I will admit it is nice when a client trusts us so completely that they will provide online access to anything and everything we might need for their projects. At the same time, I’m always surprised how easily people share their private information without a moment’s pause. It makes me cringe and wonder if they are always so free giving of this information.
I am sure that if I asked for their Social Security number, I would receive gasps of disbelief, and yet…
- I’ve had a total stranger (not yet a client) give out administrative access to their WordPress account.
- I’ve had numerous people provide full admin access to their hosting account.
- I’ve even have clients send me (unsolicited) the username and password to their PayPal account, which includes their banking information.
As much as we all wish there weren’t people out there who would take advantage of these types of situations, there are. As Stephen King puts it: “The trust of the innocent is the liar’s most useful tool.”
That being said, I think the primary reason so many people give this information up is because they become intimidated by the requests they might get from website developers, so they just give free rein to any and all of their website information. But this is unwise and not necessary.
So how do you protect yourself from making this same mistake? Follow these tips:
- Create an FTP user for third-party developers only. Your hosting provider should be able to give you simple instructions on how to do this.
- Create a WordPress user for third-party developers only. WordPress gives instructions on how to do this.
By creating these types of developer accounts, it gives you control to change or delete the accounts at any time, especially if you think your security is at risk. It also allows you to track (and sometimes undo) changes, since there are people with good intentions (but little web experience) who can accidentally make a mistake in a control panel that is not easy to undo with a shared account.
You can also protect yourself by following some simple rules regarding your passwords:
- Use strong passwords. Include symbols, numbers, uppercase letters, etc.
- Don’t use the same password for everything. For example, don’t use the same password for your bank account that you use for Pinterest.
All in all, your online accounts are something you should protect with the same diligence as you would your home, car and other personal property. Make sure if you do provide an all-access pass to someone, you have established trust…and a contract.