.
If your WordPress isn’t behaving, or you’re concerned about the security of your site, hit the button below and we’ll arrange a consultation.