How to Grant Your Web Company Access to Your Digital Assets

How to Grant Your Web Company Access to Your Domain

We’ve already talked about the importance of creating passwords that won’t leave you vulnerable to attack, potentially exposing your business and personal data. Now, we need to discuss smart alternatives to sharing your passwords with others – including web companies like us when they need access to your domain.

Obviously, web developers need access to your website to do their work. But you need to grant access in a manner that protects your security. Here’s why it’s necessary to give access and ways to do it safely.

The Importance of Granting Access to Ensure a Smooth Web Development Process

Granting proper access is crucial to ensure a smooth web development process for several reasons. Depending upon the project, the developer may need access to some or all of the following:

• Access to Code Repository – To commit code changes.
• Access to Testing/Staging Servers – To test features and fixes.
• Access to Production Servers – To deploy code changes.
• Access to DNS Records – A must. It’s required during development and for configuring domains.
• Access to Website Analytics – To provide data to guide development priorities and track impact of changes.
• Access to Third-Party Services – To keep them seamlessly working with your site.
• Administrative Access – For tasks like setting up development tools, databases, and servers.
• Network Access – To integrate third-party tools and access resources needed for web development.

Ideally, your method of granting access to your web developer allows you to control their level of access. That is, you’re able to specifically control what they do and do not have access to.

Different Methods of Granting Access

Let’s consider the good, bad, and the ugly (in reverse order!) ways to give your web developer access to your website.

[DON’T] Share Your Credentials – The Ugly

Let’s start with the method of granting access that you must absolutely NOT do: Give them your login credentials. Why? Do you really want to share your passwords with anyone, no matter how much you trust them? Of course not, but there are other reasons why this is a colossally bad idea. We’ll explain, but let’s first mention the next option for granting access.

Use a Password Manager – The Bad

Password managers like bitwarden, lastpass, or 1Password have options that allow you to “give” your login credentials to someone else without letting them see your password. Access granted through a password manager can be also revoked through the password manager. Those two features make this a better option than handing your password over to someone else, but we’d still caution against this option.

When you give someone YOUR login, you take away the ability to revoke access easily and to track changes effectively. Say your web developer makes a mistake or breaks something on your site. When you share login credentials with them, all logins using your credentials are technically you. You have no way to prove that the mess was made when they were logged in with your credentials – i.e., as you! Therefore, it’s a security and safety measure to give people their own access. Which brings us to….

Add Them as a User – The Good

At first, this might sound like the worst of the ways to grant access but hear us out. You can add your web developer as a new user through your cpanel or cloud platform (e.g., Google Cloud Platform). This allows you the ability to log in with their own set of credentials – which makes them not you when they log in. It also allows you to restrict their permissions to specific functions and to revoke their access at any time by removing them as a user.

Let’s examine why adding your developer as a user is the only way you should grant access, as well as how to do it with some of the most common options.

Best Practice for Secure Access

This method protects you, your passwords, and your site.

The key is granting the access needed to do their job without compromising security. You can make sure to restrict the accounts only to needed privileges. For example, start with the minimum and increase permissions as required. Also, as mentioned above, you can remove their user account when the work is done (though you should keep your developer on retainer for maintenance!). More importantly, you can give them the heave-ho at any time if you’re no longer satisfied with their work.

We want to share our preferred option for doing this, as well as point you to other common tools you may have access to.

Services that Allow You to Add Users Securely

There are a variety of website services that offer the option to add users safely. Being able to control what added users can access plus the ability to also remove them as users when the work is complete (or something goes wrong).  Here is a list of some of the most well-known and used services that provide these options. 

•  Cloudflare (Which happens to be our preferred CDN service!)
• Stripe
• GoDaddy
• Bluehost
• Google Workspace

If you use one of these services, as Glinda the Good Witch would say, you’ve always had the power, my dear! Unlike Dorothy, you don’t have to learn it yourself because you have us!

Each of these services allow you to create users in slightly different manners, so check with your specific provider to determine how to create the secure user account(s) you need. 

If you don’t use the options we’ve listed, check with the CDN (content delivery network) or domain registrar you use to learn more about creating users to keep your site and your login credentials secure.

At the End of the Day

It can be confusing for the average user to know how to do things like grant access securely to web developers or others who need to access your website, Google Analytics, and other digital assets. Have a question about how to create an account through the services we listed? Or one about how to determine if you’re using a different service that allows you to add users? Drop it in the comments and we’ll get back to you!