I am working on a website with the help of a developer since I don't possess much knowledge about web development. Now, it is time to select a hosting service and other related tasks. The developer asked for FTP access, but I couldn't comprehend it, so instead, I provided him with a username and password to access my hosting account.
Is it possible for him to retain access to the server even after completing his work? I plan to change the password once he finishes.
Providing the developer with your hosting account username and password can potentially grant them continued access to your server even after their work is completed. It is generally recommended to avoid sharing your personal account details, especially with someone you do not fully trust or who no longer needs access.
To ensure security, it is best to grant temporary access using specific user roles or permissions provided by your hosting service. For example, many hosting platforms allow you to create separate FTP accounts with limited access rights for developers. This way, you can control and revoke their access easily without compromising the security of your entire hosting account.
If you have concerns about the developer retaining access, it is essential to change your password once their work is finished. Additionally, consider removing any unnecessary accounts or access privileges associated with their work to minimize potential risks.
best practices when working with developers and managing hosting services:
1. Use Version Control: Implement version control systems like Git to manage the codebase of your website. This allows you and your developer to collaborate without having to directly access your hosting server. It also provides a safe and trackable way to manage changes made to your website's code.
2. Grant Limited Access: If you must provide direct access to your hosting account, create a separate account specifically for the developer. Ensure that this account has restricted permissions, only granting access to the necessary files and directories needed for the project. This way, even if they retain access, their capabilities will be limited.
3. Monitor Account Activity: Regularly monitor the activity logs or notifications provided by your hosting service. Look for any suspicious or unauthorized actions on your server. If you notice any unusual activity, contact your hosting provider immediately to investigate and take appropriate action.
4. Backup Your Website: Regularly back up your website's files and database so that if anything goes wrong, you can quickly recover your data. This is especially important when working with external developers who may have access to your server.
5. Revoking Access: Once the development work is completed and you have confirmed everything is functioning correctly, it is essential to change your passwords, including FTP access and any other associated accounts. This helps ensure that the developer no longer has access to your server.
Why are you so suspicious of the person creating your website? Why do you continue to work with them?
I still have numerous access privileges to different client servers, billing systems, and more. I maintain a quiet presence, but when necessary, I can swiftly address any server-related issues.
Stop being overly paranoid; nobody is interested in your insignificant expenses on DO. Any reasonable freelancer possesses numerous access credentials for various client services.
PS
Experience has shown that troublesome clients who attempt to avoid payment or negotiate until the very end often harbor such thoughts.
Is it possible to steal what you already give?))
You remind me of a girl who visited the dentist and requested to have her tooth sealed so she wouldn't have to open her mouth.
Interestingly, the developer possesses significantly more chances to make mistakes, since their code will be executed by you - that is sufficient.
Trust becomes an issue here. If you cannot trust yourself to oversee and sign a contract with the developer, you will need someone who can supervise the process.
By doing so, you're creating a backdoor for them to access your server whenever they want. What's to stop them from using that access to steal your data, modify your website, or even sell your hosting account to the highest bidder?
You need to create a new user account with limited privileges and provide them with the necessary access.
Web development collaboration requires balancing trust and security to ensure smooth teamwork while protecting sensitive data. Clear roles, access controls, and version control systems (like Git) help maintain security. Using secure coding practices, encrypted communications, and multi-factor authentication prevents breaches. Trust among developers fosters efficient workflows, knowledge sharing, and innovation. Regular security audits, NDA agreements, and monitoring tools ensure data integrity without restricting collaboration. A well-structured approach maintains team synergy and project security, leading to successful web development. Prioritize trust and security for seamless collaboration!