• Hi,

    We would greatly appreciate your advice on this matter.

    Recently we contracted a freelance web-based worker to work on our WordPress website. We required them to fix some issues with the site that included a change to menu functionality, content and layout.

    While in discussions about taking the job, we found the worker very competent and we trusted them enough to create a new admin user account on our WordPress site. We provided them the DB password.

    Immediately following proving the the WP-login the developer also requested Cpanel password, and while we would usually be reluctant to provide this, because it also provides access to email accounts, this was a new site and we had no issue with providing the Cpanel info. The developer then also requested FTP login info, and we provided that.

    We provided the developer this access before agreeing terms with them to do the work and the purpose of this was to provide them a transparent view of what we already had so they best provide us with a quote and timeframe for the work.

    We agreed terms and contracted the freelancer to work with us (a 2-3 day job). 24 hours into the job the freelancer requested the website’s main wp-admin user accont login info. We wanted to know why and they said that this provided them access to “the folder” we asked what folders and got not reply, we pressed for an answer and were told that this login info allowed the contractor to edit the css and page templates, however it is our understanding this can be done from the Themes editor panel under any site admin user, which they were.

    We resisted providing this login info, our concern was that the main wp-admin user account could be used to delete and reset other users and would hand over complete control of our site. Again, we pressed the contractor for why they needed this logon and they would not answer us clearly merely repeating the need to access css and templet file… they eventually withdrew from the contract.

    This caused us considerable problems because we had negotiated the job over a few days and we were working to a deadline, we had rejected other contractors in favour of the contractor we’d chosen and the breakdown has impacted on us in terms of the completion of the work and our ability to contract other developers.

    To be clear this is our website, we are not a service provider.

    While WordPress may be a great software we feel we are always vulnerable when hiring developer services, especially when it comes down to what level of access to provide them as different developers will request different access. A developer/programmer needs to be able to do their work and there is no point in us preventing them from doing it because of bad information or bad experiences. This leads us to our inevitable question…

    1. What does a developer need access to? And
    2. What is the best way to set up developer access.

    We feel providing them a wp-admin User access to the site and database password should be enough. There are plugins for WP that would allow a user to download site files if the wanted or needed to.

    3. So why the Cpanel and wp-admin site owner login details?

    I appreciate your help on this because it help us contract work better when we are informed about what we need.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    I won’t work on a site unless I have the access necessary to fix things in case (when) I break it to the point that WP doesn’t work. So, I’ll usually need FTP access and CPanel access to get to phpmyadmin for database backups and restores, in addition to an admin account under my own name for WP.

    I prefer to have FTP access if I need to edit files. Partly because it’s easier to make a backup and then restore anything if needed, but also because editing files in the backend of WordPress is a pain especially when there’s a lot of files that need to be edited. Using my code editor of choice is far more efficient. Also, if your CSS was written using a preprocessor language (e.g. SASS/LESS) it’s best practice to edit those source files and recompile the CSS code, which you can’t really do in the WP editor.

    Jason King

    (@jasoncharlesstuartking)

    I would absolutely want cPanel and FTP access before working on a WordPress site.

    FTP because that’s how changes would be implemented to theme and other files.

    cPanel for various reasons, including fixing caching issues, PHP version, checking logs, accessing the database via phpMyAdmin, restoring backup files etc.

    You should be able to give the dev their own FTP login, but often you can only have one login for cPanel.

    To back up what Steve said, this is partly in case a mistake is made, or something goes wrong. I’d want to be able to fix it. I’ve been in the position of trying to work on code with only limited access, and it’s far from ideal.

    This does of course, involve trust. Have a proper contract, make sure the dev has the right experience, make sure your backup routine is solid.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Developer Woes’ is closed to new replies.