In the old days Online Marketing Companies would need to have full access to your site including all of the logins across the board. Lately with security issues being of great concern it is best to know what the new SEO Company is asking for.
If you are switching to hosting with your SEO Company then they would need to switch the Domain Servers to point to theirs. This is really the only reason to provide an SEO Company with access to this information. If the company has access to your domain without needing it you could be putting your Domain at risk. With Domain control an unscrupulous company could unlock and transfer your Domain or allow someone accidental access to do the same. Ideally unless you are hosting with the SEO Company there is no need to give them your GoDaddy (or other Domain Company) login.
Often times an SEO Company will ask for your FTP Information. This stands for File Transfer Protocol and allows their company to go into the back end of the site and manipulate files. Even if you are running on a popular CMS (Content Management System) the site still has a back end (the CMS simply “sits” in a main directory). Many people confuse the CMS with the site itself when it is just basically downloaded software into a file directory. This is another area where the SEO Company should have a good reason for wanting this access. Site Hosting would be a good reason or if for some reason they needed to change the HTAccess file or other site specific files. In most instances it is best not to give this information away to an SEO Company. This is another large security risk and if this falls into the wrong hands with very little effort a hacker can completely take over your site. If you are not running on a CMS In most cases you can provide the editable files to the SEO Company and they can return them back to you. Or they can provide spreadsheets with changes and you can implement them yourself.
Today most websites run on popular software platforms called CMS’s (Content Management Systems). The login information for this is vital for most on-site Search Optimization. The CMS allows for plugins which can be added to improve your Search Visibility. One of the main issues though is that with one popular platform like WordPress dominating the market it makes it an easy target for hackers. Once your site is hacked into (either via plugins added by the SEO Company or by someone guessing the login/password combination) Google will put under your Search listing “This site may be hacked” and your Search traffic will likely plummet until you remove all of the offending malware or pages put onto your site by the hackers. The positive here is that as a site owner you can create logins for the SEO Company to use on a temporary basis and then remove them once they are done. This is the safest way to allow your SEO Company access to the site to do what they need to do while still keeping the site secure.
One step that many site owners forget to do is to remove the previous access and logins to their old company. While sometimes the new SEO Company will remove the access they are not experts on what was done in the past in this regard. The old company might have used generic e-mails (like gmail) and it’s hard to delete those without knowing what exactly is being deleted. So once your new company has access to everything they need make sure to return and delete any access from the previous company.
Balancing providing information that your new SEO Company needs and site security is a tricky issue. Remember that in the end your site security falls on you the website owner. If you grant too much access to too many companies you are putting the sites security at risk. It is always best to create temporary logins and delete them once the terms of service with a company Is over.