Passwords, User Roles and Security Mistakes

3 Mistakes That Can Kill Your Business: Passwords, Permissions & Ownership

Top 3 Mistakes that Jeopardize Your Business and Accounts

As you can imagine, I set up a lot of accounts and access for my clients.  It never ceases to amaze me how vulnerable most people are when it comes to their hosting, social media, financial s and business critical applications.   Take a few minutes and read this, it could save you time, money and your business.

#1 Mistake: Not owning your domain and hosting accounts

This situation occurs regularly and begins with good intentions.  You may have needed a website and found a company that told you they “would take care of everything.”   They set up your website, got your domain and you paid the bill.   You have a website, so everything is good  right?   Wrong!   If you don’t own the domain and  hosting, you are at risk.    The web company or person could close up shop, they could just not return calls or any other bad situation.    The end result is that you DO NOT have access or control of your business’ website.  I have seen this disaster unfold more times than you’d expect.

YOU MUST OWN YOUR DOMAIN AND HOSTING ACCOUNT!!!  Period.  No Exceptions.  Ever, not one.    Got it?   If you don’t know if you own your domain or hosting, STOP EVERYTHING NOW!   Check your records, call your web developer  and make sure that you are the owner and  have access.  If the answer is “No”, do everything you can to regain access.

#2 Mistake: Weak Passwords

You have probably received one of the “awful” passwords I’ve created for you. Hackers are persistent, ubiquitous, and so frustrating.

What you can do to protect yourself, your data, and your site.

Random passwords using a mixed combination of numbers, lower & uppercase letters and symbols is the best defense. As you can see from the chart below, it should be at least 10 characters long.

If you do that, it would take 928 years to crack. Hopefully, the hackers would likely up long before then!

Don’t use the same password!

Another big issue is using the same passwords for different sites. If your password and email are exposed, then all of your accounts are at risk.

Consider how catastrophic this could be. Please use unique passwords. It is a pain, but not as painful as trying to recover your digital life and assets!

#3 Mistake: Improper User Roles or Authorization

As a business owner or manager,  you must have administrative access to your social media accounts, online services and website.   You can appoint someone in IT or marketing to have admin access.  But make you have an extreme level of trust and a really strong employment contract that specifies the company’s rights to the information.

Most online services have “User Roles” that can be assigned by person by level or responsibility.  Understanding the roles available can avoid a ton of headaches and down time.  Here is a short summary of a few common sites and roles.

Facebook Roles for Business Pages:

There are 5 main roles in classic FB Business Pages:  Admin, Editor, Moderator, Advertiser and Analyst.   The chart below (available on FB Support)  A simple rule of thumb, set up your employees or virtual assistants with the lowest level to start with.   If they run into a barrier that prevents them from doing their work, they will let you know.     The unfortunate thing is most small business owners are either overly trusting, woefully uniformed, inadequately/contractually protected, or just too busy to make these simple and critical decision.   Visit FB support to learn more, click here.

Facebook Page Roles Chart

Word Press Roles

There are six predefined roles native to WordPress (WP) :  Super Admin, Administrator,  Editor,  Author, Contributor and Subscriber.  See the except below from Most of your users will fall in to the Author or Contributor rooles.

  • Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
  • Administrator (slug: ‘administrator’) – somebody who has access to all the administration features within a single site.
  • Editor (slug: ‘editor’) – somebody who can publish and manage posts including the posts of other users.
  • Author  (slug: ‘author’)  – somebody who can publish and manage their own posts.
  • Contributor (slug: ‘contributor’) – somebody who can write and manage their own posts but cannot publish them.
  • Subscriber (slug: ‘subscriber’) – somebody who can only manage their profile.

Real Life Example:  Disgruntled employee wreaks havoc, leaves negative posts and locks the organization out of their social media accounts.

A non-profit company tasked an employee to set up their website and social media account..   The employee set up the website and social media accounts.    That employ had all of the account information, administrative credentials and access.  Their was an employment disagreement and the employee was let go.  Before leaving, that employee  posted a negative message and locked the social media accounts.   With no account information or access, the Non-profit was not able to regain control.   They had to establish entirely new social media accounts and attempt to rebuild their followers.

Identify and correct these mistakes.

The first step in solving any problem is correctly identifying it.   Now that you know, here are 3 steps to help secure your rights and data access.

  • Conduct audits of your domain & hosting, social media and other online accounts.
  • Adjust and restrict user roles wherever possible.
  • Create legal and employment contracts that cover the company’s rights and ownership of data and account information.


For helpful tutorials on WordPress, YouTube, Social Media and other online services, visit my Video Tutorials and subscribe to my YouTube Channel

Follow Me

Share this post

Check out our podcast!

Skip to content