Written by Beth Downey

As a web developer and small business owner, I believe it is my lot in life to advocate on behalf of my clients even if I am advocating for them to them. It’s a “help me help you!” plea in most cases. When the same issue pops up multiple times to the unsuspecting owner/manager of a website, and I’m a witness, I know it’s time to take to this blog and advocate on their behalf to a wider audience.

A web developer’s unofficial code of conduct

A common mantra of web developers is “write and comment your code as if the person who inherits it is a serial killer with a key to your home.” In short, it means leave things neat and tidy for the next person (even if that “next person” is you).

In short, sooner or later someone else will take the reins and will need the institutional knowledge of their predecessor.

More than a handful of times I’ve experienced this specific situation:

  • I’m charged with making code edits to a website.
  • In doing so, I discover the theme is not current, alert the client and ask for the login credentials to the theme source (i.e. where the theme was purchased).
  • No one knows where the credentials, receipt or login to the source of the theme are stored or if they were ever stored at all.
  • Essentially, the person who set the theme up is long gone and left no historical data – the receipt email! – for those left behind. Two recent cases involve this scenario: the theme is outdated and to update it, one must login to the website where the theme was purchased, download a new theme, and reinstall it. Because no one knows where the proof of purchase is, the theme must be purchased all over again. i.e. Oh look, that theme development company got you to pay for the same item twice.

Why is keeping a website’s theme current important?

In short: Security.

In more than a few cases, when I’ve encountered a compromised website, hackers used an outdated theme to gain entry. As well, if your website has themes installed that are inactive, either keep them updated or delete them altogether. How often should you update them? As often as possible is the standard answer, and creating a monthly schedule for checking for WordPress Core, plugin and theme updates should be on the monthly calendar. The other reason to keep your theme current is ensuring it is compatible with the WordPress Core and your installed plugins. In short, themes that aren’t current are more likely to break.

Another familiar scenario: a client tasks me with doing some upkeep and rearranging of items on a website. To do this, I have to have the website’s host login to get to the template files. One problem: the website owner has no idea who hosts the website. And when the host is unknown I end up having to spend time tracking this down and figuring out how to secure those logins once the host is identified. All of this investigation equals time and time is money.

So what do you need?

If you are the website manager, are the web developer at your company, or you simply own your own website for your small business, can you put your hands on all the credentials for your site(s)? Do you know what those credentials are? I’m here to help — here’s a handy list:

  • Your domain provider
  • Your website hosting provider
  • Your CMS username and password with administrator permissions
  • Receipt of your website’s theme (if applicable) as well as logins to the theme’s source

Storing all of this data in a secure place while allowing multiple people within an organization access is just as important as making certain you know where your house and/or car keys are.


Photo credit: Chris Parker