Beginning an SEO contract with a customer is the beginning of a trusting relationship. In addition to the fact that your customer has just handed you a wad of cash, they also are handing over the keys to their website. I know for me personally, any time I give out admin access to our website it makes me a little uneasy. Can I trust these people? Are they going to damage my hard work?
Before we go any further I’m going to preface this post the same way I do most of my other actionable posts: back up your website. If I’ve said it once, I’ve said it a thousand times, back it up! Back it up to your computer, to the cloud, to your host.
If you asked this question 5-10 years ago the answer would be simple: “just send me FTP.” Back in the day FTP was all you needed, because eCommerce and CMS systems were few and far between. It is essential to have FTP access in order to access the files that exists on a web server. It doesn’t matter if it is a Windows server or a Linux server, FTP access is one of the core pieces of access you need when doing an SEO campaign. Whether it is cleaning up 404 errors or installing a sitemap, FTP is mandatory before beginning any SEO campaign.
For example, one case study we ran last year where a website had TWO websites installed on top of each other was causing huge user experience issues. We would not have been able to find this without FTP access, or at least not as easy.
For the majority of the SEO work that we do, it happens on the back end of a CMS. Like it or not, most CMS “work” that is done is done on the backend admin panel. Back in the day we used to be able to do most of it via FTP or even on a local computer. These days most data is stored in the cloud, and thus we must need CMS login.
For example, on this website if you want to edit the SEO meta descriptions, the easiest way to do it is via a plugin, on the backend of WordPress. Check out how easy it is:
With many modern day CMS’s you don’t have to give away full admin rights to your consultant or agency. You can still assign an admin, but not the “super admin” user.
In the golden age of the web, websites were “flat” and stored in files like “about.html” and such. These days most websites are more 3 dimensional and run off of a database. This includes most modern CMS and eCommerce websites such as WordPress, Magento, Drupal…even Facebook.com uses a database. There are times when a website is so large where the database is hosted on a separate server. When this is the case we do ask for access so we can do what we need to do.
When you get down to the nitty-gritty and you are doing major speed optimization for a CMS such as WordPress, you need database access. Now, if you already have cPanel access you might not need it but if it is on a separate server, you will need to ask for it. Last year we wrote a guide on WordPress speed optimization and one of the main points covered was database optimization. We’ve seen databases that started off at say 50Mb that were able to trim down 50-90% by the end were under 10%.
Another reason you might need database access is if you are getting hit with lots of comment spam. We wrote a post a few years ago on deleting WordPress comments in “one fell swoop.” This required us to have database access to the website. Another website we recently worked on and did a case study for was “un-SEO’ing a mismanaged website.” There was a ton of database work we had to do on this as well. In short, it is important to have!
The good thing about getting website hosting access, is that most of the time that includes most of the other stuff we talk about in this article. For instance, if you get cPanel access that gives you database access, FTP and SSH (most of the time anyway.)
Just be aware when you get hosting access it gives you a certain level of responsibility. You are now in control of an entire organization on the web, including their email in many cases. Having hosting access allows you to take control over many aspects of a website, including subdomains, DNS, and lots of advanced SEO reporting.
Oftentimes as an SEO you are also the person that helps a client with a lot of hosting tasks such as backups, email setup etc. Either way, you must have cPanel or hosting access if you want to proceed with SEO. Just pray it isn’t Godaddy.
Most of the time when you get hosting access, this includes access to SSH, but not always. That is why I gave SSH its own section. Some hosts require a special key, others you can log in via default port it really depends.
It is imperative that we have access to the back end of your Hosting account. This allows us to perform low-level optimizations that can help your website speed and many other things.
If you have your Linux wits about you, you can do some really cool stuff with SSH access. For instance you can use SSH to find large files on your server. We recently had a client where we ran a query to find large files and we ended up with 100’s of 1GB+ zip files that were all able to be deleted. This took their disk usage from about 80% down to 30%, and actually ended up saving them money in the long run which we calculated to be about a few hundred dollars per year in savings.
It really isn’t mandatory to have domain name login but there may come a time where and SEO does need this. For instance if you need to move hosting , make DNS modifications , or add things like a CDN you may need access to the domain login. It is our opinion that the customer should always have control of their domain name. In fact, even if we are doing a fully managed account we still ask that they register their own domain name. This puts all power and control in the hands of the customer. So even if we all get zapped off the face of the Earth the customer can still point the domain to another host.
If you are lucky enough to have a client that already has Google Analytics or some form of analytics setup, consider yourself lucky. There are circumstances where it won’t be set up, such as brand new websites. It helps to walk into a situation where you can get prior months reports so you can see what a good job you are doing.
Other websites use alternatives to GA such as Piwik or other programs, which are totally fine. You just want to make sure you get access.
Many SEO’s find themselves constantly behind the console of Google Analytics. It is really one of those “must have” tools for any SEO.
Google Search Console is so important to have. You don’t need to be the owner of the account, but you do need to get access.
GSC access is important not only for doing SEO work but reporting it as well. If you have a client that has a penalty or is worried about one, it is vital to have. This is also where you find out if you have a manual action (aka penalty) so you definitely want to stay on top of that.
For local SEO clients, Google My Business access is essential. Most people just call this “Google Maps” access, its been called a lot of different things over the years such as Google Local, Google Places etc. GMB allows you to do really simple tasks such as changing your phone number etc to more advanced tasks such as managing reviews, advertising, etc.
Even if you don’t manage the posting for your clients it is still a good idea to get social network access just in case. I personally like to include (at the very least) social network profile URL’s etc in my SEO audits as those links can carry a lot of weight.
The great thing about most modern day social networks is that you don’t have to give away the keys to the kingdom. For instance on Facebook you can “add an admin” so you don’t have to give away full access to someone.
Other social networks such as Twitter don’t make it as easy, but there are ways around it. Google+ has really become an important part of SEO for a few reasons, so it is always a good idea to get G+ access.
In short, the more the better. There are many other types of access control we didn’t include in this post such as CDN and many others. It is imperative to keep good organizational control over your access to your client websites. Keep at the very least some basic HR policies in check, so that if you let go of an employee or contractor, they don’t take passwords with them. This can never be completely avoided, but you can do your best to minimize any backlash.
One way we like to bundle all of this together is by putting it all into a