We often take over existing WordPress websites and need to gain access to either troubleshoot, enhance or migrate them to new hosting. This article goes over the main types of access needed and how best to provide those to us.

Good: WordPress Dashboard (a.k.a. WP Admin)

The minimum required access is an Administrator role user for the WordPress Dashboard. Generally we provide an email and username to use (ask your developer or PM for details) then use that to setup individual logins for staff.

This level is generally enough for tasks like installing plugins, troubleshooting minor issues or migrating smaller sites to new hosting.

If you’re unable to add new users (e.g. you’re not an Administrator yourself) we’ll need to keep going.

Better: WordPress Dashboard & S/FTP Access

Remote filesystem access (or “FTP Access” as it is commonly called) gives us direct access to the files on your website. Depending on the host this may be called:

  • FTP Access – while the FTP protocol itself is outdated and insecure, many systems still use this moniker to indicate remote file access. Quality hosts support FTP over SSL/TLS – which uses the same encryption as your website to encrypt the transfer session. Insecure FTP should generally be avoided as your username and password are sent as plain text.
  • SSH or SFTP Access – Rapidly becoming the norm – this types of access is far more secure than FTP.

This information is often in your “welcome email” from your web host, or can be configured (e.g. the password reset) in your control panel. If you don’t know where to find this, ask your web hosting company’s support team.

Once we have this access, we can manually create an administrator user to gain full access to your site.

Best: Control Panel Access

Most web hosting accounts come with a control panel of some kind. Common vendors are CPanel, Plesk, DirectAdmin, etc. Others have custom built or white-labeled control panels. Providing us with access to your web hosting control panel allows us full control over your server — which means we can generally set ourselves up, and most efficiently troubleshoot issues.

Providing Access Securely

Before you email us any of the above credentials — please don’t! Email is not secure.

We recommend using OneTimeSecret (it’s free) — which allows you to email us a one time use URL and optional (but recommended) passphrase to keep your secrets… secret!