This article explains how to safely give a developer or staff member access to your website without compromising your own account.
The golden rule: never share your portal password
Your Web60 portal account is your master account. It controls billing, backups, domain settings, and your entire hosting setup. Never share your portal email and password with anyone, including developers, designers, or staff members.
Instead, use the two methods below depending on what the person needs to do.
Method 1: Add a WordPress user
If someone needs to edit content, manage pages, or work on your site through the WordPress dashboard, add them as a WordPress user.
- Log in to your WordPress dashboard (yourdomain.ie/wp-admin).
- Go to Dashboard then Users then Add New.
- Enter their email address and choose a username.
- Set the appropriate role:
- Editor for someone who will create and edit content but should not install plugins or change technical settings.
- Administrator for a developer who needs full access to the WordPress dashboard, including plugins, themes, and settings.
- Click Add New User.
WordPress sends them an email with login instructions and a link to set their own password. They log in to WordPress separately from the Web60 portal. Their WordPress login does not give them access to the portal.
Method 2: Enable SFTP for file access
If a developer needs direct access to your site's files (for example, to edit theme code or upload custom files), you can provide SFTP credentials.
- Log in to the Web60 portal.
- Go to SFTP in the sidebar.
- Enable SFTP access if it is not already enabled.
- Share the SFTP credentials with the developer.
SFTP credentials are completely separate from both the WordPress login and the portal login. They only grant access to the site's files on the server.
Choosing the right level of access
| What they need to do | Give them |
|---|---|
| Write blog posts, edit pages | WordPress Editor role |
| Install plugins, change themes, full dashboard | WordPress Administrator role |
| Edit theme files, upload code, server-level access | SFTP credentials |
| Full dashboard access and file access | WordPress Administrator role plus SFTP |
Revoking access
To remove a WordPress user, go to Dashboard then Users, hover over their name, and click Delete. To revoke SFTP access, disable or regenerate the SFTP credentials in the portal.
FAQ
Q: Should I share my Web60 portal login with my developer?
A: No. Never share your Web60 portal credentials. Add your developer as a WordPress user instead, and enable SFTP if they need file access.
Q: What is the difference between Editor and Administrator roles?
A: An Editor can create, edit, and publish content but cannot install plugins or change site settings. An Administrator has full access to the WordPress dashboard including plugins, themes, and settings.
Q: Can I remove someone's access later?
A: Yes. In WordPress, go to Dashboard then Users, hover over the user you want to remove, and click Delete. For SFTP, disable or regenerate SFTP credentials in the portal.
Frequently asked questions
Should I share my Web60 portal login with my developer?
No. Never share your Web60 portal credentials. Add your developer as a WordPress user instead, and enable SFTP if they need file access.
What is the difference between Editor and Administrator roles?
An Editor can create, edit, and publish content but cannot install plugins or change site settings. An Administrator has full access to the WordPress dashboard including plugins, themes, and settings.
Can I remove someone's access later?
Yes. In WordPress, go to Dashboard then Users, hover over the user you want to remove, and click Delete. For SFTP, disable or regenerate SFTP credentials in the portal.
Last updated: 4 April 2026