WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] SECURITY RISK - access to site thru public_html/ (5 posts)

  1. clickman2
    Member
    Posted 6 months ago #

    Site is in html currently - I want to hire developers to start working on some WP pages ON MY SITE not their home computor.

    My solution was to create a Sub Domain, install WP in a folder "cart" there, have ftp access to that area for the developer. They could then have full access to WP but NOT to the rest of the site. Great idea, however:

    WP wouldn't install in the sub-domain "cart" but had to be installed in public_html/ (placed in seperate folder "cart") however since this is "public" this gives the developer access to the Entire Site - MAJOR security risk! Also, I don't want the WP pages to be visible on the internet (remember the site is HTML not WP)

    There has to be a way to
    1. Allow developer to access WP on my site but ONLY the WP folder without access to the full site.
    2. Don't allow WP pages to show on the internet just yet.

    Got to be a way, how can I accomplish this?

  2. catacaustic
    Member
    Posted 6 months ago #

    Anything that's accessible to the web must be installed in public_html as that's the root folder for the web server. You've done the right thing by installing it in a sub-folder.

    You can set up FTP users to allow access only to that folder, so do that first. There's not much else that you'd need to do really. The only thing that I can think of is that they'll be able to read the file system via the codeing, but that's pretty much impossible to "fix".

    If you are really that worried that they contractors will do something "bad" you have two real-world options:

    1. Purchase/set up a new hosting account separate to your existing account so that there's no access between the two.
    2. Fire the contractors and get ones that you can trust.

    And as far as the pages being available online... they have to be online for anyone (inculding the developers) to see them. There's no way to get around that. You can set up a password on the directory so that anyone without the password will be blocked, but that's about all that you can do.

  3. clickman2
    Member
    Posted 6 months ago #

    Thanks for the reply.

    The password is a great idea to keep it from going public. I had to smile/cry with your comment "Fire the contractors and get ones that you can trust."

    The last time I put my 100% unwavering trust in someone was with my significant other; that was $50,000 ago. I know, I know :-) but hey, I got the dog.

    Your other idea of a different hosting account was brilliant I hadn't thought of that option! I have several parked domains that will work for that purpose.

    Know of any real cheap hosting sites I can check out?

    Thanks!
    Ron

  4. catacaustic
    Member
    Posted 6 months ago #

    There's some "official" hosting recommendations here, but there's also 1,000's of others that can do the job as well. My only word of advise is stay away from free hosting as it's pretty much always problematic.

    Oh, and $50K sounds cheap for that compared to others that I've seen. ;)

  5. clickman2
    Member
    Posted 6 months ago #

    Thanks, have a great life.

Reply

You must log in to post.

About this Topic