don’t share your WordPress login information

don't share your WordPress login information // tiny blue orange

every client that we work with at tiny blue orange provides us with login details for their WordPress website. but instead of asking them to simply send us their username + password, we ask them to create an account just for us. and it has everything to do with security.

while it might seem convenient to have 1 account to manage, what happens if a member of your team enters disgruntled territory? if you are able to change your password before they do any damage, you still have to update everyone that uses that single login with the new information.

but if that now-former team member changes the password before you do? you have a bigger problem of no longer having access to your own website. not to mention the issue of what that person is now doing to your site content.

create user accounts for your team

the best thing you can do for your business + your individual team members is to create a new user account for each person with a secure password + username. and also set their access to the appropriate level.

if you have an assistant that edits your copy + adds new blog posts to the site, they can be set as an Editor instead of an Administrator because they don’t need access to all of your theme files + plugins.

and if/when you find yourself needing to remove someone from your team + site, simply log in, head to the user’s list by going to Users > All Users + delete their account. no mass emailing your team with new login details + no getting locked out of your own site.

(plus mass emailing login details is a bad idea anyways. email accounts get broken into or left logged in on shared computers more than folks will admit)

if you need one more reason to create a new user for each of your team members, the bonus security perk of this method is that you have at least one other point of entry into your site dashboard in case your account is compromised. i’ve seen sites lost because there was only one administrator account + that happened to be the account that was hacked. avoid that situation completely by setting up your team with their own unique login.

image from #WOCinTechChat



worried you aren't safe from hackers? sign up below to get the start with security guide with the perfect dose of steps to increase security. you’ll also get freshly squeezed info each week to grow your business.