What access should you give your client to their WordPress Site?


You have built a beautiful site for your client, spent countless hours, days, in fact, perfecting every aspect and fulfilled the brief completely. It’s time to go live and your customer wants access to the back end of the site.

The question now is how much access do you need and want to provide them?

If you have not included maintenance of the site as part of the design cost then you need to provide a full administrator access to the site.  You have designed the site for your client and it is their website.  Always provide your customer/client with 2 logins – 1 with full administrator access and 1 with a more restricted level of access allowing changes to content and not settings.

The WordPress Roles

The first thing you need to understand is what each WordPress role allows the user to do:


The administrator role provides the user with full access, to everything with no restrictions.

The user has control over everything all the content and all settings.


The Editor role provides the user with access to everything post and page related but not control over plugins, themes, widgets, and menus.

The user has control over all the content but not settings.


The Author role allows the user to control their own content. They can’t change other users content, it means they can’t change the pages that you have created and they have no access to settings.

The user has control over their content, not any other content and no control over settings.


The role allows the user to create content but not publish it.  It has to be approved before it can be published.

The user can create their own content but not publish it, no access to other content or settings.


The Subscriber role only allows the user to comment and create a profile on the site.

The user has no control over any content and no access to settings.

Other User Roles

Depending on the type of site you have created for your customer and what features you are using you may find that other roles are created.  For example is you install Woo-Commerce you will see additional Customer and Store Manager roles.  If you add the Yoast SEO plugin you will see the SEO Editor and SEO Manager roles.  These roles and their capabilities are not covered in this post.

What Role Should You Use?

In the majority of cases, you will want to provide your customer with the Author role.  This role will provide your client with control over their content, they can create posts but they can’t make changes to the pages that you have loveling created.

The only other role I would provide a client is the Editor Role.  This will enable the client to make changes to any page or post on the site, in short, they have full control over the content of the site.

When providing access to the site I always provide the client with the lowest level of access I can give them.

Why restrict access?

If you are providing maintenance as part of the process then you don’t want your client making changes to the settings and breaking the site.  A broken site is going to get lots of phone calls and cause you more problems than an email with a list of changes.

Clients will unwittingly break things – I read an article where a client thought they could change their domain name just by changing it in the WordPress settings. They didn’t know it would break the site.

You don’t want them being able to install or delete plugins or even worse changing the theme.

You want your client to come to you if they need a change to a page, or need a new page. You want your client to come to you if they need more functionality or a new plugin.  You want to be able to carry out changes in a controlled, managed way.  After all, it is why they are paying for the maintenance and support fee.

Managing Change Requests

Putting in place a maintenance and care plan and restricting access you need to understand that you will get more calls and more emails requesting changes and support.  It is a good idea to look at a system to manage changes, look at a help desk/customer support application such as Zendesk.

What if my client insists on administrator access?

Some clients will insist on having administrator rights even when you have a maintenance and care plan in place.  As suggested at the top of this blog, I would suggest setting them up with 2 logins, one for administrator access and one for content access.

Explain that they should only use the administrator login if they really need to. Make sure you implement a plugin that records logins and changes. Let your customer know that if they break the site while logged in with the administrator account repairing it may be chargeable and remind them that they are paying you to implement changes in a controlled way.

How we can help

We can provide you or your customers with a maintenance / care plan. We can carry out changes to the website as and when the client requests it.  The changes we make are the minor changes to text, logos, graphics etc.  We  will always liaise with you if we receive a request to change plugins, themes or major changes to layout.

We can even provide this service White Label so your client need never know we exist.

Find out more about our Agency and Developer services and our white label service:

Agency & Developer Services  White Label Service

More to explorer

Leave a Reply