Teams and Access
Teams are a core part of Flock WP. You can share your dashboard with employees, contractors, and clients without giving everyone full control.
How team access works
Every site belongs to one dashboard owner. That owner can invite other people into the dashboard and decide:
- whether they can see all sites or only selected sites
- which actions they can perform
- whether two-factor authentication is required
- whether their access should expire automatically
Team members sign in with their own Flock WP account. They do not share passwords.
Shared dashboards
Flock WP supports two team views:
- Members you manage: People you invited into your dashboard
- Dashboards shared with you: Other owners who granted you access to their sites
This makes it practical for agencies, freelancers, and internal web teams who work across multiple client accounts.
Roles
Flock WP includes these built-in access levels:
- Admin: Full access to shared sites
- Editor: Broad day-to-day operational access, including site settings, maintenance, backups, and wp-admin login
- Maintainer: Focused maintenance access for plugins and themes
- Custom: A permission set you define yourself
Use built-in roles when you want consistency. Use custom permissions when access needs to be tightly scoped.
Site scope
When you invite someone, you can choose:
- All sites: The person can access every site in the dashboard that matches their permissions
- Specific sites: The person can access only the sites you select
This is useful for:
- assigning one account manager to a subset of clients
- giving a contractor temporary access to one project
- letting support staff review only the sites they own
Permission groups
Permissions are organized around real jobs:
General
- View sites
- Add sites
- Delete sites
- Pause or resume sites
Site settings
- Manage site settings
- Use wp-admin login
- View Google integrations
Maintenance
- Update plugins
- Manage installed plugins
- Update themes
- Manage installed themes
Backups
- View backups
- Manage backups
Two-factor requirements
You can require two-factor authentication for individual team members. If you enable this:
- the invite can still be accepted
- the team member must enable 2FA before they can fully use the shared dashboard
- Flock WP will show their access as blocked until the requirement is met
This is especially useful for agency accounts with contractors or client-facing data.
Expiring access
You can set an access expiration date when inviting or editing a member. After that date:
- the membership is no longer active
- the person loses access to the shared dashboard
- the record remains visible so you have an access history
Common use cases include temporary contractors, short-term audits, and migration projects.
Invites and onboarding
Invitation links are email-based. A person can:
- accept the invite with an existing Flock WP account
- create a new account first, then accept the invite
If the invite was sent to a specific email address, it must be accepted by that same email address.
Team management best practices
For agencies
- Give account leads access to all client sites they own
- Give technical staff maintenance permissions only if they do not need billing or ownership tasks
- Require 2FA for anyone outside your core staff
For internal teams
- Use specific-site access for business units or brands
- Keep destructive permissions like site deletion limited to a small group
- Review expiring and blocked memberships regularly
For client collaboration
- Invite clients with view-focused permissions when they need visibility without operational access
- Use reports and notifications instead of broad dashboard access when that is enough
What owners should review regularly
- pending invites that were never accepted
- blocked members who still need 2FA enabled
- expired access that can be removed
- members who still have broader permissions than they need