A little freaked out about giving out my password to hired designer...
August 19, 2014 7:07 PM   Subscribe

I want to hire a WordPress Pro to fix up my lame looking site. Does this have to entail me giving that Pro my admin password? This scares me. Should this not scare me? Is there another way?

I am adept enough to select themes, muck about in the dashboard but that's where it stops. I have found a few people I'd like to hire based on their portfolios. These people are all remote and I personally do not know anyone who has used them or anyone who knows them.

While I do trust them to make something awesome, I don't know these people. (**And if they don't make something awesome, that happens when you hire freelancers... This question isn't about if there is design-fail which is a risk I understand.)

But here is the sticking point for me... From my extremely beginner understanding of WordPress, I am going to have to give said designer my admin username and password. This skeeves me the @#$%@#$% out. No, I don't use that same password anywhere else, and I get that when they finish the work I can change my password to something new. But giving out my admin password just seems w.r.o.n.g.


(1) Is this simply how hired wordpress design is done? You give out the pw and change it after the work is complete?

(2) Is my instinct right, and bad things can happen-- or I am just needlessly paranoid?
(2a) Can they put anything in my wordpress installation, through the wordpress dashboard, that would act like a back door, or cause me problems later?

(3) If bad things can happen, is there a workaround?

Advice? Warnings? Calming assurances? Looking forward to the wisdom of the hivemind. Thanks.
posted by gravitypanda to Computers & Internet (14 answers total) 2 users marked this as a favorite
It's typically how things are done. You can give them their own admin account and do a full backup of your themes, plugins and data before they begin - but they will need access to do the job you're hiring them for.
posted by annathea at 7:10 PM on August 19, 2014 [3 favorites]

You could create another admin account for him and then delete it when the consultant is done. But yes, if you want him to work on your site he needs access to the backend of the site.
posted by COD at 7:17 PM on August 19, 2014

Giving various passwords to technical folks who are helping you with various computer issues is unfortunately a fact of life in the business world. The way I handle it is by changing my password to something situation-specific before they need it, then handing this bland password to them, then immediately change it again after their work is done. It's the best I've been able to come up with. Use very different kinds of passwords for each situation and they won't even be able to guess your "real" one based on the milquetoast one you give them.
posted by Joey Buttafoucault at 7:18 PM on August 19, 2014 [5 favorites]

If you paid a designer to redesign your website, they need your password, or you need to add them as a user who is also an administrator. That's how my website works. The design company just has an admin account. It's the only way they can make changes to the site. You can change your password when they are done or revoke their account.

I don't know what you think they would care to do with your website. This is their job. It's like handing your credit card to a waiter. Are they going to steal the info off it and go on a shopping spree? Or are they going to do their job and just charge you for your meal?
posted by AppleTurnover at 7:36 PM on August 19, 2014 [3 favorites]

If I were your designer, I'd definitely need the WP admin password (and possibly your FTP password, too, depending on the project required - sometimes you just need to upload themes via FTP).

The only way I can think of to get around this would be for you to give the freelancer a copy of your site (database, files, etc.) and have them install & run it on their server. When everything looks good, they could give you the files & you could upload them.

BUT - this has the potential to break all sorts of things. Your server will probably have different settings that could make things work differently. You might misconfigure something or not upload all the files in the right location.

Really though, that's just being paranoid. If you're working with professionals, they have no interest in messing up your site. And if they are evil scammers posing as professionals, they probably know how to bury backdoor code deep inside your theme where you wouldn't think to look for it.

You're more likely to have problems if you download & install random themes that you find online (other than on the main wordpress site). That has been the cause of every hacked site I've had to clean up.
posted by belladonna at 8:02 PM on August 19, 2014

I disagree with the above. While it is common to give a designer like this password access to your current Wordpress setup, it's really not necessary.

I'm assuming that the costs for what I describe will be minor compared to what you'd pay the designer.

All you need is an entirely separate, short-term, web space to which the designer does have access. Since you know a little about how WP works, you can even make a backup of your data and have the designer restore it into the new location. I myself keep a couple of domain names around to make this even easier, and your new designer may already have his/her own web space that he/she prefers to work in.

Once the new location setup is what you want, you can either 1) have the designer package up the new/modified theme for you, then install it yourself on your current web space, or 2) modify your domain name record and the hosting account so that people looking for you find the new space instead of the old space; your choice if you want to change the FTP, SSH, and Wordpress admin passwords after that.

This isn't 100% secure; if you accidentally hired a bad hacker, he or she could set up the theme to do bad things and/or create some kind of back door. Then, too, you'll possibly need maintenance and/or updates to the theme if WP changes in ways that mandate it.

You could hire _two_ remote designers (or a designer and a programmer) and have the second evaluate the new theme for security issues before you install it, but I know you're unlikely to do that.

Make sure you make backups of your site content regularly, of course.
posted by amtho at 8:33 PM on August 19, 2014 [1 favorite]

Also - it's not being paranoid. Even if your new designer isn't malevolent, it's normal to have little hiccups while developing or modifying existing software -- and that's what a lot of "designs" are, including WP code. A new version of a web site should really always be created in a separate file space -- I am baffled at how seldom this seems to happen in real life, since, especially given WP's theme mechanism, it's not that difficult to do. When I make new versions of sites myself, I always do it either in a "working" folder (so you can see it at http://awesomewebsite.com/working/) or in a totally different hosting area (e.g. http://tempsitearea.com// or http://working.awesomewebsite.com/).

Making design changes in real time to your real web presence is a little quicker -- I've done that, too -- but it's not that much quicker, and it can save a lot of embarrassment and panic.
posted by amtho at 8:38 PM on August 19, 2014 [1 favorite]

It will probably make things easier if the contract developers have admin access, but it's not necessary.

The developers should be able to encapsulate their work into a theme and/or plugins. So if you're familiar enough with WP to upload a theme or plugin and turn it on (not install via the wordpress.org site), they don't need back-end access. This might make their job a little harder, but not much, and I think it might force them to avoid shortcuts in development.

They might reasonably want to try things out with your site's data to make sure it looks good. You should be able to give them an export of WP's contents—if you really want to get fancy, a complete SQL file.

As a rule, they shouldn't be tinkering with your production site except for maybe some inevitable last-minute fixes. They should be working on a development site, possibly run from a server on their own computer.
posted by adamrice at 8:55 PM on August 19, 2014

I'm not a developer, but I am an SEO hand, and I have admin access to dozens of client sites. I think you really need to work with someone you trust, and who has some good references.

There are a couple of WP sites where I don't have admin access and it drives me insane. Basic changes that would take me 10 seconds to do take hours and hours... if they ever happen at all.
posted by Nevin at 9:09 PM on August 19, 2014 [2 favorites]

Wow. A lot of great information here... thanks so much everyone!
posted by gravitypanda at 11:11 PM on August 19, 2014

Most WP people do just work on the live site. It's not really advisable, but they do it. What I used to do with WP clients is copy the site to a subdirectory, redesign that copy, and then when it was ready to go live simply update settings to make the site in the subdirectory appear at the domain root (assuming that was the original config.) But the consultant probably still needs ftp access, which sort of negates any security benefit of working on a copy of the site.
posted by COD at 6:31 AM on August 20, 2014

Run full backup for yourself before you do anything. Raw files & database. This is meaningless if you don't have the means to reconstitute the site yourself.

Create a new user associated with their email address and a password of your choosing. Send that to them. Typically (S)FTP access is also necessary, and I advise creating a new one if you have the means.

If you don't trust the developer, then figure out what you need to do to trust them. Is that paperwork? A contract? What is missing here?

(By way of analogy, when you get your car worked on, you give the shop both your car, and your keys. You ARE ENTRUSTING your car to them. A website is no different. You're giving them full control and that's the transaction you're engaged with. You're right to take this seriously, but wrong if you think someone can work on your site and not have this latitude).

When the work is done, delete the extra admin and ftp username.

As a developer, clients who do this and who end up wanting more work from me end up running through the process again, which is a bit of a hassle for them and me (I end up waiting while they set back up new credentials for me) - but they understand that bit and it's meaningful security for them.
posted by artlung at 9:53 AM on August 20, 2014

amtho brings up a good point. Any development should be done in a development environment and not directly to the live site anyway. This can be as simple as setting up a subdomain (i.e. "dev.mysite.com") using the existing hosting account.
posted by humboldt32 at 12:45 PM on August 20, 2014 [1 favorite]

Also - if a potential consultant/designer won't work in another web space, then that's a clue that you could possibly do better in your hiring decision.
posted by amtho at 3:57 PM on August 20, 2014

« Older In six months I'm travelling t...   |  Last Year my housemate (and go... Newer »
This thread is closed to new comments.