As a WordPress developer, you likely create websites for clients with a wide range of technical skills. Not all of them are going to be WordPress experts. If you give them unlimited access, and they might delete important content, or even break their new website entirely.
Having to go back and fix broken sites is a drain on your time and resources. Fortunately, with the right plugins, tools, and techniques, you can client-proof your projects and ensure they remain in tip-top shape.
Handing over the keys to your latest project doesn’t have to mean risking its well-being. In this post, we’ll share six ways you can client-proof WordPress to prevent mishaps. Let’s dive in!
Why it’s important to client-proof your development projects
Once you’ve finished building a website, it’s standard practice to hand it over to the client. Even if you have an ongoing maintenance contract, most customers will still require access to their own sites.
However, not all of your clients will be WordPress-savvy. Plus, there are some areas of the dashboard – such as the Plugins screen the Theme Editor – that can cause serious damage if they’re mismanaged. It’s important to protect clients from themselves by restricting access to these portions of the back end.
By securing important areas of the WordPress dashboard, you can prevent costly downtime, data loss, and errors while minimizing support requests. Client-proofing can also result in better User Experience (UX), increasing the chances of follow-up business and word-of-mouth recommendations. Even if a client breaks their own website, it still reflects negatively on your work and can damage your reputation.
6 ways to make your WordPress websites client-proof
By taking a few precautions, you can ensure that the websites you spend so much time developing remain in pristine condition. Let’s look at six ways you can client-proof the WordPress dashboard.
1. Set up the client’s username and password
By providing clients with ready-made usernames and passwords, you can ensure these credentials meet all security best practices. This can help mitigate brute-force attacks and other breaches.
This is also an opportunity to configure client accounts with restricted access. For example, you might assign them Editor roles, rather than making them Admins. This automatically secures the most important areas of the WordPress dashboard without the need for additional tools or plugins.
However, some clients may not be satisfied with having an Editor account. If that’s the case, there are other security measures you can put in place.
2. Add the client as a Collaborator in ManageWP
Some clients may only require minimal access to their WordPress dashboard. Alternatively, others may need accounts for multiple people. For example, the client’s entire marketing team may want to preview content before it goes live.
With ManageWP’s Collaborate feature, you can securely share a single WordPress site with multiple users. When you add someone as a collaborator, you have greater control over the data and features they have access to. You can also revoke their access at any time.
To add a collaborator, select your username in the upper-right corner of your ManageWP dashboard. Then click on Collaborate > Add Collaborator:
Now, enter the collaborator’s email address and define their Access Level. You can choose from Full website access or Read only website access. You can also restrict them to specific websites, specific tags and clients, and prevent them from performing bulk actions.
When you’re happy with the information you’ve entered, click on Add collaborator. This person will now be able to access the specified WordPress website via ManageWP.
To revoke access, navigate back to the Collaborate screen in your ManageWP dashboard. You can then select the Manage collaborator tab, choose the collaborator you want to remove, and select Delete collaborator.
3. Hide items from the WordPress dashboard
Out-of-the-box, WordPress lets you restrict access to specific dashboard features. However, it’s not always possible to hide these settings.
If a setting is visible but disabled, then your client may assume their website is broken. This can result in unnecessary phone calls, and awkward conversations as you explain why you felt the need to disable a particular feature.
In the worst-case scenario, a less tech-savvy client may demand access and wind up damaging their website. Instead, you can hide dashboard settings entirely using a WordPress plugin such as Admin Menu Editor:
This plugin enables you to show and hide menu items based on user permissions, or hide them entirely for all users, including administrators.
You can also use this plugin to edit menu items, which is handy if you need to replace technical terms with more user-friendly labels. A client who can understand their WordPress dashboard is far less likely to make mistakes:
If the client requests or requires access to their entire dashboard, then you could also clearly label dangerous settings. This may encourage clients to proceed with caution where necessary.
4. Prevent changes to themes and plugins
You may want to prevent clients from modifying themes and plugins as well. This can prevent updates that are incompatible with the other software from breaking their websites.
You might also want to prevent the client from installing new themes and plugins. This can be useful if you suspect the client may install insecure plugins, or even add so many that they negatively impact the website’s performance.
ManageWP can help with this, too. In your dashboard, click on your username. Then navigate to White Label > Plugins & Theme Settings:
Here, select the checkbox next to Prevent the user from updating/installing plugins & themes within the site. You may also want to select Disable the plugin & theme code editor. If a client makes code-level changes to their website, then it could result in serious damage, including data loss and downtime:
If the client doesn’t require access to any ManageWP features, you can hide the plugin from their list entirely as well. This can simplify their WordPress dashboard and prevent mistakes. It will also help you avoid questions from curious clients who want to know about this mystery plugin.
To hide the ManageWP plugin, click on your username and open the White Label tab:
To hide ManageWP, select Hide ManageWP Worker from the plugin / widget list. It will then disappear from the WordPress dashboard.
5. Create custom dashboard widgets
A client who’s digging around their dashboard is at high risk of damaging their website. Creating custom widgets can provide your client with easy access to all the information and features they need. This will make them less likely to explore unfamiliar areas, and can also minimize support requests.
You can create custom widgets and display them inside the WordPress dashboard using a plugin such as Dashboard Widgets Suite:
This plugin provides nine customizable widgets that you can add to the dashboard, or even display on the frontend using shortcodes.
You can use these widgets to display a variety of content, including RSS feeds, social media links, user notes, and WordPress widgets such as a search bar. You can also embed text widgets, which is ideal for adding useful tips, advice, and instructions to the back end.
6. Implement automatic backups
Even if you take all the necessary precautions, your clients may still find ways to damage their websites. By implementing regular backups, you’ll always have something to restore in the event of a disaster.
If you have an ongoing maintenance contract with the client, then backups can save you a significant amount of time if you ever need to fix a broken website. Even if the client caused the damage themselves, informing them that their site is gone forever isn’t quality customer service.
If a client doesn’t sign up for ongoing maintenance and support, it’s still best practice to put a backup solution in place before handing the website over. If the client breaks their website, then there’s still a chance they’ll contact you for help. With a regular backup schedule, you’ll make any follow-up work much easier.
ManageWP provides free and premium backups, including on-demand and scheduled options. Both are secure and easy to create. You’ll also receive a notification if your client’s website experiences downtime, so you can start working on restoring the most recent backup as soon as possible.
Providing unrestricted dashboard access to someone who isn’t familiar with WordPress can result in all sorts of issues. A client may accidentally post a poorly-formatted blog post, delete key data, or even break the website you spent so long building. Thankfully, there are ways to client-proof your projects.
Before handing over the keys to a WordPress client site, you should consider:
- Setting up the client’s username and password.
- Adding the client as a collaborator in ManageWP.
- Hiding menu items from the WordPress dashboard.
- Preventing changes to themes and plugins.
- Creating custom dashboard widgets.
- Implementing automatic backups.
Do you have any questions about client-proofing WordPress? Let us know in the comments section below!