1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Question] Giving web designer access to my wordpress

Discussion in 'Making Money' started by MrGr33n, Aug 3, 2015.

  1. MrGr33n

    MrGr33n Regular Member

    Joined:
    Oct 9, 2014
    Messages:
    225
    Likes Received:
    42
    This is the first time I am doing this so I am unsure of what the normal protocol is. I assume I would need to create another admin user for the designer to use to work on my site as well as ftp access. However how do I do this while at the same time keeping myself safe? Are there other things I need to be doing to keep safe? Hypothetically what could the designer do if he was a bad person with the access I give him?
     
  2. roadhamster

    roadhamster Regular Member

    Joined:
    Mar 12, 2012
    Messages:
    335
    Likes Received:
    242
    Be sure to create a backup of your site and database. If something goes wrong you can always restore your backup.
    While giving away administrator rights to your wordpress, and via ftp-access, you could get screwed. It's a matter of trust, but if you don't trust it then don't do it.
    It's always handy to make an extra ftp account with other credentials than yours, limit the rights and directories someone may work in.
    Bottomline: don't ever give away your credentials to stay safe, its' like giving away the keys of your house.
     
    • Thanks Thanks x 1
  3. TayaX

    TayaX Jr. VIP Jr. VIP

    Joined:
    Dec 13, 2010
    Messages:
    3,471
    Likes Received:
    1,937
    Occupation:
    Skype : TayaxBHW
    Location:
    France
    Home Page:
    Make sure you trust him.
    If I recall, ftp access will give him access to your config file where your database password is stored.
     
    • Thanks Thanks x 1
  4. MrGr33n

    MrGr33n Regular Member

    Joined:
    Oct 9, 2014
    Messages:
    225
    Likes Received:
    42
    Appreciate the replies guys.

    Good idea. I will make a backup of the site and database. I'm fairly new to all of this so I will read around how to do this. I already use the iThemes Security plugin which emails me a backup to my email but I have a strong gut feeling that this is only a partial backup. I will read more about this. You said site and database so I presume they are two different things. I have already made a separate ftp account with access only to the website that he will be working on

    Do you mean wordpress config file and wordpress database? Still grasping the reigns of all of this :p Learning on the job!
     
    Last edited: Aug 3, 2015
  5. TayaX

    TayaX Jr. VIP Jr. VIP

    Joined:
    Dec 13, 2010
    Messages:
    3,471
    Likes Received:
    1,937
    Occupation:
    Skype : TayaxBHW
    Location:
    France
    Home Page:
    Someone will have to confirm this but the database password is stored in the config file of wordpress, non crypted, which will be a problem if you chose it and this pass gives acces to other things.
     
    • Thanks Thanks x 1
  6. MakavelliD

    MakavelliD Regular Member

    Joined:
    Dec 4, 2014
    Messages:
    207
    Likes Received:
    35
    Full backup - database and wordpress files, Seperate temporary admin account, Seprerate temporary ftp account. The hosting company might do it for you, sometimes they take regualr backups anyway. So if you have any issue in future just restore the backup and change passwords

    Unless you have some indicator not to trust the guy I don't think you have much to worry about. Most people just trying to do a job to put food on the table.
     
    • Thanks Thanks x 1
  7. Apricot

    Apricot Administrator Staff Member

    Joined:
    Mar 26, 2013
    Messages:
    12,555
    Likes Received:
    7,981
    Gender:
    Female
    Occupation:
    BHW Moderator
    Location:
    the clacks
    Home Page:
    Yep, db username and password is in the wp-config file in the root. But you can change the password after in phpmyadmin and wp-config so it's not the end of the world.

    Also, technically, they don't need access to the root - just the wp-content directory and doesn't have to be via ftp either. If Wordpress is installed, you can upload plugins and themes via http through the dashboard.
     
    • Thanks Thanks x 1
    Last edited: Aug 3, 2015
  8. MrGr33n

    MrGr33n Regular Member

    Joined:
    Oct 9, 2014
    Messages:
    225
    Likes Received:
    42
    Thank you guys for the advice very helpful. I need to do some reading on wordpress database management because atm I don't know much about what the database even stores. I have had a nose around phpmyadmin in the past but it didn't make sense to me what was stored on it. I enjoy learning and reading about this stuff anyway, going to start with this article http://www.wpbeginner.com/beginners...ordpress-database-management-with-phpmyadmin/
     
    Last edited: Aug 3, 2015
  9. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,218
    Likes Received:
    2,413
    Occupation:
    blog creator
    Location:
    UK
    I use duplicator plugin which is free to back everything up , it does it on a couple of clicks. As others have said it is trust, they could add nasty code to your php pages etc. I have had work done for me before, what i did was to duplicate the site, then send him the zip file of the whole site for him to use on his localhost, he then did the work and duplicated it and sent it back for me to check on my WP simulator or local host. While this was happening my site was still live- Easy.
     
    • Thanks Thanks x 1
  10. MrGr33n

    MrGr33n Regular Member

    Joined:
    Oct 9, 2014
    Messages:
    225
    Likes Received:
    42
    That is great advice thanks for the duplicator plugin heads up. That WP simulator sounds interesting also. And yeah although I do trust the guy, I have never met him and I guess my greatest fear is malicious code inserted into my site. Though even if I did what you do, there's no way of me making sense of the code anyway
     
    Last edited: Aug 3, 2015
  11. nocare

    nocare Junior Member

    Joined:
    Apr 29, 2013
    Messages:
    164
    Likes Received:
    81
    Location:
    Deep Code
    Backup your wordpress site, download smart git. Create a new repository in an empty directoy.
    Throw the files of your local copy of wordpress (just the wp files) into it.
    Select all the files, hit commit.
    After he's done working, backup your site files and drop them into that same folder again, overwriting everything.

    Git will show you exactly what files changed and how. You will likely have some junk (cache files and such) but I am not aware of any way to get around this.

    Do note, you can't quite audit the database file in this same manner unfortunately, and he could definitely find ways to hide things there.
    But it would create a good place to start if you would like a 3rd party to audit his work.

    Backing up the files and database is a good and well practice, but checking the files for changes is as well to simply check if he's added some form of backdoor access.

    cheers.
     
  12. abhijit369

    abhijit369 Junior Member

    Joined:
    Jan 17, 2010
    Messages:
    118
    Likes Received:
    18
    I would suggest if its a new website design, let them design on their servers and give you the backup file with backup buddy. You can restore the site yourself easily!!!
     
  13. Aluminium

    Aluminium Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 5, 2013
    Messages:
    1,744
    Likes Received:
    931
    Gender:
    Male
    Occupation:
    High-Quality Content Provider
    Location:
    Canada
    Home Page:
    This - a respected designer is nothing to fret over.

    They want your business for the long run, which means they aren't going to try and sabotage a new client (well, in most cases).
     
  14. MrGr33n

    MrGr33n Regular Member

    Joined:
    Oct 9, 2014
    Messages:
    225
    Likes Received:
    42
    Just to update this thread I've been doing non stop reading and ended up purchasing a great theme, a few plugins and doing the css and php edits myself to customise my site and make it look great. Cost me a total of about $200 and saved me a few thousand dollars (the prices that I was quoted by several designers) as I researched free alternatives of many plugins that work fantastically and once I got over the fear of modifying the css and php it really does wonders to your website. There is a great wordpress community on the forums that help you out along the way. I struggled and swore loads, and got lots of wordpress white screen of deaths after doing a bad php edit but the end result is so worth it. I also migrated my site to a different domain and now know about mysql databases, phpmyadmin and wp-config etc. which at the start of this thread I had no clue about. Woocommerce is simply fantastic and I used a great woocommerce bitcoin gateway that uses electrum which is exactly what I wanted.

    For future noobs reading this thread you really should get your hands dirty and learn on the job. It's fun, the rewards are great and you learn an important set of skills.
     
    Last edited: Aug 13, 2015