[ad_1]
Hello! I need to have a dev fix some bugs on a plugin. I’ve manually staged the site and granted access to the inactive staged site for them to work through the bugs.
My question is once they’re done, what’s the easiest, quickest way to scan the staged site to what changes they’ve made? Would like to audit their work before making live. I’ve staged the site using Bluehost.
I trust them as much as I can and I’m not too worried. I just want to cover all the bases and watch my back. Trust can only so far.
Thank you!!!
[ad_2]
WordFence can identify file changes in between scans. Though it notes that it compares the plugin to the repository. It does not mention what happens if it is a custom plugin.
[https://www.wordfence.com/help/scan/scan-results/#plugin-modified])
If the plugin is under version control, the commit history will show all of the changes.
If you are comfortable with the terminal [diff man]).
Using SSH u can compare file differences with the `diff` command. If you make a database dump of both the live site and the staging, you can compare also compare all changes in the database. This approach would be the most complete/thorough, but also very tedious.
More efficient would be to monitor their actions through a Must-Use plugin. However, this would only be an option if they’re only given WP admin access. Make sure to write the plugin to send all actions to an isolated environment immediately, so they couldn’t affect the data by installing WP File Manager or something of the sorts.
That being said, I consider it to be very unwise to grant access to someone if you don’t trust them, honestly.