Recently, I deployed a project on client’s server. Just like any other developer, I used the very easy username and password for the admin panel of the WordPress Site for development purpose, of course I used FTP, cPanel of that server too.
Once the project was finished as a standard practice I advised my client to please change the Credentials of Admin Panel, FTP and cPanel.
Client who had been in the IT business for almost a decade really appreciated my advised and told me a story where he was the victim. He hired a developer, paid him a handsome amount to develop an application. Once project was finished and deployed, he didn’t bother to change credentials of admin user, which developer had been using during the deployment.
One day, his site was hacked, he had to gone through a long and painful process to get the site back to the original condition.
If you could adopt the following process you can avoid to be in the situation like this.
- Always change the credentials of the admin users of of the site, best is if you could just delete the user created by developer during the development.
- Carefully go through cPanel and check users for PHPMyAdmin, FTP - change credentials of all the users.
- Always ask developer to provide you code files and db script as well even if your developer has deployed the site on your server.
- Use google Image Search to check if design/banner/logo is the original work of the developer/designer to avoid any lawsuit afterwards.
Once you verify that everything is good, mark the project as completed, leave review according to the quality of the work.
Always go through the same procedure even if your developer is making the minor changes.
Your suggestions and comments will be appreciated, please don’t forget to add more points in your comments.