Your new Web Design Agency and Cybersecurity

ByDan Sullivan

Changing web designers can be a big deal. Even bigger if you don’t keep an eye on your website security. Here are ways you can change vendors and keep your site safe.

My title: Change web designers, Keep your website security in front of a picture of a futuristic couple breaking up with tech abstract art in the back.

Ugh, relationships.

Yep, this is an article on how to safely leave your former web design person to become my client. It also applies if you leave me for somebody else (but why would you do that?). These are the best practices for staying safe when you change web designers.

It’s a bigger deal than you think, because your website is tied to everything, and cybersecurity isn’t something you can just ignore.

Step 1: Figure Out Who Has the Keys to Your Kingdom

Before you make a move, you need a list of every digital account your business uses. You can’t secure what you don’t know you have.

Make a list. Right now. Include:

  • Domain Registrar: Where you bought yourcompany.com. (GoDaddy, Namecheap, etc.)
  • Website Hosting: Who actually stores your website’s files.
  • CMS Login: Your WordPress, Shopify, or Wix backend. How do you log in to your website?
  • Analytics: Google Analytics, Search Console, and anything else that tracks your traffic.
  • Email Marketing: Mailchimp, Constant Contact, etc.
  • Social Media Accounts: All of them.
  • Paid Stuff: Any premium plugins or software licenses you pay for.

Just like you wouldn’t want the past renter that just moved out to have keys to your apartment, you don’t want any old marketing agencies to have access to any part of your business.

Step 2: Stop Sharing Your Master Password

This is a simple rule: people should only have the access they need to do their job.

  • Share Account Access, Not Passwords: Seriously, stop giving people your personal username and password. Use the “Add User” feature in your accounts to create a separate login for them. When they’re gone, you just delete that user. Simple.
  • Use the Right Roles: If you have writers posting articles to your WordPress site, don’t give them admin access. They don’t need to see your themes and plugins. Let them be an “Editor” or “Author.” You can even set it so they can write but not hit the final “publish” button until you’ve reviewed their article.
  • “Zero Trust” Isn’t Cruel, It’s Wise: Don’t apologize for having good security. If you won’t drink out of the same cup and straw as people in your office, why would you share login info that could put your entire business at risk? When somebody leaves, lock them out immediately. Period.
my title: Add a User to Google Analytics and Google Search Console in front of a creepy business man holding a platter of Google Logos.
When I asked Google to generate this picture, I didn’t think they’d make the Google man so creepy.

Learn How to add a Google Analytics User to your account

This article will tell you all about how to add someone to your GA4 account. You follow the same directions to remove someone that doesn’t need access to your Google Analytics any more.

Read this article

Step 3: The Professional Handover (Changing the Locks)

When it’s time to part ways, be direct and methodical.

  1. Get Your Stuff: Make sure you have a final, complete backup of your website and any other files they have.
  2. Have “The Talk”: Be professional. Thank them and tell them that as of a specific date, you’ll be revoking their access for security reasons. Or don’t. If they don’t need access, they should be trying to use it anyway.
  3. Revoke All Access: Go down the list you made in Step 1 and delete their user accounts from everything.
  4. Change Shared Passwords: If you ever slipped up and shared a main password, change it now. Tell anybody that worked with that vendor to do it too. Heck, just change a bunch of your passwords right now. It’s a good idea to do it regularly anyway.

Step 4: Vetting the New Relationship

When you hire a new web designer (hopefully me), you can start things off right.

  • Ask Them About Security: I’m sad to say that a lot of people in my industry are sloppy with cybersecurity. The first thing I check on a new WordPress site is the admin user. “Admin” is the default username and the one most hackers try first. I’ll even go to websites I don’t manage and request a password reset for the user “admin” just to see if it exists. If it does, it at least warns the owner someone is poking around. Change that thing.
  • Give Access, Not Credentials: Use your new skills. Set them up with their own user account with the right permissions.

Is This Security Stuff Overkill?

Only until you get hacked and lose $10,000 a day in business. Then it feels pretty important.

Your website needs to do three things:

  1. Clearly show people how you solve their problems.
  2. Be easy to use so people can buy from you.
  3. Stay secure and running 24/7.

If you have questions about your website security, or if you’d like to put all of this into practice and make me your web designer, give me a call. I’d be happy to try to reset your “admin” password for you.

SEO AUdit Clients

If you came to this page because you’re signing up for an SEO Audit, use this button to go back to the form for the SEO audit.

Take me to the SEO Audit Signup Form

Dan Sullivan is a full stack SEO marketer. A lot of businesses don't know if their marketing budget is working or not, and Dan Sullivan is the expert they hire to fix it. Great SEO, a high-performance website, a clear brand message, and off-site tactics combine to create the best marketing campaigns. Dan does that, plays the bass, and enjoys his wife's cookies.

Robotically Chosen Related Posts