There will be times when you need to safely share WordPress access with another user or developer. Whether you are granting full or limited user access, there is a process for safely providing access without compromising the security of your website or blog.
Create a new username and password
First and foremost, do not give away your own WordPress user ID or password. This is very risky on many levels. You want to create a unique user ID, so you can quickly delete it when needed. It’s relatively easy to create a new user ID in WordPress and it’s just as easy to delete the user too.
While in WordPress, go to Users > Add New.
Input the necessary information such as name, email, and username.
Next, you’ll want to select the lowest level of access needed. Keep in mind that most developers and SEO consultants will want admin access so they can properly view your WordPress configurations and plugins. Below are the available levels of access for WordPress:
- Administrator – somebody who has access to all the administration features within a single site.
- Editor – somebody who can publish and manage posts including the posts of other users.
- Author – somebody who can publish and manage their own posts.
- Contributor – somebody who can write and manage their own posts but cannot publish them.
- Subscriber – somebody who can only manage their profile.
WordPress can easily send the user the access information or you can provide it manually. Either way, as soon as you click Add New User, your new user will be ready for usage.
Assign limited user access
There are several plugins for WordPress that allow you to create or edit user roles, like the User Role Editor. It makes editing existing roles or creating new ones easy. You will be able to choose what capabilities that specific user role gets.
For example, you could give them access to everything, but not allow them to be able to delete any posts or pages while they are in there. It can be fine-tuned down to the smallest detail.
Delete support user accounts
It’s important to delete those users to whom you have given access to your site when they are no longer needed. It’s not always an easy thing to remember. That is where a plugin like Support Me comes in handy. This plugin will let you create that support username and add an expiration date to make sure it gets deleted. It can be set to expire in minutes, hours or even days. If you aren’t sure of how long the account will be needed, set it for a minimum amount of time. You can always give them additional access time if needed.
You are giving people access to your site and this can be a scary thing. Just be careful with who you share WordPress access.
Don’t post a problem on Facebook and let some stranger pop into your admin with full access. As much as we would like to think that we can trust most people, a lot of damage could be done in a short amount of time.
One last tip: Before you let anyone access your site, always do a full backup. Better safe than sorry!
Also published on Medium.