If you operate a business or manage large projects you know how important a multi-user environment can be. In this post, I’d like to give some tips and tricks on how you can operate a website safely using WordPress’ built-in tools and some advanced features MyKinsta offers you.
The Benefits Of Multi-User Environments
There are two main benefits that arise from the ability to access software with different user levels:
If only one user has ownership-level access to your hosting account while all the other users have reduced permissions you are mitigating a large portion of risk. Every user has access to what they need and nothing more.
Looking for ways to improve your WordPress development workflow?
Trust in your users is only part of the issue. Each user has third-party logins that could affect any service – chiefly their email. If someone hacks a trusted employee’s email they could disrupt your application.
Let me give you a real-life example to put my money where my mouth is. We use Stripe for our payment processing here at Kinsta. We do of course have an administrator account but instead of many of us using that account, we seldom use it at all. Everyone has their own account – some of us use higher, some lower-level accounts. This has nothing to do with what data a user can theoretically know about, it’s about what data they use in their every-day job. The administrator account is only used if we need to do something administration related.
As for convenience, giving everyone the access they require can ease their job. If you give a user Billing access in MyKinsta they will not have access to sites, analytics and other data at all. They just see billing related items like company settings and invoices. Reducing the noise allows billing users to do their jobs more easily. This is also handy in an agency situation where your accountant shouldn’t necessarily have access to site details.
Hosting And WordPress Accounts
Managed WordPress hosting can be a little different from other applications because you are operating under two distinct and different software systems. Access to your hosting dashboard (MyKinsta for Kinsta) should usually be restricted to a much smaller set of users than access to your WordPress admin. You may have scores of writers, proofreaders, editors and developers but in most cases, they won’t all need access to your hosting environment.
Setting Up A Good Multi-User System In MyKinsta
In this section, I’ll give you some recommendation through MyKinsta but the general principles can be applied to any hosting environment. The first order of business for any permission system is to familiarize yourself with what’s available.
In MyKinsta we offer company and site level users. Company-level users can access company-level information while site-level users have access to individual sites only.
We offer three permission sets at the company level. Company administrators have access to everything, including all sites. Company developers can manage all websites but don’t see company billing or settings. Billing users only have access to company settings and billing information.
Site-level users can be site administrators who have access to all site environments (live and staging) or site developers who only have access to staging environments.
For more information about our user levels take a look at our Knowledge Base article about how my Kinsta roles work.
With that in mind you can set up your users with the correct accesses, here’s what we recommend:
- If you own the company you should be a company administrator designated the owner. This is a special designation which allows you to delete your company.
- If you have a trusted manager such as your main business partner or COO you can make them company administrators so they can manage your business for you.
- Your accountant or CFO can be set as the billing user to access all invoices and nothing more
- If you have a main developer or a CTO you can make them company developers. They will be able to manage all sites without needing to worry about company details or invoices
Depending on how your business is set up you’ll want to invite site-level users differently. Here are some scenarios to consider:
- If you are a full-service agency managing all aspects of client sites for them you may not need site-level users at all. If you have a couple of devs working on all your sites it may be worth making them all company developers.
- If you have a huge team tending to hundreds of sites it may be a good idea to give specific users access only to a subset of your sites. This mitigates the risks of having access to unnecessary sites while also cleaning up the view for the developer.
- If you are training a developer to join your team you could give them site developer access to your sites. This would allow them to manage staging environments only. Any mistakes made will not have an effect on live sites.
- If you own a site and have just hired a developer you can give them site developer access until you are happy with their work. You could also keep their access at that level. When finished you can simply push your staging environment to live with one click. Your developer can then continue work on the next version using the staging environment
We’ve added a couple of bulk actions to make sure you can get everything set up in as little time as possible. The two most important ones are adding multiple users to a site and how to remove users from sites. See the links for descriptions and videos.
Using WordPress User Roles
If you use MyKinsta’s multi-user feature in tandem with WordPress’ built-in roles feature you are greatly reducing risk. The same general advice from above applies to WordPress. By default WordPress offers the following roles:
In this post, we give you a good explanation of what each one does. In a nutshell: administrators can do anything. Editors can manage all posts while authors can only manage their own. Contributors can write and manage their own posts but can’t publish. Subscribers can only manage their profile.
At Kinsta we give our authors the contributor role because publishing is done by the marketing team. Some authors, particularly those on our non-English sites like the Spanish blog may receive the editor role. This is because they may need to do small edits to posts which we couldn’t do otherwise due to language barriers. Even so, these are trusted partners, a typo if preferable to a security breach.
Administrator privileges are only given to a couple of people to make sure we have someone online at all times who can manage all settings if needed.
If you need to modify the default roles or want to create your own you can do so via custom code or plugins like User Role Editor. These methods give you granular control over your whole website.
Further Good Practices
Roles and permissions have nothing to do with a person’s hierarchy in a company. Don’t insist on having an actively used admin account everywhere because you are the CEO. In other words: don’t let your ego dictate your permissions.
At Kinsta we use GSuite and 1Password. Gsuite is great for being able to reset passwords to any company email account in an emergency and 1Password is great for storing login credentials. This way if a manager really needs to he can gain access to most accounts without having to operate an administrative account for each service we use.
Make regular security sweeps. Organizations change quickly and forgetting to remove someone from a project is not uncommon. Security sweeps ensure that everything is current and secured. On the website, we do a quick sweep every couple of months. If a user with the author role hasn’t written any posts for a while we’ll make them a contributor. If they start writing again they’ll let us know and we can me a decision about the update then.
The Future Of MyKinsta Multi-User
We built the multi-user feature from the ground up based on interviews conducted by our UX team. We solved the most common cases that came up and we think we’ve made something that every user will enjoy. We’ll continue to listen to feedback and improve this corner of MyKinsta, just like we have improved other systems.
We’re particularly interested in catering to the needs of agencies, if you have any thoughts, ideas or comments let us know. Log into MyKinsta or grab one of our plans now to get started. Multi-user is enabled on all our plans out-of-the-box.