Thread

Despite much kicking and protesting on my part (and a really contentious conference call with sales weasels), I have a client who is determined to hire a third party who will remain nameless—rhymes with “Schmellow Schmook”—but who has cold-called and promised their magic SEO wand will miraculously put the client’s sites on Google’s first page with even the vaguest of brain-dead searches. I know…

Said third party refuses to work with me to make whatever changes they’re going to do to the actual code, calling it a proprietary part of their service. They don’t even plan to inform the client as to what changes are being made, and when—because “all you really care about is the results, right?” They want carte blanche access to the ftp server and the EE templates to do whatever without notice at any time during the duration of the SEO contract. I have no assurances (nor will I get any) that whomever will be making the changes has even heard of EE.

So… any suggestions about best practices (useful plugins, whatever) to grant them an appropriate level of restricted access to EE—something that will allow them to muck about with page headers and whatnot if they have to, but in a way where I can keep an eye on what they’re doing and quickly undo if something goes awry?

We’re running EE 1.6 and Multiple Site Manager (two live sites with a third on the way). Both sites are a pretty basic combo of regular weblog content and Static Pages module pages.

Personally I wouldn’t let them touch the live site.  Let them make their changes on a development environment; make sure they’re non-destructive, then push them live.  That gives you the security you need as well.

Unfortunately, I don’t have this option, because they insist that whatever they’re doing has to be constantly maintained/updated at their leisure (so it can’t be a one-time or even monthly setup on test site rolled out live after eval/testing)... and they made it very clear that there was no acceptable setup that put anyone (particularly me, the lowly freelance developer) between them and whatever they want to do with the site. It’s supposed to be good enough that they “do this every day” and “don’t intend to mess anything up.”

If I were my client, this would be a most enormous red flag about this whole setup, but I haven’t been able to get the client to see through their starry-eyed hopes of sticking it to their perceived competition by leapfrogging them on a Google search.

I’m just hoping to put whatever infrastructure I can in place (before I have to turn over a login) to minimize the impending chaos.

make a backup (and backups of this backup) before you give them any access and put it in a safe, cool, dry place because even if you don’t need it in an emergency, you’ll probably want to reference it at some point in the future when you’re about to get blamed for something you didn’t change.

make sure your automatic daily backups (you do have automatic daily backups, right?) of the files and the database are functioning properly because there’s a good chance they’ll mess something up and being able to roll back to a recently-working state will make you look awesome.

practice the procedure of rolling back to one of these backups on a staging server so that you know what you need to do when the time comes (bonus points if your last backup is automatically ready to go on a second server or different account that can be swapped with the production server with no downtime).

And.. don’t give them superadmin access.  Keep that for yourself.