Knowing what you should and shouldn’t give your developer’s access to is a great way of keeping some of your private details secure, e.g. your payment details, which are accessible through the control panel. It also helps keep your other website’s files and database inaccessible if a developer isn’t working on them.
They may also need backend access to your website’s CMS to be able to manage content quickly and easily. A lot of CMS’s support multiple users, so a lot of the time it just requires you to create one for your developer with the appropriate access control levels. It is highly recommended you remove this once they have finished their work and that you do not share your main admin account username and password with them.
FTP Access – SubFTP
When a developer is working on one of your sites, they will more often than not require FTP access to the files under your account on the server you’re hosted on. A sub FTP account works in the same way as the primary FTP account, except you can put forward more restrictions and use different login details. This means you can do things such as restrict directory access for the account, or give it a different password, just in case you use the same one for other logins (which you shouldn’t be doing!).
You can see how to create a SubFTP account using one of our support guides.
Database Access – DB Users and Logins
Sometimes your developer may require access to manage your database. You may think it will just be easier to provide them with the same database credentials you use to login yourself, however this can include the creation of multiple security issues.
It’s highly recommended you add a singular database user for the database they wish to manage. You can give the user whatever privileges you wish, however do so at your own risk. You can see a rough outline of these yourself below:
|Role:||Set of privileges:|
|read/write||select, insert, delete, update|
|dba||select, insert, update, drop, create, alter, index|
The one you would usually want to check before giving your developer unless you’re definitely sure they require it is the dba (database administrator) role. If they do, still ensure it’s a separate user/login so that the logs show the correct information if needed.
We have numerous guides for creating both MySQL and MSSQL Users. It is incredibly important you delete their user/login once they have finished the work for you, otherwise they can gain access whenever they wish. You can also see a guide on how to do this below.
Last modified: 28/01/2019