If you hire a developer or designer, there are a few different ways to provide them access to your website. Different types of websites require different types of access. In this article, we’ll walk you through the different levels of access you can give your developer and how to safely provide that account access.
Note: this article covers how to provide your developer or designer with the type of access needed to work on and edit your website. If you’re trying to transfer your site, please see our guide on Helping your Designer Transfer your Website.
Levels of Developer Access
At the top level is your Account Management Panel (AMP), which provides full access to your hosting plan, billing information, and personal financial data. You should never give a third-party developer access to your AMP. There are a handful of tasks that can only be carried out in AMP, but you can easily take care of these yourself— see our article on Tips for using AMP for more information.
Next, we have server access. This includes both cPanel, a server control panel available on many of our accounts, and SSH access. Both of these programs allow you to use a program like Softaculous to install new programs on your account. At the server level, you can add new domains to an account and install new programs.
File Transfer Protocol (FTP) access lets your developer access your server’s files. It’s often used to upload sites during a transfer or install WordPress plugins. FTP access varies from one FTP account to another. You can create an FTP account that only offers access to part of a website, or an FTP account that offers access to everything on all of your sites.
At the lowest level of access are site logins. This includes WordPress logins and usernames. These logins provide access only to the controls and tools of an individual site itself, without direct access to the files, database, or server. For small changes, like updating a theme or adding an article, this is all some people will need.
Choosing a Level of Access
As a general rule, you want to give your developer or designer as little access as possible without affecting their ability to work on your site. WordPress websites serve as a good example. You may wish to only give your developer access to your site with a WordPress account. The issue is that WordPress websites, and other sites built around a database, may require cPanel access to troubleshoot database issues. Always discuss the access your developer will need with your developer, and reach out to our Support Team if you are unsure.
Issues to Watch Out For
Remember to change your passwords frequently, and make sure to never use the same password for two different sites. By default, your cPanel password is the same password as your AMP password. The concern here is that someone you give the cPanel password to could potentially log into your AMP account as well. Change your cPanel password before giving your developer cPanel access, so that you stay in control of your account and personal financial information.
Note: You can also set up a developer passphrase for your developer to verify the account if they contact us for support. This verification method, unlike other verification methods, unauthorizes us to make any billing-related changes during that contact session. You can create this in AMP by hovering over My Account and selecting Login & Security.
Remember to remove access to your site or account after your developer’s work is finished. For cPanel, start by checking the email address listed in your cPanel contact information and change it if needed. Be sure to reset the cPanel password.
Always review your FTP accounts area in cPanel after a developer had access and either change all account passwords or delete the FTP accounts. This is true even if you did not explicitly give your developer FTP access.
If an email address was created in cPanel for your developer, you can either delete the email address, or if you want to keep the email account up, change the email account password in cPanel .
If you added your developer as a second point of contact in AMP, update your contact information in AMP. You can always remove the ‘developer verification’ from AMP if you set that up as well.
If you created a WordPress user for your developer, change the user role to one without access to edit the site, or remove the user.
Power Your Growth with Managed WordPress
Unlock the full potential of your mission-critical WordPress site with scalable, purpose-built servers. Give your website the performance, security, and support it needs to succeed - so you can focus on growing your business.
Scalable Cloud Servers Advanced Security Managed Updates Expert Support
This is always been a problem of a client and a developer, they are afraid to give access to the developer which is really needed
For anyone planning to use this advice, keep in mind that once you give someone your cpanel login, they have complete access to all messages in all email addresses associated with your account. Simply go to the email section, click email accounts, click the pull down menu, and click “access webmail”
Through the cpanel, they can open every email account in the web mail client, read/delete every message, and send whatever they want to whomever they choose.
That is correct. That is why we recommend giving the least amount of access needed, such as an FTP account, as opposed to full cPanel access.
It’s quite understandable, even for someone like myself who is quite new to hosting…
Thanks.