security with outsourcing

unlimited1 · 10-30-2009, 04:19 PM

Hi all
Im just in the process of outsourcing some things for my site that require my user details for my host / ftp and wordpress .... Im wondering what is the best practice to make sure these details dont get abused. I have chosen a outsource person that has good feedback, but Im interested to know what others do .. ie change all passwords after work is completed or is there another way?
Thanks Dee

ps.If it is changing passwords after .. is there anyone that knows how to do that with filezilla as I cant find it! Sorry about the newbie question but I am a newbie!

grumpyjacksa · 10-30-2009, 04:36 PM

hi...

i'm taking a guess here....

but can't you just create an additional ftp account ?

then you can just delete it afterwards.

not sure about the tech side of it though...

hope this helps

pj

Steven Fullman · 10-30-2009, 04:50 PM

Dee,

You should absolutely change the passwords once they're through with your site.

Are you planning on SELLING stuff?

Holding your customers PERSONAL details?

Heck...you need to protect your visitors.

"Good feedback" is practically worthless...and it probably won't give you any kind of defense in a courtroom if Mr. Web Designer runs off with your visitor's cash.

Mea Culpa...and...well done for taking action, by the way!

Steve

unlimited1 · 10-30-2009, 07:28 PM

Quote:

Originally Posted by Steven Fullman

Dee,

You should absolutely change the passwords once they're through with your site.

Are you planning on SELLING stuff?

Holding your customers PERSONAL details?

Heck...you need to protect your visitors.

"Good feedback" is practically worthless...and it probably won't give you any kind of defense in a courtroom if Mr. Web Designer runs off with your visitor's cash.

Mea Culpa...and...well done for taking action, by the way!

Steve

Yes I am selling affiliate products - so protection of personal details is required .... Just feels like I would be giving the whole business over to someone for a time with NO guarantee's! - Scary thought if someone was A. Incompetent or B. ... why Ill leave that you your imagination!

Any other ways around it? (besides doing it all myself)
thanks Dee

billionareHuman · 10-30-2009, 08:01 PM

at some point you will have to trust someone to outsource fully, same as a offline company you have database administrators with full access to private data in the banks!

What you can do for now is take a backup of your site and database, then assign the work, after that take regular backups (don't overwrite your older backups) It's unlikely the person will go in a destroy everything that would be a rare thing I have come across and I have trialed many people. They might do that if you decide to not work with them anymore but before you notify them you have changed all your passwords!

These people are trying to make money not go around destroying people's websites, plus they are very worried about the bad feedback on their profile so I wouldn't worry to much about it

Aggressor · 10-30-2009, 08:07 PM

As it's already mentioned you can change all passwords once it's done. However, if you really want to be paranoid you can setup a proxy FTP, then just copy everything over to your main FTP.

Or you can have them do all the work offline and save the website as a folder which you just upload to your FTP.

Generally speaking one can never be too cautious, and I prefer to work with people that have at least 5 positive reviews on things where security is involved

unlimited1 · 10-30-2009, 09:07 PM

Thanks for all the advice - I will take a backup + change passwords after the work has been done ( the proxy ftp etc is all abit to techy for me :-) )

Funnily enough I'm a real trusting person - but handing over all my passwords etc got me wondering.

10-30-2009, 04:19 PM	#1
unlimited1 Active Warrior War Room Member Join Date: May 2009 Location: New Zealand Posts: 56 Thanks: 11 Thanked 4 Times in 4 Posts	security with outsourcing Hi all Im just in the process of outsourcing some things for my site that require my user details for my host / ftp and wordpress .... Im wondering what is the best practice to make sure these details dont get abused. I have chosen a outsource person that has good feedback, but Im interested to know what others do .. ie change all passwords after work is completed or is there another way? Thanks Dee ps.If it is changing passwords after .. is there anyone that knows how to do that with filezilla as I cant find it! Sorry about the newbie question but I am a newbie!

10-30-2009, 04:36 PM	#2
grumpyjacksa Advanced Warrior Join Date: Jun 2008 Location: South Africa. Posts: 628 Thanks: 78 Thanked 46 Times in 44 Posts	Re: security with outsourcing hi... i'm taking a guess here.... but can't you just create an additional ftp account ? then you can just delete it afterwards. not sure about the tech side of it though... hope this helps pj
	Struggling online? You May want to know this... CLICK HERE Free Jokes eBook - Hilarious - just Tweet to get it - CLICK HERE

10-30-2009, 04:50 PM	#3
Steven Fullman Senior Warrior Member War Room Member Join Date: Mar 2007 Location: London, England Posts: 3,771 Thanks: 1,006 Thanked 523 Times in 339 Posts Social Networking Contact Info	Re: security with outsourcing Dee, You should absolutely change the passwords once they're through with your site. Are you planning on SELLING stuff? Holding your customers PERSONAL details? Heck...you need to protect your visitors. "Good feedback" is practically worthless...and it probably won't give you any kind of defense in a courtroom if Mr. Web Designer runs off with your visitor's cash. Mea Culpa...and...well done for taking action, by the way! Steve
	*==>WHAT??? YOU DON'T OWN WPUNIQUE YET?!? WHY NOT??? 2500+ SOLD<==* Niche Research. It's Really Super EASY!

10-30-2009, 08:01 PM	#5
billionareHuman HyperActive Warrior Join Date: Aug 2008 Posts: 202 Thanks: 19 Thanked 21 Times in 17 Posts	Re: security with outsourcing at some point you will have to trust someone to outsource fully, same as a offline company you have database administrators with full access to private data in the banks! What you can do for now is take a backup of your site and database, then assign the work, after that take regular backups (don't overwrite your older backups) It's unlikely the person will go in a destroy everything that would be a rare thing I have come across and I have trialed many people. They might do that if you decide to not work with them anymore but before you notify them you have changed all your passwords! These people are trying to make money not go around destroying people's websites, plus they are very worried about the bad feedback on their profile so I wouldn't worry to much about it

10-30-2009, 08:07 PM	#6
Aggressor Warrior Member War Room Member Join Date: Jun 2008 Location: , , Canada. Posts: 20 Thanks: 1 Thanked 2 Times in 2 Posts	Re: security with outsourcing As it's already mentioned you can change all passwords once it's done. However, if you really want to be paranoid you can setup a proxy FTP, then just copy everything over to your main FTP. Or you can have them do all the work offline and save the website as a folder which you just upload to your FTP. Generally speaking one can never be too cautious, and I prefer to work with people that have at least 5 positive reviews on things where security is involved
	Launching a product? Need assistance with fitting all the pieces together (like pre-launch, copywriting, technical setup, market research), then hire a professional Product Launch Manager http://www.TurnKeyProductLaunch.com

10-30-2009, 09:07 PM	#7
unlimited1 Active Warrior War Room Member Join Date: May 2009 Location: New Zealand Posts: 56 Thanks: 11 Thanked 4 Times in 4 Posts	Re: security with outsourcing Thanks for all the advice - I will take a backup + change passwords after the work has been done ( the proxy ftp etc is all abit to techy for me :-) ) Funnily enough I'm a real trusting person - but handing over all my passwords etc got me wondering.