3rd party access to wordpress [SOLVED]

by DaveC2
17 replies
  • WEB DESIGN
  • |
If you give a 3rd party administrator access to a wordpress blog (via the domain/folder/wp-admin URL) then would they have the ability to do damage outside the scope of that paticular URL?

For example, could they affect other folders on the same domain
or sub-domain or other domains on the same host?

Dave
#3rd #access #party #wordpress
  • Profile picture of the author mgreener
    Hi,

    If it's setup correctly, then they wouldn't be able to view files higher up in the directory structure.
    {{ DiscussionBoard.errors[5488717].message }}
  • Profile picture of the author xtrapunch
    You don't need to give FTP access for WordPress. Your users can do everything through WP dashboard itself. File uploads, install and delete plugins/themes, etc.
    Signature
    >> Web Design, Wordpress & SEO - XtraPunch.com <<
    Web Design & SEO Agency | Serving World Wide from New Delhi, India

    {{ DiscussionBoard.errors[5488835].message }}
    • Profile picture of the author blogfreakz
      Originally Posted by xtrapunch View Post

      You don't need to give FTP access for WordPress. Your users can do everything through WP dashboard itself. File uploads, install and delete plugins/themes, etc.
      agree, don't give your ftp access to be safe.. add users only and set privileges according to their needs...
      {{ DiscussionBoard.errors[5493228].message }}
      • Profile picture of the author andy moore
        When you install WP into your domain on shared hosting, you choose a username and password. Very often, many people don't bother changing the username and leave it as Admin or their names. This WP plugin can change it:

        Admin Renamer Extended

        This may help when adding Users.

        Andy Moore
        Signature
        http://videotubestation.com How To Get Top Ranking Videos In Google and YouTube - In Days!
        {{ DiscussionBoard.errors[5493621].message }}
  • Profile picture of the author kokopelli
    Their rights depend on the privileges you grant them.

    Normally, they will only be able to change/affect WordPress according to those rights. Unless their login details are the same as your ftp/hosting details (and they maliciously figure it out), they will not be able to make changes elsewhere.

    You can further lock-down their privileges with plugins such as WordPress › User Role Editor « WordPress Plugins and WordPress › Role Scoper « WordPress Plugins
    Signature
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    {{ DiscussionBoard.errors[5488883].message }}
    • Profile picture of the author DaveC2
      Originally Posted by kokopelli View Post

      Their rights depend on the privileges you grant them.

      Normally, they will only be able to change/affect WordPress according to those rights. Unless their login details are the same as your ftp/hosting details (and they maliciously figure it out), they will not be able to make changes elsewhere.

      You can further lock-down their privileges with plugins such as WordPress › User Role Editor « WordPress Plugins and WordPress › Role Scoper « WordPress Plugins
      Thanks. The case I was thinking of was where the wp-admin and FTP login details are different. In this case, with just the wp-admin details, it sounds like the user could not affect files outside the scope of that specific blog (assuming the login details are unique for that blog).
      {{ DiscussionBoard.errors[5489831].message }}
  • Profile picture of the author Istvan Horvath
    Normally, your site admin (host site) login - which is, usually, the same as your FTP credentials, can not and should not be the same as any WP blog's login.

    The site admin (host site) user name and pw are created when you sign up for your hosting package.

    The WP username and pw are created by YOU when you install WP.

    Any WP user, even if having admin role and capabilities - can only mess around with the WP admin panel.

    HOWEVER, since one can upload a lot of stuff directly from the WP admin panel to the server - I still wouldn't give those login credentials to people I don't trust!
    Signature

    {{ DiscussionBoard.errors[5490072].message }}
  • Profile picture of the author SteveJohnson
    If I have administrator access to your WP Dashboard, and the plugin or theme editors are still enabled, I can wreak havoc with your web server, because I now have direct file-editing capability.

    I can go to a theme file, insert my own script, and call the theme file directly from a browser. Or I could upload and activate my own plugin or theme that does nasty things.

    Do NOT give admin privileges to anyone you don't trust implicitly.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[5495018].message }}
  • Profile picture of the author mojojuju
    Originally Posted by DaveC2 View Post

    If you give a 3rd party administrator access to a wordpress blog (via the domain/folder/wp-admin URL) then would they have the ability to do damage outside the scope of that paticular URL?
    As others have said, yes.

    To elaborate on what others have mentioned, for instance, depending on your server & PHP configuration, a rogue administrator could upload a php shell like the one found here and execute all kinds of commands.

    He could for instance:

    • Get your database username and password
    • Navigate to your mail directory and read your emails, or download them for later reading. (this alone can open up lots of trouble and wreak havoc on your life outside of your web site)
    • Modify your web site(s) to include a tracking code so that he can spy on your search engine traffic.
    • Modify .htaccess to route traffic to another web site.
    • Post links or other content on your site that can be undetected by you because it is only visible to people outside of a range of IP addresses that includes yours.
    • Hide a backdoor (web shell script) that allows him to access your hosting account at any time he chooses.

    Originally Posted by DaveC2 View Post

    For example, could they affect other folders on the same domain
    or sub-domain or other domains on the same host?

    Dave
    Yes. It depends on the host and how they've got PHP and some other things set up. I'm able to do everything I've mentioned above (just testing it out on my OWN site ) on an account I have with a pretty standard cPanel hosting provider.

    So make sure you trust anybody that's going to work on your site. I wouldn't, for example, go to fiver and hire some guy that you're unfamiliar with, and give him administrator access.
    Signature

    :)

    {{ DiscussionBoard.errors[5495448].message }}
  • Profile picture of the author DaveC2
    I really appreciate the responses here. This has been a real eye opener for me! I do want some 3rd party wordpress assistance but I don't know anyone with the requisite skills well enough. I'm considering the following method in an attempt to reduce risk:

    1. Open a separate hosting account
    2. Install WP
    3. Take a snapshot of the public_html folder.
    4. Give access to 3rd party
    5. Use a diff tool to compare the original snapshot and the current puplic_html directory.
    6. Look for changes to .htaccess or other unexpected changes (perhaps additional files?)
    7. Once satisfied, migrate WP installation to main hosting account.

    I realise this doesn't solve all the security issues pointed out by SteveJohnson and mojojuju but at least it prevents them from interfering with other websites since they are on a dedicated 'development' hosting account containing one site at a time.
    {{ DiscussionBoard.errors[5499769].message }}
  • Profile picture of the author Istvan Horvath
    Well, number 3 and 5 will NOT solve anything.
    What if they injected some "ugly" stuff in your database?

    BTW, you never said why would you offer full access to your blog to people you don't trust?
    For theme development - you don't need it; just let them do the work on their server and give you the finished product.
    For adding content you can give them a way lower level of access.
    Signature

    {{ DiscussionBoard.errors[5501050].message }}
    • Profile picture of the author DaveC2
      Originally Posted by Istvan Horvath View Post

      Well, number 3 and 5 will NOT solve anything.
      What if they injected some "ugly" stuff in your database?

      BTW, you never said why would you offer full access to your blog to people you don't trust?
      For theme development - you don't need it; just let them do the work on their server and give you the finished product.
      For adding content you can give them a way lower level of access.
      I may need some site development done in the near future. I understand your point regarding the database being compromised.

      Your solution of letting the developer do the work on their server makes sense and would simpler. Nervertheless, if a developer did some work on their own server then they could still deliver a database which has been compromised.

      This thread leads me to conclude I would need to find a reputable developer or do it myself
      {{ DiscussionBoard.errors[5507803].message }}
      • Profile picture of the author Istvan Horvath
        Originally Posted by DaveC2 View Post

        I may need some site development done in the near future. I understand your point regarding the database being compromised.

        Your solution of letting the developer do the work on their server makes sense and would simpler. Nervertheless, if a developer did some work on their own server then they could still deliver a database which has been compromised.

        This thread leads me to conclude I would need to find a reputable developer or do it myself
        Maybe you should clarify what kind of "development" has to be done that would involve transferring a database from the developer? Probably, that's the crucial point in this discussion where we have fundamentally different ideas... while using the same words
        Signature

        {{ DiscussionBoard.errors[5507899].message }}
        • Profile picture of the author DaveC2
          Originally Posted by Istvan Horvath View Post

          Maybe you should clarify what kind of "development" has to be done that would involve transferring a database from the developer? Probably, that's the crucial point in this discussion where we have fundamentally different ideas... while using the same words

          Hello Istvan. The type of development I was envisaging was where someone was employed to customize a theme and add content, for example.

          In this case, the work the developer does would affect the database. When they deliver the finished product then it would contain the database. For this reason, my belief is that the developer would end up delivering the database as part of a larger deliverable (as opposed to a discrete deliverable).

          I believe that what I've said above is only valid if you get the developer to do everything at once. I gather from what you've said previously that I could get the developer to work in stages, e.g.:

          1. Develper works on theme
          2. Developer delivers theme
          3. I install theme
          4. I grant Editor access to developer
          5. Developer adds content to theme
          6. Job completed

          My understanding is that using this staged approach, the developer would not be able to inject 'nasty' stuff into the database.
          {{ DiscussionBoard.errors[5517852].message }}
  • Profile picture of the author Istvan Horvath
    You either don't understand the basics of a CMS (content management system) or... I don't know what to think.

    The whole idea of a CMS is to have the engine (aka WP core files), the layout (aka theme) and the content (aka entries in the MySQL database) ABSOLUTELY SEPARATED!

    Coder and/or graphic designers, who would work on your theme/design - are crappy writers. Why would you let them write your content?
    On the other hand: once a CMS is set up properly, adding content would be exactly like typing posts here - meaning you can do it or a VA can do it for $2 per hour... no need to pay $100/hr a developer to type your blog posts.

    That's why I am completely confused about your idea of having a developer "adding content". It just doesn't make sense! (It did at the time of having the whole website done with separate HTML files...)

    You may want to revise your plan and the tasks requiring a "developer". Don't pay job development (coder/designer) fees for simple typing jobs
    Signature

    {{ DiscussionBoard.errors[5518758].message }}
    • Profile picture of the author DaveC2
      Originally Posted by Istvan Horvath View Post

      You either don't understand the basics of a CMS (content management system) or... I don't know what to think.

      The whole idea of a CMS is to have the engine (aka WP core files), the layout (aka theme) and the content (aka entries in the MySQL database) ABSOLUTELY SEPARATED!

      Coder and/or graphic designers, who would work on your theme/design - are crappy writers. Why would you let them write your content?
      On the other hand: once a CMS is set up properly, adding content would be exactly like typing posts here - meaning you can do it or a VA can do it for $2 per hour... no need to pay $100/hr a developer to type your blog posts.

      That's why I am completely confused about your idea of having a developer "adding content". It just doesn't make sense! (It did at the time of having the whole website done with separate HTML files...)

      You may want to revise your plan and the tasks requiring a "developer". Don't pay job development (coder/designer) fees for simple typing jobs
      Hi Istvan, my original question was prompted by the fact that I had purchased a theme that came with an example database. After installing the theme and the example database then there were some errors. The theme developer offered to work on the installation if I gave him WP admin access. In this case the developer would be effectively delivering the theme and example content.

      I wanted to know if, in theory, the developer could affect other folders on the same domain or sub-domain or other domains on the same host. I have now learned that the answer to this question is yes.

      I think that if you're purchasing a theme then you need to trust the provider. Nevertheless, I just wanted to know if developers, in general, with WP admin rights could affect other items on the host.

      I understand that in the general case it would not make sense for a theme developer to be the content creator also.
      {{ DiscussionBoard.errors[5525223].message }}
  • Profile picture of the author SteveJohnson
    For what they're worth, my thoughts on the matter:

    I stated earlier that you shouldn't give admin access to anyone you don't trust. You didn't give all of the details in your OP.

    That said, if you can't fully trust a developer who's doing work for you, you need to find someone else that you CAN trust.

    Developing a theme is not an easy task, especially if it's a custom one. Any hoops that a developer has to jump through adds to the time of completion - and time is money.

    If you would come to me as a developer with a workflow such as you are proposing in post #15, I would tell you to go fly a kite.

    Beyond that, with a theme, I could 'inject' whatever nasty stuff into your database that I would like, should I choose to do so.

    Find someone you can trust, and cut down on the paranoia a bit - it'll shorten your life
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[5519909].message }}

Trending Topics