[ad_1]
[ad_2]
I have already created a staging site for my developer and given him an admin access (to the staging site only) who is working to iron out some things.
On the staging site I have installed two site monitoring tools – Simple History and WP Activity Log
He says he would like a backup copy of either the production or staging site to install locally on his computer to look into coding of the theme.
My questions are –
- Is this normal or safe to do?
Considering it is a woocommerce store with connected payment gateways.
Of course once he says he has completed the project I will thoroughly scan the website with Wordfence, delete his admin privileged account before syncing it to my production site.
Can he do anything that Wordfence might not be able to detect?
OR use this backup copy to do something unthinkable later on?
Thanks
Yes it’s safe
We didn’t check with previous clients and have not vetted your developer and we would not know. For the most part it’s common the dev to need free range.
This is very common. It’s the first thing a reputable developer would do. Take a backup of exactly what they are working with. This way they can work locally and not risk any downtime to the real site whatsoever.
Since you’re installing monitoring tools, it sounds like you have a bad feeling about it already, is that right? There has to be a level of trust when building these sites. If your data is sensitive, like customer data, the developer would have access to all of that. You really need someone you can trust or you have to break out the tasks so that the data doesn’t matter. Like if they’re building a theme or plug-in, real world data may not be required.
You said e-commerce. You might have keys to your payment provider in your production backup. Also customer information?
Copy of staging, sure. Probably not production.
Maybe. Is your developer know and trustworthy?
Have you created a site clone that doesn’t have any live credentials? Live DB names and passwords?
Live admin passwords?
I mean trust is earned… so you tell me.
Make sure they understand the data sensitivity, monitor him to make sure he follows best practices and have a NDA with him for your safety.
I think, it depend with developer.
My suggestion is make a good connection with developer & developer also need to understand that your company & it’s profit is part of his business. Instead of cheating you, his motivation must be to increase your profit with his skills & knowledge.
Never try some random person with very low budget. Hire a person with an average budget, share some initial task to him, properly pay & understand his nature. Try to continue working with same developer & after you both get same understandings, share your site access & backups etc.