If you’re a WordPress developer and designer, you’re in the service industry. Thus, one of your primary goals should be to achieve customer satisfaction.
Sometimes this means giving customers some leeway to “get their hands dirty” and feel actively involved with their site’s development.
Other times, it’s about protecting customers from potential pitfalls that you can see coming at them from a mile away, but they might not even know exist.
The best solution is to join the two: leverage WordPress’ ease of use to give your customers ownership of their site, while putting up some virtual electronic fences to keep them away from the danger areas.
This can create a more valuable relationship between you and your clients in two ways:
- If customers feel comfortable making small, simple tweaks themselves, they won’t have to flood your inbox with such requests.
- If customers are restricted from areas where one wrong keystroke can cause a white screen of death, you’ll reduce the amount of emergency phone calls you receive.
With this in mind, here are three simple actions you can take to keep your WordPress clients out of harm’s way. (And you don’t even need to tell them.)
1. Turn The WP-Admin Editor Off
While intrepid initiative from a new WordPress user is to be commended, there are certain caverns of any WordPress install that should not be ventured into alone by greenhorns.
Clearly the core WordPress files fall into this category, but most new WordPress users aren’t venturing there.
Theme and plugin files, however, don’t seem to scare the less code-savvy user away quite as easily. A major reason for this is because they can be accessed so easily from the dashboard.
For this reason, turning the WP-admin editor off can be a great way to protect your customers from themselves. In addition, it adds an extra layer of security in the event of being hacked.
Read more about how to do this here at the WordPress codex. Here’s the relevant code snippet you’ll need:
I am no coding expert, but I have gained a decent working knowledge of basic theme and plugin files over the years. So I would feel comfortable viewing and even editing them from the dashboard editor. Still, I’d never actually do it.
WordPress files should be viewed and edited via FTP, where a catastrophic error can be easily reversed using the Undo function. The WP-admin editor does not provide this basic but necessary capability.
And an error in a theme or plugin file can create the Catch-22 situation where an error is introduced into PHP that blows up the entire site, leading to an inaccessible dashboard to try and fix it.
You can eliminate so many of these potential headaches by just disabling the dashboard editor.
2. Permission Out the WP-CONFIG.PHP File
You and I know that one of the easiest ways to create a white screen of death or fatal database error is to make a mistake in the core WP-Config.php file.
Less experienced WordPress users, however, may not understand the care that needs to be taken when editing this most precious of WordPress files. So it makes sense to restrict access.
The best way to do this is to set permissions to read-only by owner or group (400 or 440).
With read-only set, your clients will not be able to get in and make changes to their WP-Config files, should they ever want to. Yet another potential emergency 3 am phone call averted!
3. Keep A Known (and Good) Backup
The value in keeping a solid backup that is known to be good, and that can be called upon at a moment’s notice, is obvious.
Among the files that should be included in the backup are:
- The theme and css
- Any premium plugins that are not available in the WordPress repository
- Any other custom files
Catastrophes can happen at a moment’s notice, whether due to human error, hacking, or technical meltdown. Your customers will look at you like a superhero if you can get them back up and running after one of these unexpected meltdowns.
The best way to do this is to have a backup at the ready that reverts to the most recent time the site was known to be functioning properly. With this backup available at your fingertips, you and the site are essentially bulletproof.
A Business Model Alternative …
Obviously the recommendations above place restrictions on customers that some might not like.
Many site owners want their technical advisors, or themselves, to be on point for plugin updates, theme framework updates, and WordPress core updates, as opposed to paying someone else hourly. Sometimes they just want to tinker. And others want to feel like they have ultimate, unrestricted control.
This is why many designers and developers we’ve talked with have implemented another business model which keeps their clients out of harm’s way: the small retainer model.
If you find yourself in reactive mode with your customer base due to plugin update mishaps and general site tinkering, you can consider putting together a small, affordable package that incentivizes your customer to let you do that for them.
We’ll be talking quite a bit about business models and best practices amongst designers and developers in the future, as well as best of breed technologies for simplifying site management.