Website Security Pillar 5: Limit Access to your Site

We made it to our final day of website security week! We're talking about website security around here during this last week of Cyber Security Awareness Month. 

Pillar 5: Limit access to your website

One way to keep your website safe is to use team member or collaborator accounts to give other people access to do things on your site. Here are five tips to help you limit access to your site.

Use roles and permissions as available on your platform

You can use settings on your website platform to allow different people to have different levels of access to your site. 

Different platforms have different names for the various roles and different levels of permissions you can grant as well.

I'm going to use Wix as an example. On the Wix platform, if you want someone to be able to contribute a blog post, you can invite them with the role of Blog Writer and give them permission to create and publish a blog post.

You may only want the contributor in the example above to be able to write a blog post but not publish it - then you can use the Guest Writer role. 

Depending on the platform, there are roles for collaborators who work on the site in various roles such as content, blog, marketing, online store, and website management and design. 

So it's similar for people like me who can work on your site - maybe we're re-designing a page, adding an email newsletter signup block, or troubleshooting a problem. 

You'll need to match what the person needs to do on your website with the permissions you'd like them to have.

Remove access when it is no longer needed

One common thing I help people with is connecting their site to their domain - which I need a pretty high level of access to do. So when I'm done with their project, I recommend people remove that level of access for me unless they need ongoing help at that level.

You can usually change the status or permission level of someone's role if you want them to continue to have some level of access to your site.

Share passwords securely

Some platforms don't allow team members or collaborators unless you have a certain subscription level, so you end up sharing passwords. 

That's one thing I hate about my job is trying to share passwords securely. 

I have a couple of tools to help, but it's still just a hassle.

It's worth taking the time, though, to take security measures. DON'T email them if you can help it. Instead, call, use a secure information messaging tool, or at least split up the username and password into different methods. 

Change passwords when necessary

If you have to share passwords, make sure you change them when the person you shared them with no longer needs access. They are like keys, and sometimes it is appropriate to change the locks. 

Review who has access to your site

Finally, it's a good idea to think about who has access to your site. For example, a previous owner of the business, a former partner, or someone who has worked on the site before - make a list occasionally so you can change the access if needed. 

Depending on your business, once a month, once a quarter, or once a year is probably appropriate to consider who has access to your website and other online accounts.

Resetting passwords and changing permissions are easy fixes to make sure your site is not vulnerable to people who don't need the level of access they have.


Links to the other pillars of website security:
Website Security Pillar 1: Know Your Information
Website Security Pillar 2: Develop Good Password Habits
Website Security Pillar 3: Keep Your Software Updated
Website Security Pillar 4: Keep Good Backups


Leave a Comment