WordPress site owners sometimes need to give a third-party access to their site. Once a site grows beyond a certain size, it’s impossible for one person to do all the work, even if they have the necessary skills. Bringing a professional on-board is a smart move.
But giving someone that don’t know well access to your site is a daunting proposition. It’s unlikely they will turn out to be malicious, but incompetence and carelessness cause just as many problems. No one wants to have their site hacked because a contractor used an insecure password or because a developer wasn’t as careful as they should have been.
Site owners should follow one simple rule when giving third-parties access to their site: provide the least access compatible with getting the job done. In the security world, this is called the Principle Of Least Privilege, and most of us intuitively understand its implications. When you pay a vendor, you don’t send them your bank details so they can withdraw any amount they want, hoping they’re honest: you send them a check or use a credit card that authorizes them to claim exactly the amount they’re entitled to.
What does that mean in the context of WordPress?
Granting Access To Your WordPress Site
WordPress provides a collection of user roles that determine the capabilities of a user account.
- Administrators have complete control over the site. There is really no restriction on what an administrator can do.
- Editors can publish and manage the posts of other users.
- Authors can only manage and publish their own posts.
- Contributors can upload posts, but they can’t publish them.
No one should be given administrator privileges on a site unless it’s absolutely essential. If a service provider needs admin access, they should not be given the authentication credentials of the site’s owner or other trusted users. An admin account should be created for their use and deleted once they no longer need it.
If you have contracted a writer and you want to check their work before it’s published, don’t give them an Author account because they don’t need access to the publication features.
Always give accounts the smallest amount of power you can.
Granting Access To Your Server
Occasionally, a developer or designer may need access to your server or hosting account. Once again, the Principle of Least Privilege applies.
Firstly, and most importantly, never provide root access to your server to someone you don’t absolutely trust. In fact, it’s better to give no one root access and to disable root logins.
If you can, you should do any work that requires privileged access to your server. If a designer asks for access to upload some files, you or someone you trust should upload them if it is at all feasible.
If not, create an FTP or database account for them, and then delete the account when they no longer require access.
If a developer or designer is likely to use FTP over an insecure connection, use a secure VPN to ensure that the data can’t be intercepted.
If you rigorously adhere to the Principle Of Least Privilege, you will be able to give vendors and service providers the access they need without putting the security of your WordPress site at risk.