Title: Contractor Access
Last modified: May 2, 2018

---

# Contractor Access

 *  [john2871](https://wordpress.org/support/users/john2871/)
 * (@john2871)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/contractor-access/)
 * Hi,
 * Please bear with this and I hope you can help.
 * Recently we contracted a freelance web-based worker to work on our WordPress 
   website. We required them to fix some issues with the site that included a change
   to menu functionality, content and layout.
 * While in discussions about taking the job, we found the worker very competent
   and we trusted them enough to create a new admin user account on our WordPress
   site. We provided them the DB password.
 * Immediately following proving the the WP-login the developer also requested Cpanel
   password, and while we would usually be reluctant to provide this, because it
   also provides access to email accounts, this was a new site and we had no issue
   with providing the Cpanel info. The developer then also requested FTP login info,
   and we provided that.
 * We provided the developer this access before agreeing terms with them to do the
   work and the purpose of this was to provide them a transparent view of what we
   already had so they best provide us with a quote and timeframe for the work.
 * We agreed terms and contracted the freelancer to work with us (a 2-3 day job).
   24 hours into the job the freelancer requested the website’s main wp-admin user
   accont login info. We wanted to know why and they said that this provided them
   access to “the folder” we asked what folders and got not reply, we pressed for
   an answer and were told that this login info allowed the contractor to edit the
   css and page templates, however it is our understanding this can be done from
   the Themes editor panel under any site admin user, which they were.
 * We resisted providing this login info, our concern was that the main wp-admin
   user account could be used to delete and reset other users and would hand over
   complete control of our site. Again, we pressed the contractor for why they needed
   this logon and they would not answer us clearly merely repeating the need to 
   access css and templet file… they eventually withdrew from the contract.
 * This caused us considerable problems because we had negotiated the job over a
   few days and we were working to a deadline, we had rejected other contractors
   in favour of the contractor we’d chosen and the breakdown has impacted on us 
   in terms of the completion of the work and our ability to contract other developers.
 * To be clear this is our website, we are not a service provider.
 * While WordPress may be a great software we feel we are always vulnerable when
   hiring developer services, especially when it comes down to what level of access
   to provide them as different developers will request different access. A developer/
   programmer needs to be able to do their work and there is no point in us preventing
   them from doing it because of bad information or bad experiences. This leads 
   us to our inevitable question…
 * 1. What does a developer need access to? And
    2. What is the best way to set 
   up developer access.
 * We feel providing them a wp-admin User access to the site and database password
   should be enough. There are plugins for WP that would allow a user to download
   site files if the wanted or needed to.
 * 3. So why the Cpanel and wp-admin site owner login details?
 * I appreciate your help on this because it help us contract work better when we
   are informed about what we need.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [catacaustic](https://wordpress.org/support/users/catacaustic/)
 * (@catacaustic)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/contractor-access/#post-10241022)
 * First off, there are a lot of times when a developer will need access to the 
   site as an adminstrator, FTP, cPanel. For the majority of work that’s needed 
   to make sure that eveything goes smoothly, especailly if there’s a problem with
   a change that’a made. I can’t count the amount of times that a simple typo has
   made a site that I’m working on crash, so at a minimum FTP is needed to make 
   sure that I can still update the files.
 * Having said that, there is no reason whatsoever to hand over your own administrator
   account details. All administrators have access to the same things, so any of
   them can do anything. This does include editing and removing other users.
 * What they are asking for is too much- espcially when thre’s no formal agreement
   for them to actually do the work. First lesson: never ahnd over anything until
   there’s a contract in place, even if it’s just a verbal one.
 * The best thing to do is let them have the access that they need, and as I said
   before, that can include cPanel and full administrator access. When they’re finished,
   delete their administratora ccount and change the passwords for cPanel, the database
   and any other systems that they use.
 * In this case I’d also recommend looking at what they’ve actually changed just
   to see if there’s anything there that shouldn’t be. That’s just me being alittle
   too paranoid about these things, but it never hurts to verify that nothing “extra”
   has been added that shouldn’t have been.
 *  [tristangemus](https://wordpress.org/support/users/tristangemus/)
 * (@tristangemus)
 * [8 years, 1 month ago](https://wordpress.org/support/topic/contractor-access/#post-10243820)
 * If I am working on a client’s website, I need a minimum of FTP – but full access
   is most desired.
 * In your shoes, I understand being somewhat worried about providing that type 
   of access.
 * With that being said, I would look into a staging website solution where you 
   can give them access to that website without it effecting production sites.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Contractor Access’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 3 participants
 * Last reply from: [tristangemus](https://wordpress.org/support/users/tristangemus/)
 * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/contractor-access/#post-10243820)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics