User control
By Matt Adams on April 1, 2009
Most of the sites we create for our customers are based on a content management system (CMS). This allows them to log in, add, edit and remove pages. This is a great tool for our clients to keep their sites up to date, without having to pay for, or wait on a web designer to edit the page. This also allows multiple users.
Having this kind of access is dangerous. I mean really dangerous. A rouge user could delete every page on your site, or worse, put up inappropriate content.
User control is key. Here are my questions and thoughts for good user management of your site.
- Who needs access to FTP and server Control Panel?
- Who should have access to the CMS?
- Should some users be restricted to a designated set of pages?
- Is there a review system for approving content posted by other users?
- Who is the master admin?
- Review users every 6 months (delete any inactive ones asap)
- Problem with an editor? Nip it in the bud now! Don’t let a user go rouge too long. Online updates can happen in seconds.
- Soon to be Ex-employees? Remove access before firings to avoid any retaliation.
- How often do you review the admin log (or do you have one). Our admin log knows all movements, clicks, and edits made by a user, with a date and time stamp.
- Is there an emergency plan in place to pull the site offline asap?
I hope that helps. And yes, this post was inspired by a panicked email I received today from a client with a rouge editor on their hands.