Do You Hide Features to Stop Clients from Breaking Their WordPress Sites?

This week, while answering questions in a WordPress forum on Facebook, somebody asked:

What is the best way to give my client access to update content but not give them full control of the WordPress Dashboard?

I've been asked this question many times in the past, and here is how I typically answer it:

Rather than try and block the site owner from being able to see the entire dashboard, instead, bill the client for a training session and demonstrate how to use the functions they need to perform. Then, be sure to explain any issues that may cause trouble for the site if they make changes without knowing what they're doing.

Without fail, the response is always, “Yeah, but my client is going to break the site!” While that may very well be the case, hiding features from your client is a slippery slope.

But what could go wrong?

For more than 20 years, I've been building websites for clients. I have plenty of stories about the crazy ways they have broken their websites. But a broken website should be the least of your worries. Let me share a little story from my days of running a WordPress agency.

An email came in from a guy in a panic: “My website isn't working right. The guy who normally works on my site is on vacation and this can't wait. Can you help me?” I took a quick look and knew he could solve his own issue in a few minutes by adding a plugin. I linked him to the plugin, told him to install/activate it, and he would be all set.

When he wrote back and asked me how to install a plugin, I gave him some simple-to-follow instructions. “On the dashboard, click the link on the left that reads ‘Plugins.'” He responded by saying, “I don't see that link.” That seemed odd. That was red flag #1.

I asked him to create an Admin User account for me. He said he couldn't. That was red flag #2.

I asked him to send me his login. I used it to log in and found that he had a really odd-looking menu. On one hand, it looked like he had an Admin level account. But on the other, he was missing some key links.

He could not add Users. He could not add plugins. But he did have access to change themes and widgets. I was very confused. That was red flag #3.

Eventually, he was able to get me access to the cPanel. I looked in the database to find that his account WAS, in fact, an Admin level account. Now, I was not just confused, but I was concerned that something was very, very wrong. That was a MAJOR red flag.

After some digging, I found a chunk of code that basically said: “If the user is the client, hide these links.” When I shared my findings to the client, he explained that when issues would come up with his site, he would contact his developer who would charge him a couple hundred bucks to solve a similar issue. He thought that was just how WordPress worked. He had no idea he should have been able to do these things himself.

So let me ask you, was the developer being malicious? Or, was he just trying to keep the client from breaking his own WordPress website? Honestly, I have no idea and neither did the client. He asked me to remove all access for the other developer immediately, which I did.

On that day, the developer broke something far worse than the client's website. He broke the client's trust. 

Should you teach a man to fish?

Over the years, I've had the opportunity to mentor a number of small business owners and freelance developers. When talking about what keeps them up at night, losing clients is high on their list. So it's understandable that they initially have a visceral reaction to my suggestion of teaching their clients how to be self-sufficient.

One of the most valuable business tools I use these days is called DropShare. It's a simple Mac app that lets me take screenshots and record screencasts and instantly upload them to a server and copies the links to the files to my clipboard. So, when a client asks me to do something that I know they can do themselves, I will hit record on a screencast as I make the change for them.

I bill them for my time and when I email them to say the task is complete, I provide a link to the video. And, if it's a task they may need to perform again in the future, they now have a resource they can use next time they need to do it. I figure that sharing these short video tutorials saves me from answering about 1000 emails each year.

Oh, and here's a little secret: your clients don't want to spend their time working on their website. They have their own business to run. What I have learned over the years is that the more I teach my clients how to do something for themselves, the more comfortable they are to pay me to do it for them.

But, to answer your question…

I want to go back and answer the original question, “What is the best way to give my client access to update content but not give them full control of the WordPress Dashboard?” Here is how I would go about it.

  1. Create two WordPress User accounts for the client: the first User account with Admin level privileges and the second with Editor level privileges.
  2. Invite the client to a video conference where you can perform a screen share (I use Zoom) demonstration. Note: I prefer a video conference over meeting in person because the session can be recorded and the recording sent to the client to watch a second or third time, as needed.
  3. On the call, log into the client's Admin level account and show them the basics: how to add a User, how to add/remove a plugin, how to view stats, tweak settings, etc. It's important to explain the elements that can “break” their site, but it doesn't need to sound like Armageddon, either.
  4. Next, log into their Editor level account. Show them how to do the things they need to do on a daily/weekly basis, like writing posts or updating their profile, whatever the case may be.
  5. Explain that they should use their Editor level account for 99% of the work they'll do on the site and that by using it, they are less likely to do anything that would accidentally break their site.

Transparency leads to trust.

While working with the team at Revelry Labs, I was immediately blown away by how they work with clients, I ended up writing a blog post about transparency when working with clients.

The main takeaway:

  • By being transparent with the client, you build trust.
  • When a client trusts you, they stay with you.
  • When they trust you, they tell their friends about you.

Continue to build trust with your clients and you will never need to worry about them looking elsewhere.