I'm in a bit of a dilemma here. I hired a developer on Fiverr to work on some backend scripting for my website, and while he's been asking for my full hosting account login, I've already provided him with separate access to necessary components. Specifically, I set him up with a database dev account on phpMyAdmin, a cPanel FTP account, and an admin user account on my WordPress site. He insists that he still needs my main login because he claims that without it, he can't do his job effectively. Given his solid ratings—5 stars and 178 reviews—and that he's based in Bangladesh, I'm at a crossroads. Is it really safe to share my main login, or is there a better way to handle this?
5 Answers
He really doesn't need more access than what you've already provided. If he's extending WordPress functionality, he should ideally be developing a plugin that you can manage later. With the accounts you created for him, he should have everything he needs to succeed without your full access.
Right on! Giving out full access isn't normal procedure. Just keep a close eye on things.
No way! Giving out your admin password is just asking for trouble. He should be able to manage everything with the accounts you set up for him. Stay safe and keep that main login private!
I'd advise against handing over your full hosting login. I once received it from a client, and while I appreciated the trust, it put unnecessary pressure on me if anything went wrong. You provided him with all the necessary access already. If he needs something, he can just let you know, and you can handle it. No need for the full access!
You definitely shouldn't give him your admin password. Creating separate user accounts with restricted permissions is the safest way to go. Keep your main login private to avoid any security risks!
It sounds like a bad idea for several reasons. Granting someone your hosting account access could raise security issues. They might set up backdoor access, or worse, lock you out. Plus, working directly on your production server is risky; he should ideally have a test version to prevent disruptions.
Exactly! It’s all about protecting your security. He should be able to do what he needs with the accounts you've given him.