Fiverr Forum

Saftey - Sharing website login in with Potential Sellers


#1

I’m new here so I am trying to read up on how to protect my accounts/information and still get a job done by a Fiverr Seller:
I need some modifications on my website but if I give out my account info to get into the WordPress dashboard couldn’t they hijack my account or something else?
I contacted a couple of Sellers that provide modification services but a couple have responded asking me for my website login information.
I believe I read an old post on Fiverr that buyers are not supposed to give out this kind of info, but how can the changes to my website be made then?

I posted this in the wrong area before, I hope this is the appropriate location for this question. Thanks in advance as I’d greatly appreciate some advice from members of this forum


#2

I would suggest that you contact your website hosting provider directly and ask about creating a special secondary account and explain your concerns. You want to retain full control of the primary login and not give out that information. That way if something happens that is a problem, you can log in through your own administrative account and change the password or otherwise block a user from access through the secondary account.

In addition, you can check with your hosting provider about backing up your site prior to allowing that access. Most providers have options for that too which protects you from being stuck with bad changes or unauthorized changes. If things go wrong with a seller, you can have the hosting provider restore your account with the backup and notify Fiverr Customer Support of what problems you had. It’s smart to get all of this set up before you hire someone.


#3

I’ve wondered about this too. Having a second account makes sense so that you can allow someone else access to work on it and then copy the code to the actual site after you see if it works like you want it to.


#4

i’m a wordpress developer and i face this problem every day on every freelance site, buyer don’t want to share wp admin login info with seller, so i always told buyers to create backup of your website, all major hosting companies provide this feature free of cost.


#5

Godaddy and other hosting companies usually offer the option of “Account Access” where you can give access to an account but not to financial info or email/password changes etc. Before giving login details to anyone I suggest you make a backup of your site.
If, during the time someone is working on your site and you have concerns about something they are doing I would suggest that you change the password and then contact them about it. If all is ok then you can give them the new password, if not then they cannot access your account maliciously.
The idea of a second account is a good option too.


#6

I have two versions of all my websites + websites i host. 1 is the live site and the other is a copy of the live site where all development and testing happens, my dev sites are online but on a separate server with non public access.
This way i dont have to worry about making a coding mistake resulting in downtime on the live sites (or worse a mistake resulting in a security vulnerability) and if i need help i can give temporary access to the dev site.
This + automatic daily backups have worked just fine for me.

If you have a business site or site that contains financial or client information and need development done, check with your insurance company first (they may have some requirements related to third party access and the developer).


#7

I am web developer. Let me help you with this. There’s a thing called staging website. This helps you to stage your website to a different URL and develop or design on it instead of messing the live one up.

Once, you create a staging website(If you don’t know how to create one, you should your web hosting provider.), change the username and password of your website and then send this new info to the seller. THIS ONLY WORKS WHEN YOU HAVE A WORKING CMS INSTALLED.

Now, if you are skeptical about sharing your cpanel login credential, make sure that you have backed up everything in your local computer or cloud. After the work is complete, change the password to something really complicated. I use password generators to do so.