9 Ways to Protect Users and Clients from Breaking Their WordPress Site
Everyone makes mistakes from time to time. It happens. But when the mistake occurs within a website that you put a lot of time and effort into building, it can be frustrating to go back and re-do your work, no matter how minor the issue.
As a WordPress developer, you know the platform inside and out. You’re also familiar with the types of issues that can arise within it. Because of this, you’ve probably already added some tricks to your overall workflow in order to mitigate and quickly resolve problems if and when they arise.
So, what do you do with the issues that crop up outside of your development process? Do you wash your hands of the website once it’s handed over to a client and wish them luck? As a professional, you know that playing the “it’s not my problem now” card isn’t going to win you any fans. You also know that maintaining relationships with your clients (current and former) is essential to your livelihood in this business.
If something should happen to a client’s website after you’ve completed work, you should be willing to step in and resolve the problem immediately. Or, better yet, you should have additional steps built into your own workflow that will save clients (and yourself) from ever encountering those issues in the first place.
WordPress User Errors and Why They’re Your Problem
Let’s face it: your clients aren’t going to be WordPress pros. That’s why you’re getting paid to develop their website in the first place.
Now, let’s say you are an in-house employee building a website for your own company or that you’ve been given a retainer to manage your client’s website post-launch on an as-needed basis. You’d be pretty annoyed if the president, marketing admin, or anyone else at the company came to you and said, “Whoops! I think I broke something.” Imagine how it would feel if you had completed work on a website, closed out the contract, and the same thing happened.
Some clients won’t understand that if the fault is theirs, that they need to compensate you to fix it. So not only are you left having to fix their mistake, but you have to try not to lose money and time while resolving it.
No matter how this plays out for you as a developer, it’s a tough situation to be in. You don’t want to tell your client (or boss) that they made a mistake and you don’t want to lose time on another project in order to fix it.
But what can you do?
WordPress User Errors: Slips vs. Mistakes
The first thing you need to understand is why the most common types of errors occur with a WordPress website. Most website developers would classify errors into two categories:
Slips: Slips are the type of errors that occur when a WordPress user—usually an expert developer—just forgets to do something or close a loop somewhere. If you think about it, you work on website after website… At some point, they’re all going to blur one into another and eventually something is going to slip through the cracks because you’re working on autopilot. That’s why it’s important to be diligent about working from a checklist to ensure that all the i’s are dotted and the t’s are crossed with every project.
Mistakes: Slips are easy enough to fix since they usually occur somewhere during development. As long as you follow a consistent and thorough process when building a website, it should be easy enough to trace your steps backwards to the error. Mistakes, however, usually stem from WordPress users trying to accomplish a task, but not truly understanding how to execute it. These can be tricky to resolve since the users can explain what they were trying to accomplish, but may not have any idea what they did to cause the problem.
Mistakes occur for a number of reasons:
- A user has incomplete knowledge on how to execute a task.
- A user has admin (or some other higher level) access to WordPress when they shouldn’t.
- A user didn’t double-check his or her work before saving the changes.
- A user has too many options to choose from.
What all this comes back to is the fact that your clients are probably not equipped with the knowledge and training in WordPress or website development to fully manage their websites on their own. This also means that they’re definitely not able to fix any errors they cause either, so the onus will ultimately fall on you.
WordPress User Errors: Why They’re Your Problem
Reworks suck, especially when you weren’t the source of the problem. However, when WordPress access goes unchecked or clients are given access to parts of the website backend that they don’t know how to properly use, it’s inevitable that something will go wrong.
As a developer, you’re ultimately responsible for what happens to the website. Why?
- Because you built it. That’s your baby. And you should take pride in keeping that baby running in tip-top shape.
- When you’re willing to go the extra mile for your clients, you’ll reap the benefits in the long run (through word-of-mouth, additional projects, etc.)
- By keeping your portfolio in good working order, you’re helping to enhance your professional reputation as a developer.
- In the case that a client should cause serious damage to their website and is unwilling to take responsibility for it, you may find yourself becoming liable for the damages (which will not only hurt your reputation but your wallet).
- By taking responsibility for the website in its entirety, you’ll see the value in doing extra work during the initial build to save yourself time and money on reworks later.
So are website errors post-launch and post-client handoff the developer’s responsibility? Yes. Definitely. You can’t expect clients (or anyone else granted access to the backend of the website) to understand web design, web development, or even the platform itself. By taking extra steps up front, you can ensure your websites stay (reasonably) safe from user error.
Pre-Launch Checklist for Preventing User Error
Novice WordPress users (i.e. your clients) are going to be clumsy and hasty in making changes. They paid you to build their website because 1) they don’t know WordPress and 2) they don’t have time to do it themselves. That’s why you shouldn’t be surprised if they don’t bother to take the time or care when making changes to their site later on. They know you’re going to be there for them, so why not protect their website (and yourself) now?
Here is a pre-launch checklist you can add to your pre-launch development process. Your clients will be better prepared to manage their own sites and you’ll be able to keep them safer from potential and easily avoidable user error:
Step 1: Include a WordPress Tutorial
Before handing a newly created website over to a client, make sure you have WordPress reference material you can share with them. It’s not your job to teach them how to use WordPress or build a website, but you should have some sort of tutorial or guide that they can quickly reference in case any simple questions come up down the road.
Our suggestion would be to develop a (self-branded) guide of your own that will cover the basics: “Here is where your blog posts reside and here is where your pages are,” “Always hit Save, but don’t click Publish unless you’re absolutely sure those changes are ready to go live,” etc. You can then use this guide for any and all clients going forward. You should also install the Sidekick plugin to ensure your visitors receive real-time WordPress guidance when they need it.
Step 2: Provide Training Post-Launch
In addition to providing your clients with a WordPress reference guide, you should also plan on walking them through the CMS in real-time. If you don’t work on-site with your client, you can use a free program like Join.Me so you can share your screen. Make sure you show them the following:
- How to log in with the credentials you’ve created for them.
- A review of each of the menu items they’ll need to or want to use when managing and updating their website.
- An explanation of their capabilities. Are they an admin? What does a subscriber do versus an Editor? Make sure they understand their particular role’s function and how to assign them to other team members.
- Demonstrate how they can preview changes before committing to making them live.
- Show them how to use the tutorial or guide you’ve left for them if they should have any questions.
Step 3: Put Yourself Front and Center
As a best practice, every web developer should be giving their WordPress website a personalized backend design. By branding the WordPress interface, you’re not only providing clients with a value-add (because, let’s be honest, you don’t have to do this), but you’re also keeping your presence top-of-mind.
With a plugin like Ultimate Branding, you can create customized messages and modules in the dashboard, too, which would be a great place to include that tutorial you created for them.
Step 4: Bolster Security
Can you trust your clients to maintain strict security standards when using their website? No, probably not. So rather than wait around to find out that they’re using a generic “admin” login and “1234” password, enforce stricter security standards that they have to abide by from the get-go. Two-factor authentication, bcrypt hashing, and strong passwords shouldn’t be optional.
For information on how to set this up ahead of time, check out these ten tips or our post WordPress Security: The Ultimate 32-Step Checklist .
Step 5: Automate the Backup
Your clients are going to be concerned with the idea of securing their websites, but they’re probably not going to know how to keep it safe or they’re not going to think they need to worry about it right now. You know that data can get lost or stolen at any moment and having a site that’s regularly backed up isn’t optional.
If you don’t want to have to deal with rebuilding a website or redoing recent changes because there wasn’t a backup in place, give your clients a system that will automate the process for them. The Snapshot Pro plugin can help.
Step 6: Automate Updates
Automation is a wonderful thing for developers. You set up a process to manage itself the way you want it to, and then you just let it run in the background. That way you never have to worry about whether your clients have upgraded to the right version of WordPress or if they’ve kept their themes and plugins secure by making regularly requested updates.
If you’re a WPMU DEV member, you can update your plugins and themes from The Hub. Otherwise, the Easy Updates Manager plugin is worth checking out. If you’re looking for a tool to help automate this process and also give you the ability to control who can and cannot make updates to themes or plugins, definitely get this one.
Step 7: Restrict File Permissions
If your clients plan on making updates to their website in the future and they haven’t sought out the help of you or another developer in making them, the hope then is that the changes are so minor that they don’t require any updates to coding. However, leaving website files—especially the wpconfig.php file which should always be moved above the root—out in the open for a user (or hacker) to accidentally stumble upon and try to make changes to is a recipe for disaster.
WordPress’s codex provides some helpful guidelines you can follow when assigning the proper permissions.
Step 8: Restrict User Access
When it comes to restricting user access in WordPress, some would argue that it’s as simple as going to the Users tab and updating their role and rights. However, those pre-set rules aren’t always enough.
If you want even more control over user access and capabilities, check out the Members plugin.
If you want to control who can use the Visual Editor, give Disable Visual Editor a try.
If you want to control the different types of content (posts, pages, categories, media, and more) that can be accessed, Advanced Access Manager will do the trick.
Step 9: Limit the Admin Dashboard
There may come a time when you need to issue admin rights to a user in WordPress. When that time comes, make sure you have a way to customize their access so they only have access to what they need. This will enable them to make the updates they want while giving them a more streamlined and easy-to-use WordPress interface. The Adminimize plugin will give you the power to customize the backend menu for your WordPress admins (and other users).
Think of your clients and others who have access to the backend of your website like you would hackers. Obviously, their goal isn’t to take down their own site or intentionally wreak havoc within the backend, but it could happen and you need to be prepared for it. Rather than wait to react when an error does occur, put a proactive plan in place while you’re developing websites. By establishing a system of helpful user constraints and useful guidance, you can set your clients up for success.
Remember: it’s not just your job to protect their website from external harm, it’s also your responsibility to protect your clients from themselves.Tags: