The default approach — give everyone admin access — works until it doesn’t. A junior developer accidentally deletes a production database. A freelancer you no longer work with still has server access. A client’s marketing person changes a DNS record and takes down the site.

Role-based access control

Assigns permissions based on job function. A developer needs SSH access, staging deployment, and database read access. A project manager needs the dashboard and reporting. A client needs their site’s analytics and content management only.

The minimum viable permission model for agencies: Agency Owner (full access, billing, account management), Senior Developer (server access, production deployment, database management), Junior Developer (staging access only, no production deployment), Project Manager (dashboard, reports, support tickets), Client Stakeholder (site-specific dashboard, uptime reports).

Access lifecycle management

Equally important. When a team member joins, they get role-appropriate access within hours. When they leave, all access is revoked immediately. Quarterly access reviews confirm that permissions still match current roles. This is also important for PCI compliance.

WP Pro Host’s team management features

Include: granular role-based permissions at the site and account level, SSO integration with your agency’s identity provider, access audit logs showing who did what and when, and automated access revocation when team members are removed. View agency hosting plans.

Frequently Asked Questions

How should agencies manage WordPress user roles across client sites?

Apply the principle of least privilege: every person has the minimum access needed to do their job. Developers need admin or editor access; designers may only need editor or author; clients typically need editor access for content management, not admin. Create custom roles using a role management plugin where the default roles don’t match your workflow. Never give clients admin access by default — the risk of accidental damage (deleted menus, changed permalinks, activated conflicting plugins) is real. Document each user’s role and the business justification for admin-level access for auditing purposes.

What is access lifecycle management for agency client sites?

Access lifecycle management means actively maintaining who has access to what, not just granting access and forgetting it. When a freelancer’s contract ends, remove their WordPress and hosting access the same day — not “eventually.” When a developer moves to a new project, revoke their access to the previous client’s site. Quarterly access audits should review every user on every client site and confirm each account is still actively needed. The most common agency security gap is former staff or contractors who still have admin access months or years after their engagement ended.

How do agencies give clients access to their own WordPress sites?

Clients typically need editor access for content management (creating and editing posts, pages, and products) rather than admin access. Create a dedicated client account with an appropriate role rather than sharing your agency’s admin credentials. Use a WordPress user role plugin to customise what editors can and cannot access — hide the theme editor, plugin manager, and settings menus from client accounts to prevent accidental changes. Brief clients on what they can and cannot do with their access level. For clients who need to install plugins or manage users, consider admin access with specific onboarding to explain the risks of plugin installation.

What hosting access should agencies provide to clients?

Clients typically need access to: their WordPress admin dashboard (editor role for content management), file storage (FTP/SFTP for uploading media if needed), and optionally a read-only hosting dashboard view for invoicing and basic status. Agencies should retain: hosting control panel admin access, SSH access, server configuration, DNS management, and SSL certificate management. Sharing full hosting credentials with clients creates a risk of accidental server misconfigurations and removes the agency’s ability to maintain controlled access. Provide clients with the minimum hosting access their day-to-day needs require.

How should agencies handle access when a client relationship ends?

When a client relationship ends: transfer hosting ownership or provide full credentials if the client is moving to self-manage, remove agency team access to the client’s systems within 24 hours of the relationship ending, document all access that was transferred and get written confirmation from the client, delete any client data from agency systems as required by your data retention policy and UK GDPR, and ensure the client understands they are now responsible for all ongoing management. If the agency is retaining access temporarily for handover support, specify the exact date when all agency access will be revoked in writing.