Website admin panel
ACCESS TO THE WEBSITE

CMS Access for SEO Work: What We Need and What We Do With It

Before any SEO optimization work begins, we need login access to your site's content management system. This is not optional - SEO optimization requires making changes directly in the CMS, and those changes cannot be made remotely without credentials.

This page explains exactly what we access, what we do not touch, how to provide credentials securely, and what to do when the work is complete.

Why CMS Access Is Required

SEO optimization involves modifying specific elements on each page of your site: title tags, meta descriptions, heading tags, image alt attributes, and technical settings like canonical tags and redirect rules. These elements live in the CMS database - they cannot be edited from outside the admin panel.

The alternative - providing us with a list of required changes and asking someone on your team to implement them - introduces errors and delays. Each change requires precise formatting, and a mis-typed character in a title tag or a missing canonical URL can produce the opposite of the intended result. We apply changes directly to eliminate that risk.

What We Access

We use CMS admin access to reach the following:

Page editor - to modify title tags, meta descriptions, H1, H2, and H3 headings, and to edit page text for keyword optimization (adding secondary keywords contextually, improving structure).

Media library - to add or correct alt attributes on images uploaded to the site.

SEO settings or plugin - for sites using a dedicated SEO plugin (Yoast, Rank Math on WordPress; Helix Ultimate on Joomla; built-in SEO fields on Shopify), we access the plugin settings to apply title and meta changes in the designated fields.

Redirects manager - to correct redirect chains and loops identified in the site audit. On WordPress, this is typically done through a redirects plugin (Redirection, Rank Math redirects). On Joomla, through the administrator's redirect manager.

robots.txt (if editable through the CMS) - to correct unintended crawl blocks found in the audit.

What We Do Not Access or Modify

We are specific about scope because we understand that CMS access carries responsibility:

We do not access: Payment gateways, customer data, order management systems, email accounts, hosting control panels, or FTP/SFTP.

We do not modify: Page design or layout, CSS or template files, plugin configurations unrelated to SEO, navigation structure (unless internal linking changes are part of the package), database tables beyond page content and SEO fields, and any file that is not directly related to the optimization scope.

We do not delete: Content, pages, products, media files, or any other site assets.

Every change we make is reversible. Title tags, meta descriptions, and alt attributes are text fields - restoring any of them to their previous state takes seconds. The work report documents every change made, so you have a complete before/after record.

How to Provide Access

WordPress

Administrator-level access is required. Editor-level access does not have permission to modify SEO plugin settings or manage redirects.

What to send:

• Admin URL: `yoursite.com/wp-admin/`
• Username
• Password

If your site uses two-factor authentication (2FA) on the admin account, create a separate administrator account without 2FA for the duration of the package work. Remove it after the work is complete.

Joomla

Super User or Administrator access is required.

What to send:

• Admin URL: `yoursite.com/administrator/`
• Username
• Password

Shopify

Staff account with "Full permissions" or at minimum: Products, Pages, Blog posts, and Settings permissions.

What to send:

• Invite us as a staff member through Shopify admin (Settings → Users → Add staff)
• Or send the store admin URL, login email, and password

OpenCart

Administrator access via the admin panel.

What to send:

• Admin URL: `yoursite.com/admin/`
• Username
• Password

Other CMS platforms

If your site uses a different CMS - Drupal, MODX, Bitrix, or a custom-built system - contact us before ordering. We confirm access requirements and compatibility before the package starts.

How to Send Credentials Securely

Do not send login credentials in plain email or messaging apps. Use one of these methods:

Password manager share: If you use 1Password, Bitwarden, or LastPass, create a shared item and send the share link.

Secure note: Create a temporary secure note using privnote.com or onetimesecret.com - the link is readable once, then destroyed.

Direct message through a verified channel: If we have established contact through a known channel (Telegram, WhatsApp, a specific email thread), credentials sent there are acceptable. Avoid public channels.

After the work is complete, change your password immediately. Do not wait - changing the password as soon as the work report is delivered closes access instantly.

After the Work Is Complete

When you receive the work report, change the admin password for the account used during the package. If you created a separate account for our access, delete that account from the CMS.

You do not need to verify that changes were applied before closing access - the work report documents every change with before/after values. If after reviewing the report you find any change requires adjustment, contact us and we will review it.

If your site uses a CDN or caching layer (Cloudflare, WP Rocket, W3 Total Cache), clear the cache after closing our access. Some changes - particularly title tag and meta description updates - may not appear in search results until the cache is cleared and Google recrawls the updated pages.

Access and Site Security

Will you store my credentials after the work is complete? No. After the work report is delivered, we do not retain login credentials. Changing your password after receiving the report ensures that any credential record is invalidated.

What if I am uncomfortable providing full admin access? For sites where full admin access is a security concern, we can work with an export/import approach: you export specific page data, we prepare all corrections as a structured file, you or your developer imports the corrected data. This adds time to the project and requires technical capability on your side. Contact us to discuss if this is your situation.

Is there a risk that the SEO changes will break something on my site? The changes we make - title tags, meta descriptions, alt attributes, heading text - are content fields, not code. They do not affect page functionality, scripts, or design. The only SEO fixes that carry a low risk of side effects are redirect changes and robots.txt edits - we document these in advance and confirm the intended behavior before applying them.

Frequently Asked Questions

Why do you need Administrator access rather than Editor or Contributor? Editor-level access in most CMS platforms does not include SEO plugin settings, redirect managers, or robots.txt controls. These are administrator functions. Some fixes - particularly resolving indexation blocks - require administrator-level access to implement.

Can I create a separate account specifically for this work? Yes, and this is recommended. Create a new Administrator account, provide those credentials, and delete the account after the work is complete. This is the cleanest approach from a security standpoint.

What if I forget to change the password after the work? Changing the password promptly is your responsibility after the work is complete. We do not retain credentials and do not attempt to access your site after the work report is delivered. If you forget to change the password, your security risk is the same as it was before the package - credentials in your possession that should be rotated.

Can the work be done without CMS access? No. SEO optimization requires making changes in the CMS. A list of recommendations is not the same as implemented optimization - this package includes implementation, not just advice.

How long does it take to set up access? Providing access takes 5-10 minutes. The package timeline begins when we confirm receipt of working credentials. Delays in providing access delay the start of work proportionally.