Giving out Administrator access

,
Man sitting at laptop wearing headphones, microphone at a busy office pod with two other workstations in the periphery

Let’s say you’ve reported a bug that you’ve observed in a theme or plugin. Good job by the way!

Should you… Go through the effort of reproducing the bug in a clean sandbox environment, provide steps to reproduce, a description, screenshots, or video of the observed versus expected behaviors? …Reference the URL within their own demo site? …Possibly even workaround descriptions or code sample?

YES! Typically that’s all a developer needs to fix the issue in the next version.

Should you share a clean sandbox environment URL and admin credentials with the developer to review the issue?

SURE! This isn’t necessary, but it’s a kind effort and can get things moving.

Should you provide the developer admin access to your production site so they can diagnose or repair the issue?

ABSOLUTELY NOT

I’ve observed this quite a few times. After I report bugs I find to theme and plugin developers they request access to my client’s site. Sometimes their support licensing will only cover that domain. They claim they will repair the issue for us. I don’t buy it. I don’t trust giving them (wherever and whomever they may be) access to a site where they can steal data or apply unknown changes in such as way that I may ultimately find disagreeable or futile.

Rather, my approach is to reproduce the bug in as clean of an environment as possible and, if necessary, give them access to that environment. It won’t contain all of the other plugins and settings which aren’t pertinent to the bug. It won’t contain confidential client and end user information. It will be a clear representation of the bug in a box stock configuration — where it ideally should have been caught in the first place.

I use a “throw away” environment in a cheap BlueHost site running the latest WordPress, WooCommerce, and Storefront (default) theme. I configure just the bare minimum necessary to reproduce the bug.

So the next time you’re asked to provide a WP Admin account to a non staff or contractor (with whom you have a solid NDA or service agreement), don’t give in.

Sean D. Conklin

I have been a full-stack CSS, HTML, JavaScript, PHP website developer since 2002. My current specialties have been in WordPress powered sites since 2010, WooCommerce powered online stores since 2017, adding Shopify in 2023. I support dozens of store owners and managers, customizing and growing their businesses quickly, efficiently, in support of open-source citizenship and standards.

Share this:

Note: I may receive compensation for referrals.

WP Engine - A smarter way to WordPress
The best email marketing tool, responsive templates, automations, Worldwide support, tracking and reports, Benchmark Email, free plan available
Sell everywhere. Use Shopify to sell in-store and online.
Klaviyo partner badge
Okendo Partner, certified
WooCommerce, the most customizable eCommerce platform for building your online business. Click to get started.
Jetpack, a stronger, customizable site without sacrificing safety. Click to get started.