https://www.wpwhitesecurity.com/how-to-vet-employee-before-granting-admin-access-wordpress/
In the grand pantheon of nerve-wracking activities that go into growing a business, handing out admin access to someone else might not seem like a top-tier contender, but it’s actually a very awkward milestone — particularly if you’ve previously run everything yourself. Your WordPress website is your creation, the product of your hard work. Ceding some control might be necessary, but that doesn’t make it any less uncomfortable.
To alleviate this discomfort as much as possible, and to avoid the troubling prospect of someone abusing their access to sabotage your business (or simply damaging it through incompetence), it’s vital that you vet an employee thoroughly before you give them keys to the castle. It’s particularly vital for WordPress given how intuitive it is: while it’s useful that someone with little technical knowledge can make changes, it can also inspire false confidence.
To that end, let’s look at the steps you should take to confirm that you’re comfortable granting admin access to an employee.
Look into their background
Since you’ve already hired them, you’ll presumably have a fair degree of confidence in their relevant skills and reliability, so there’s no need to aim for a full-blown background check. Rather, this is about trying to assess how ready they are for the responsibility of having that kind of input — a good worker won’t always prove a responsible admin.
Have they worked in a high-level position before? Been given control of any projects? If so, how did those situations fare in the long run? If they coped well, or even proved innocuous enough, that should be somewhat reassuring. But if you find from previous employers (or just general life precedent) that they can let power go to their head, you’ll need to judge for yourself whether they’ve changed enough since those events to give them another chance.
Remember: even if they can be trusted, they might not have the discipline to meet whatever security standards you strive for. Do you want to encounter problems a year from now because the person you trusted with your admin details left them on a post-it note in a coffee bar and never told you about it? Good intentions only go so far.
Give them a basic WordPress setup test
Since it’s quick, easy and (if you already have hosting) free to set up a WordPress site, a great option for vetting someone’s viability as an admin is to make them an admin of their own small site. Give them a specific brief to configure it in a certain way, and monitor them as they go. Do they install hundreds of unnecessary plugins and sink the performance? Do they give their friends access without informing you? Do they forgo updates and produce messy content?
Not everyone who runs a website is going to need to write content for it, of course, but the point is that they have the capability to do so. In the event that it’s necessary to do so, they might be the only person around with the necessary access, so you need to know that they at least understand the basic requirements of a solid website.
Have them make changes under your supervision
If you’re comfortable with their track record and they’ve handled a test site well, you can start setting them small tasks for your main site, then allow them admin access under controlled conditions so you can see up-close what they do. This is about seeing what they do when they’re uncertain. Do they simply try things to see what will happen? Do they look them up first?
If the former is the case, then that’s a risk. There’s nothing inherently wrong with being the sort of person who prefers to try things they’re unsure about with the intention of fixing them if they go wrong, but such a person isn’t a good fit for an admin role of a live WordPress site. If you run a business, your website may be your livelihood. It may even be the entirely of your business. And while the loss of some analytics stats, for instance, might not bother you hugely, remember that if you eventually decide to sell up and move on, that gap in your metrics could hugely devalue your site.
Gauge their investment in the company
Though it’s standard practice for a new employee to assert their intention to remain with their new employer for years to come, the reality of the world is that it’s unlikely to happen. In fact, as time goes by, business people are more closely resembling professional mercenaries. Because of this, loyalty is a very hard thing to find, and you must carefully assess your employee’s interest in staying with your company for a long time.
On one hand, there are those who are highly ambitious and entrepreneurial, but don’t care for your business in particular — instead of giving them admin access, view them as temporary resources. And then there are people who will feign loyalty until something better comes along, at which point they’ll jump ship, and might be spurred to do something irresponsible in their haste to leave.
On the other hand, some people just want to be steadily paid, not rock the boat, and get on with things. Those people can likely be trusted, because they won’t want any drama. And of course it’s entirely possible to find an employee just as excited about the future of your business as you are, in which case they may be just the right person to join you on the admin team.
The post How to Vet an Employee Before Granting Admin Access on WordPress appeared first on WP White Security.
Source: Security Feed