Outsourcing WordPress Theme development - Best Practices

9 replies
Hello all,

I love working with WordPress, and I am now interested in outsourcing some design work. I have quite a few design clients, and I cannot keep up with the current workload.

How do I securely outsource WP theme development? Are there any best practices to ensure that there are no spam links, malicious code, or other "goodies" coded into my website files?

I am reluctant to give WP admin access, so this is the process that I intend to use:

Post a job listing on a Odesk. Review developer ratings and recent work.
Interview developer via Skype and ask questons (How he/she will complete the project, how payments will be organized, etc.)
Provide developer with copy of theme files and project details(step by step outline + instructional video)
Have developer send me completed files. Review completed work for spam/malicious code. Import files and test them for bugs. Send back to developer for revisions until complete.
Pay developer for final project once it is completed.
Please let me know your thoughts. I am primarily concerned with website security.

Than you very much and have a great day.

- Burritos
#development #outsourcing #practices #theme #wordpress
  • Profile picture of the author BDazzler
    Generally speaking, this is a good plan. Web site security is, in fact, the most concerning (and a bit of a passion with me, as I do eCommerce SaaS).

    A few ideas to flesh out these ideas in your quest for secure sites:
    1. Be careful about the jurisdiction of the location of the developers you hire. Basically the east is "outside" western law, so while most of them are honest, if you get one that's not, you have no recourse.

    2. Since you have a starter theme, use a DIFF tool in your review to identify exactly what was changed. Be sure you (or your software architect) identify WHY exactly change was made. This will also help you focus your efforts for bugs and malicious code.

    3. (This is why you need the jurisdictional choice.) If you find malicious code, you really need to report it to the proper authorities, not just oDesk or eLance. Bugs, of course, just need to be fixed.
    {{ DiscussionBoard.errors[9708906].message }}
    • Profile picture of the author Burritos
      Thank you very much BDazzler! Your suggestions are very valuable.

      I will definitely make use a DIFF tool, and remain very aware of justification constraints.

      Just one question: If I do find malicious code, who would be the proper authorities to report this to? I plan to contact Odesk or eLance customer support. Are there any others?

      Have a great day. Thanks again,

      - Burritos
      {{ DiscussionBoard.errors[9710982].message }}
      • Profile picture of the author BDazzler
        Originally Posted by Burritos View Post

        Thank you very much BDazzler! Your suggestions are very valuable.

        I will definitely make use a DIFF tool, and remain very aware of justification constraints.

        Just one question: If I do find malicious code, who would be the proper authorities to report this to? I plan to contact Odesk or eLance customer support. Are there any others?

        Have a great day. Thanks again,

        - Burritos
        It depends on what you find. DHS has overall responsibility for cyber-crime in the US:
        https://www.dhs.gov/publication/law-...ting-documents

        That link has a PDF you can download with details.

        Some specifics from that PDF:
        National Protection and Programs Directorate (NPPD)
        National Cybersecurity and Communications Integration Center
        (NCCIC) (http://www.dhs.gov/about-national-cy...ommunications-
        integration-center)
        NCCIC@hq.dhs.gov or (888) 282-0870
        Suspected or confirmed cyber incidents that may impact
        critical infrastructure and require technical response and
        mitigation assistance

        Secret Service Field Offices
        (United States Secret Service: Field Office Contact Information)
        Electronic Crimes Task Forces (ECTFs)
        (United States Secret Service: Electronic Crimes Task Forces and Working Groups)
        Cybercrime, including computer intrusions or attacks,
        transmission of malicious code, password trafficking,
        or theft of payment card or other financial payment
        information.

        ICE HSI Field Offices (Homeland Security Investigation Principal Field Offices | ICE)
        ICE HSI Cyber Crimes Center (Cyber Crimes Center | ICE)
        Cyber-based domestic or international cross-border
        crime, including child exploitation, money laundering,
        smuggling, and violations of intellectual property rights

        Federal Bureau of Investigation (FBI)
        FBI Field Offices (FBI — Map of Field Offices)
        Cyber Task Forces (FBI — What We Investigate
        cyber/cyber-task-forces-building-alliances-to-improve-thenations-
        cybersecurity-1)
        Law Enforcement Online Portal
        (https://www.cjis.gov/CJISEAI/EAIController) or (888) 334-4536
        Cybercrime, including computer intrusions or attacks,
        fraud, intellectual property theft, identity theft, theft
        of trade secrets, criminal hacking, terrorist activity,
        espionage, sabotage, or other foreign intelligence
        activity
        {{ DiscussionBoard.errors[9711565].message }}
        • Profile picture of the author Burritos
          Great, great, great suggestions! You both are awesome!

          Thank you for these suggestions. I now feel very confident, and I am going to begin outsourcing small projects while using implementing these ideas.

          Best of luck to each of you on your continued success,

          Burritos
          {{ DiscussionBoard.errors[9713698].message }}
  • Profile picture of the author programminggreek
    Hi,

    It is best to outsource and that too through Elance and Odesk as you have the security over there. 1 thing that you should make sure is what ever communication you have with the person make sure you do it through there message board only. As sometime it might happen that you may discuss through Email or Skype and that thing was not performed by the particular then you can raise a dispute through elance and then they verify it reviewing your messages and the work done. So it will help you a alot.

    As we also have some contractors who used to outsource there work to us.

    Thanks
    {{ DiscussionBoard.errors[9711007].message }}
  • Profile picture of the author programminggreek
    Hi,

    Thank you very much for linking our suggestions. Please let us know if you need any kind of assistance from us in near future. We can also do some business together if you wish.
    {{ DiscussionBoard.errors[9713714].message }}
  • Profile picture of the author Nexstair
    Elance and Upwork are certainly reliable platforms for freelance work.All you need to do is check reviews and rating before hiring a provider.Its not easy to find a reliable source but once you find, you would be getting things done lot cheaper than what you normally do.
    {{ DiscussionBoard.errors[10282462].message }}
  • Profile picture of the author courier
    Um freelancer ! Since WF is a Freeelancer.com company hahaha
    Signature

    ihunt is a treasure hunt game

    {{ DiscussionBoard.errors[10289123].message }}
    • Profile picture of the author AboutTown
      You could also set up a staging version of your wordpress site (with different passwords) and have the developers work on that if you don't want to send files back and forth.
      {{ DiscussionBoard.errors[10312111].message }}

Trending Topics