If your client can break their site through the dashboard, you’re doing it wrong. WordPress makes it really easy to lock down access to mission critical functionality.
Here is how to lock down the Dashboard for your clients out of the box with WordPress:
Give clients ‘Editor’ roles
The ‘Editor’ role allows the client to:
- create a post ( a post can be in any post-type, i.e pages or custom post types too)
- edit their own post
- publish their own posts
- edit other’s posts
- publish other’s posts
It removes access to:
- the code editor
- most plugin options pages
- the site’s customizer
Simply setting your clients up with this access limits their capabilities to just posting and editing.
But if I don’t give clients Admin access how can they keep the site updated?
There are many options to keeping their site updated without giving them Admin access.
Use a Site Management Dashboard
Both plugins’ free versions have:
- a centralized dashboard to manage multiple sites
- one-click updates for plugins and themes
JetPack allows you to auto-update plugins as well.
The premium versions of JetPack and ManageWP do daily backups of the site, secure it, and other features for just a few dollars a month.
If you’d rather not manage the sites in any way, WordPress has the functionality to allow auto-updates on themes and plugins.
To turn this on just add the following to a child-theme’s functions.php file or, even better, in a plugin file:
add_filter( 'allow_major_auto_core_updates', '__return_true' ); add_filter( 'auto_update_plugin', '__return_true' ); add_filter( 'auto_update_theme', '__return_true' );
The first line allows automatic core updates. This is redundant because sites usually already have this feature turned on.
The second and third lines allow auto updates for plugins and themes respectively.
If there are select plugins you don’t want to automatically upgrade, check back for a plugin review on Update Blocker by Rarst.
Take Some Precautions
I strongly recommend using a backup service to regularly back up every site.
If you go with the automatic updates option, it should be fine most of the time. But sometimes the updates may break the site. Having backups is crucial to recovering from a breaking update.