You can (and should) create a new WordPress user account for them and delete it after they’re done. But, as this is to check a plugin issue, the new user has to be an administrator user, not a limited user, as only administrators can manage plugins.
Your question is about trust.
Understand that you’re already running their code — their plugin — on your site. If they are malicious actors, their code can do equally bad stuff to your site. So if you’re trusting them to run their code (ie plugin) on your site, then the genie is out already… and I wouldn’t worry any more about granting them admin access to the site.
Things you can do:
1) Create a backup before handing them access… so you can roll back if necessary. Even if they’re not malicious, they are humans who can make mistakes. So this will save you from any accidental mistakes as well. Of course, if you need to roll back, your original problem will still be unresolved.
2) Install an activity monitor plugin that will monitor and log (or even email) you everything the support staff may do on your site. But a bad actor will likely check and remove such a plugin.
3) If you’re not running a WordPress security plugin, install one and run it to get a baseline security posture of your site. Then after the work is done, run it again to see if there are any changes, security-wise.
Good luck!
Moderator
Yui
(@fierevere)
永子
@fartbrat It depends
If you are asking for support for PRO plugin – Its up to you, you can follow the advice above.
If such request came during FREE (and hosted on ww.wp.xz.cn) plugin support – Its a violation of plugin developer guidelines and forums guidelines, you shouldnt give them any login access, please continue using the topic you have opened on forum to get support.
I would be wary of letting somebody else have full control of my website that i did not know but that is me.
I would be wary of letting somebody else have full control of my website that i did not know but that is me.
Yes, EVERYONE would and should be warry.
But when your site is completely down or a critical feature your site depends on to rope in the dough is non-functional… and you don’t have the technical skills to fix it yourself, then it becomes a matter of calculated risk.
You don’t swallow the bitter pill when you’re perfectly fit and out there strolling on the beach 😀
