Client-Proofing a WordPress Site

WordPress is a wonderful platform for developing websites for clients who want the ability to update their own site but aren’t familiar with HTML or complex CMS software. The core code is updated frequently, the WYSIWYG editor is easy to use and similar to common word processing software, there are thousands of useful and beautiful plugins and themes to choose from, and it’s powerful as well as flexible.

Unfortunately, many of the strengths of WordPress also have the potential to be the cause of its downfall. While it’s easy for clients to make edits, customizations and updates from within the WordPress dashboard, it’s also pretty easy for them to break the entire site.

In most cases you won’t want to lock clients out of the dashboard completely (the whole point of WordPress is that it makes it easy for non-technical users to add and update content themselves). But savvy WordPress developers will take a few steps to secure the sites they build from clients who are overzealous with their edits and like tinkering under the hood of their website.

Setting User Permissions

The first and most important step to take when you set up a new site is assigning each user an appropriate level of access to the backend. If a user simply needs to add new content every now and again, providing full admin access is asking for trouble.

On the other hand, if you’re not providing an ongoing support package for your client and you’ll be handing over the whole site on project completion, you’ll need to provide them with an admin access account for updates and further development.

If you’re developing a site for a client who is already familiar with WordPress or has a web development background, it also makes sense to assign them more permissions than you would to a simple administrative user.

There are 5 default user types in WordPress:

• Administrator (full access)
• Editor (access to edit and publish posts, including others’ posts)
• Author (access to write and publish new posts)
• Contributor (access to write posts, but not publish them)
• Subscriber (only site user access, no ability to write posts)

In medium to large organizations you’ll probably need to set up several different user accounts with different levels of access. You might have one administrator, one editor and several authors or contributors. It’s important to find out the level of power that each individual should have and assign appropriately.

These user types can be further tweaked by using the User Role Editor plugin. This plugin allows you to go into a lot more detail when assigning permissions for individual users, or add a new role with customized capabilities.

For example you may choose to set up a limited admin account which doesn’t have completely full access, or give contributors permission to upload files as well as write content. Permissions can also be edited on an individual user level.

Disabling or Enabling Automatic Updates

WordPress automatic updates are a double-edged sword. On one hand they ensure that WordPress installations are kept up to date and secure if the user isn’t diligent enough or knowledgeable enough to upgrade manually on a regular basis. On the flip side, if something goes wrong during the update, it can be a real nightmare to sort out.

Many WordPress developers prefer to manage their client updates via a support service to prevent against any loss of data or downtime that may occur. However if you’re handing over a site to a client that is fairly proficient and understands the importance of regular backups, it will be much easier to allow them to update their own site.

Automatic updates are tested thoroughly before they are released and the possibility of an issue occurring is small. However if you don’t want to take that risk, you should disable auto updates.

From WordPress 3.7, auto-update is enabled as default. You can disable it by adding the following line of code to your wp-config.php file:

define( 'WP_AUTO_UPDATE_CORE', false );

Of course it’s important to make sure that client sites are updated regularly if you choose to disable auto-update. If you don’t offer a maintenance package, it’s highly recommended to setup client websites on managed WordPress hosting that will take care of updates, backups on your client’s behalf.

Increasing Security

It’s often not practical to give users only editor and author permissions but there are ways you can increase the security of the site when you give a client full admin access. As well as tweaking the access rights of the admin role using the User Role Editor plugin mentioned above, consider taking the following steps:

Block access to the plugin and theme editors

Directly editing the source code is one of the quickest ways to break a WordPress site. If your client is one who likes tinkering around with code because they think they know what they’re doing, when in fact they don’t, this is definitely something to consider. To disable the editor, add the following line of code to the wp-config.php file:

define('DISALLOW_FILE_EDIT',true);

You can also prevent users from installing new plugins and themes with the following code:

define('DISALLOW_FILE_MODS',true);

Be aware that this code will also prevent updates to themes and plugins so you’ll need to have a maintenance plan in place as you’ll be taking the power away from the client to keep their website code up to date and this could make the site vulnerable to attack.

Install Security Plugins

Improving the native security of WordPress is important to prevent your clients’ sites getting hacked (which they’ll undoubtedly blame you for). Your clients may also have less than ideal security procedures (perhaps using insecure passwords or sharing user accounts) and security plugins can resolve this issue. Wordress 3.8 forces users to choose a strong password but there are several other plugins that can help to increase security:

Limit login attempts to prevent access by brute force attack

File Monitor Plus will monitor any changes to the WordPress files

Better WP security is a great all-round security plugin and includes numerous features to prevent unauthorized access to client sites.

Again, managed WordPress hosting is an excellent preventative measure for more secure WordPress sites

The Importance of Backups

Whether a client site breaks because of a security breach, a failed update or a client tinkering with code, backups are vitally important to restore the site to how it was before it broke. If you provide a maintenance package to clients, you should provide backups as part of this service and of course always do a full backup before you update any code or do any major changes to the site. If you are handing over a site in its entirety to a client, it’s vital to impress on them the importance of regular backups and show them how to perform them.

If you’re not providing regular backups to clients it’s best to either use managed hosting or install a plugin like BackupBuddy to schedule and perform site backups automatically.

Drawing the Line

There’s no clear answer about how much power you should give to your clients and you’ll have to decide yourself where to draw the line between giving them autonomy and protecting the site you built. However by taking a few of the preventative steps above you can at least limit the effect of damage and recover quickly from any client mistakes.

It’s also important to talk clients through updating and maintaining their site, especially if they’re not familiar with WordPress. In many cases, some basic user training will prevent any accidental damage to the site. In my next article I’ll be covering some best practices for creating a user guide for a new client site so that you can give them the power of WordPress in a more controlled and managed way.

Photo credits: Sybren Stüvel / Dave Bleasdale