WordPress.org

Ready to get started?Download WordPress

Forums

Is it safe to hand over the admin rights? (13 posts)

  1. danols
    Member
    Posted 8 months ago #

    I have a shared web hosting account where I have several different websites running on WordPress.
    I want to hand over the admin rights for one of my WordPress installs to someone and I am wondering how secure this is.
    Can this person having admin rights for one WordPress installation alter or do anything to harm any of the other WordPress installs on this shared hosting account? I want them to be able to download plugins etc and do anything they need to that particular WordPress install but I don't want them to be able to run any scripts etc that can mess with any of the other WordPress installs.
    Maybe a stupid question but I need to know.
    Thanks

  2. Rod Whiteley
    Member
    Posted 8 months ago #

    An admin can run scripts that access everything in the shared file system, including configuration files that contain passwords to other databases.

  3. esmi
    Forum Moderator
    Posted 8 months ago #

    Can this person having admin rights for one WordPress installation alter or do anything to harm any of the other WordPress installs on this shared hosting account?

    No. All WordPress installs are completely separate. This, of course, assumes that you have used different login details on each install.

  4. esmi
    Forum Moderator
    Posted 8 months ago #

    An admin can run scripts that access everything in the shared file system, including configuration files that contain passwords to other databases.

    Any host that allows that kind of thing should be dropped - rapidly.

  5. danols
    Member
    Posted 8 months ago #

    So one yes and one no. (different login details obviously)
    How do I know if the host allows scripts to be run in this way? is that the standard, or is it more normal that they wont allow users to run scripts like this?
    Thanks for the replies

  6. leejosepho
    Member
    Posted 8 months ago #

    How do I know if the host allows scripts to be run in this way?

    Is there any reason to believe such scripts could be run from the WordPress Dashboard?

  7. esmi
    Forum Moderator
    Posted 8 months ago #

    In theory, you could upload almost anything as a plugin. You certainly cannot access the wp-config.php file (or any non-theme or plugin file) via WordPress itself. So I'd argue that, unless you also have FTP access or have already obtained cross-site database details), there is a definite limit as to what you can achieve - even with admin status.

  8. danols
    Member
    Posted 8 months ago #

    This is the answer I got from another guy that seems to be an experienced WordPress developer.

    He is basically saying that a WordPress Admin of one installation can access and do what he wants to any of the sub folders in the hosting account since he can execute any code he wants.

    I understand that for the right hacker anything is possible. I want to know if someone with a bit of programming skills can do some damage. Not if a worldclass hacker theoretically could do something.

    Thanks again for your replies.

    -----------------------
    In short no.

    The long answer. As an admin they have complete control of the content and options of the site, and (usually) what code is executed on the server. You can disable plug-in & theme editing/installing:

    define( 'DISALLOW_FILE_EDIT', true );
    define( 'DISALLOW_FILE_MODS', true );
    (in your wp-config.php) but they can still do 'damage' by irrevocably deleting data (backup?).

    In your context you seem to what to preserve the user's ability to "download plugins etc". In which case you're explitly allowing them to execute any code they want on your server - they can do this with just access to the theme/plugin editor. If you've got multiple installs in sub-directories to the root folder allocated to by your host, then in general those other installs would also be vulnerable.

    (If you're running multi-site, then yes, obviously each site in the network is vulnerable.)
    ----------------------

  9. leejosepho
    Member
    Posted 8 months ago #

    I want them to be able to download plugins etc and do anything they need to that particular WordPress install but I don't want them to be able to run any scripts...

    Adding this to wp-config will disable the theme/plugin editor so nobody can get into any plugin file:

    /** enable 'DISALLOW_FILE_EDIT' at Dashboard */
    define('DISALLOW_FILE_EDIT', true);
  10. esmi
    Forum Moderator
    Posted 8 months ago #

    If you've got multiple installs in sub-directories to the root folder allocated to by your host, then in general those other installs would also be vulnerable.

    The other installs would only be really vulnerable if the relevant person already had access to the database details in each case and/or the exact architecture of your other standalone installs.

    However, at the end of the day, you're handing the keys over to at least one of your sites. Only you are in a position to judge whether the recipient of those keys is trustworthy.

  11. danols
    Member
    Posted 8 months ago #

    ok thanks
    I am perfectly ok with this person doing whatever he wants to the WordPress install he has access to. I just don't want him to be able to hack into the other installs I have on the same hosting account and manipulate/get access to them in any way.
    It seems like if I setup the databases & subfolders in a way so they cant be guessed what they are I might be 'reasonably' safe.
    I don't think my case/requirement is so unique and not something that others wouldn't bump into which is why I think it should be possible to find a clear answer.
    Again thanks for your replies guys. I am such a newb when it comes to security

  12. esmi
    Forum Moderator
    Posted 8 months ago #

    I just don't want him to be able to hack into the other installs I have on the same hosting account

    That would take a fair degree of coding skill. You mention that these sites are all part of the same hosting account. Are you absolutely sure that they are all on the same physical server? The two are frequently not the same.

    You could also approach your hosts for advice as to how to prevent cross-site traversing using scripts. They're best placed to advise you on this.

  13. leejosepho
    Member
    Posted 8 months ago #

    It seems like if I setup the databases & subfolders in a way so they cant be guessed what they are I might be 'reasonably' safe.

    Obscurity is not actual security, but yes, and as advised by a Developer, I have changed all my database prefixes away from defaults.

Reply

You must log in to post.

About this Topic

Tags

No tags yet.