Every client that we work with at tiny blue orange provides us with login details for their WordPress website. But we tell them “don’t share your WordPress login with us!” Instead of asking them to email their username + password, we ask them to create an account just for us. And it has everything to do with security.
It might seem convenient to have a single account to manage… What happens if a member of your team enters disgruntled territory? If you’re able to change your password before they do any damage, you still have to update everyone that uses that login with the new info.
But if that now-former team member changes the password before you do? You have a bigger problem of no longer having access to your own website. Not to mention the issue of what that person is now doing to your site content.
Don’t share your WordPress login — create unique accounts
The best thing you can do for your business + your individual team members is to create a new user account for each person with a secure password + username. And set their access to the appropriate level.
If you have an assistant that edits your copy + adds new blog posts to the site, they can be set as an Editor instead of an Administrator because they don’t need access to all of your theme files + plugins.
And if/when you find yourself needing to remove someone from your team + site, simply log in, head to the user’s list by going to Users > All Users + delete their account. No mass emailing your team with new login details + no getting locked out of your own site.
(Plus mass emailing login details is a bad idea anyway. Email accounts get broken into or left logged in on shared computers more than folks will admit.)
Security bonus with unique accounts
Looking for one more reason to create a new user for each of your team members? The bonus security perk of this method is that you have at least one other point of entry into your site dashboard in case your account is compromised.
I’ve seen sites lost because there was only one administrator account + that happened to be the account that was hacked. Avoid that situation completely by setting up your team with their own unique login.