Worried About Giving Seller Website & Server Access [ARCHIVED]

[windoarsails]

Hello. I’d greatly appreciate feedback on giving a seller administrative access to both websites and server files. My concern is we REALLY don’t know these people and what if something malicious is done to the web properties?

The seller states no harm will come about and that he hasn’t gotten “this far” in Fiverr by not doing the right thing, but I’m still concerned. How have buyers in similar position handled this?

Thanks!

[voiceoverwork]

@windoarsails



Yes it is a huge leap of faith to give someone you don’t know access to the backend of your web properties.



For starters…



Is the seller highly rated on Fiver?

Level 2 or better?

How long have they been on Fiverr?

What are their reviews like?

Does the seller have a YT channel with other reviews?

Can you search the seller on the web? They may have a presence elsewhere with good (or bad) information.

[freelancemm]

What is the nature of the gig that he needs this kind of access? Think to yourself if you can make a temporary account for him that restricts access to only the areas he needs to get in or if he can provide you step by step instructions via screen-shots. As the person above has stated, does he have an established feedback, lots of previous feedback shining him in a positive light? Have you worked with him on previous orders without an issue(even if no info was needed on your end.)

[yeaman77]

I would never let someone on fiverr get this kind of access. Strongly recommend that you rather pay someone you know, trust and/or are able to meet in person a bit more to do this particular type of work.



One little malicious script on your server and you’re screwed 😦

[atechkid]

I have gigs that require me to have server access or file access for the website in questions. It totally depends on the buyer if he trusts or not. Some provide me temporary access to their cpanel, some give ftp and some just send over their whole file zipped.



Personally I think why do something malicious when it can be traced back to you. if a seller does something malicious then he can be traced back to fiverr. One can contact Customer Support and report the seller. The seller risks losing all his earnings for 90 days.

[musiclover]

When I first started on this site, I was a bit naive, and gave access to a seller. He did an amazing job. But now, I wouldn’t trust anyone with such information. That’s just me though. How can you trust someone who’s working for $4? I remember reading a post about how a programmer put a malicious script on a buyer’s website. So its really up to you. You’l eventually have to trust someone to do it, but if I were you, I would create a temporary account with a new password for the developer. Good luck.

[edume]

DON’T DO IT.



We provided just a link to a buyer to download his video because it was too large for fiverr and found that the buyer followed the link and sent a bug which deleted multiple files on the server. We know who it is but can’t do anything and neither can fiverr.



There’s a lot of fraud on fiverr so you need to be careful. Personally, I would never allow access. These Bas****s write code that can easily be placed on your server and they can track, gain access, download or destroy anything on your server.



Since credentials are not allowed to be given to you through fiverr, be safe, hire a professional outside of fiverr to do the work.

[atechkid]

Reply to @edume: So you mean we developers and programmers are Bas***s doing nothing but adding codes to destroy the buyer? Congrats Man!! You just labeled every gig in Programming & Tech sht and Worthless.



I’ve worked on so many projects here and no one ever came back to complain. Some Work I did on my own server and just sent the files and those who did not know how to do it asked me to deploy the application/website. What will I gain by placing a malicious code on something that I have created? And for your Kind “Nonsense” knowledge, Almost ALL I say ALL host have scanners that constantly scan website codes. No Known malicious code can escape such a scanner. Many of them have pre-written and defined bash rules that does not allow execution of such codes. They simply give a Internal server error. If such a thing is done then the buyer will be back complaining within hours of deployment.



"buyer followed the link and sent a bug which deleted multiple files on the server"

Such a ridiculous statement. Its your and your service providers fault that they gave unauthorized access to a unknown user. I can think of only 2 things. Either you used a direct link on a server that acts as a ftp server with a guest logon available or you used dropbox public folder.



Since you have so much to complain about fiverr, why don’t you just leave and forget about fiverr. This makes me think that whoever censored your posts were the right people/person. Over and out. No point in debating with someone who has no knowledge of the category.

[touchtype]

oops…



I’ve been doing Gigs that requires server access, and clients of mine is very trusting enough to give me full access (even shell/root access to their VPS, and WHM) to their servers and hosting account. I think of my clients that they are smart enough to decide to give me their credentials and access keys. They can utilize/use logging tools so they can track every activity we make on their servers.



Furthermore, after delivering a completed job to the buyer. I am strongly advising them to change all the credentials they shared with me, in case that credential is the one they primarily use. I also advise them to scan the website I’ve work on (using 3rdparty tools/webapp) to make sure that their website is clean when I delivered the work to them. I don’t really care about me getting into their servers and take advantage of it without them knowing it. What I care so much is that, buyer trusts me and that they can be sure that what they share with me remains confidential.



Earning your buyer’s trust… makes them loyal to you and they keep on coming back for your service when they needed it. In my case, I don’t only offer my Gigs here on Fiverr, but I also offer it here in my country and in my locality. And all of my clients here share their credentials with me and even made me an all access admin account for their webstore, making me their virtual store manager.



But not all Sellers are like me…



And one more thing… could somebody make this clearer for me?

edume said:
Since credentials are not allowed to be given to you through fiverr, be safe, hire a professional outside of fiverr to do the work.

[edume]

Reply to @atechkid: I would never hire a programmer from fiverr, you don’t know who it is and what they are capable of doing. atechkid, I looked at your gigs and none require access to a server.



Honestly, I’ve been on fiverr going on three years, there’s an increase in the amount of fraud and scams so why would anyone trust someone to access their server when you don’t know the person’s identity? It’s crazy. Don’t do it.

[atechkid]

Reply to @edume: I’m not sure if you really had a look but two of my gigs are related to installing linux modules and php scripts, both require me to have server access. Where and what will I install without the access. My other gig that deals with fixing php related problem also requires me to have server access else how would I check and fix the problem? Not everyone is a fraud.

[edume]

Reply to @atechkid: Yes, I stand corrected. Sure, not everyone is fraud but on a system like this you need to be careful.

[nessaroze]

Obviously, trust is a major issue. It always is. But sometimes people feel safer when they’re paying bigger sums, as if more money is any kind of a safety net against fraud (when it really is not).



I work in an online marketing firm and clients often give us passwords and access to various accounts (facebook, gmail, etc), because not every site offers the options of adding temporary or restricted accounts.



Most of the sellers will be more than happy to take the time and talk to you via fiverr, so a certain trust relationship can develop. You can also take a look at other gigs they are offering that don’t require server or sensitive information access, and start there, deciding whether or how much to move forward with them.

[patrickmahinge]

I personally leave it to instincts. if something in that hidden part of the brain tells me to scram, then believe me, I won’t be giving you my credentials no matter the number of incandescent reviews you have on your profile. Bottom line? I don’t want to be in any form of relationship with a person that I don’t trust. Same logic applies when I am the seller. If I suspect any of my buyers will give me a hard time, I prefer not to work with them. Fullstop.

[ijustkeeptrying]

I’m new here so I am trying to read up on how to protect my accounts/information and still get a job done by a Fiverr Seller:
I need some modifications on my website but if I give out my account info to get into the WordPress dashboard couldn’t they hijack my account or something else?
I contacted a couple of Sellers that provide modification services but a couple have responded asking me for my website login information.
I believe I read an old post on Fiverr that buyers are not supposed to give out this kind of info, but how can the changes to my website be made then?

I posted this in the wrong area before, I hope this is the appropriate location for this question. Thanks in advance as I’d greatly appreciate some advice from members of this forum

[fonthaunt]

I would suggest that you contact your website hosting provider directly and ask about creating a special secondary account and explain your concerns. You want to retain full control of the primary login and not give out that information. That way if something happens that is a problem, you can log in through your own administrative account and change the password or otherwise block a user from access through the secondary account.

In addition, you can check with your hosting provider about backing up your site prior to allowing that access. Most providers have options for that too which protects you from being stuck with bad changes or unauthorized changes. If things go wrong with a seller, you can have the hosting provider restore your account with the backup and notify Fiverr Customer Support of what problems you had. It’s smart to get all of this set up before you hire someone.

[misscrystal]

I’ve wondered about this too. Having a second account makes sense so that you can allow someone else access to work on it and then copy the code to the actual site after you see if it works like you want it to.

[joe_mlk]

i’m a wordpress developer and i face this problem every day on every freelance site, buyer don’t want to share wp admin login info with seller, so i always told buyers to create backup of your website, all major hosting companies provide this feature free of cost.

[eoinfinnegan]

Godaddy and other hosting companies usually offer the option of “Account Access” where you can give access to an account but not to financial info or email/password changes etc. Before giving login details to anyone I suggest you make a backup of your site.
If, during the time someone is working on your site and you have concerns about something they are doing I would suggest that you change the password and then contact them about it. If all is ok then you can give them the new password, if not then they cannot access your account maliciously.
The idea of a second account is a good option too.

[mgjohn78]

I have two versions of all my websites + websites i host. 1 is the live site and the other is a copy of the live site where all development and testing happens, my dev sites are online but on a separate server with non public access.
This way i dont have to worry about making a coding mistake resulting in downtime on the live sites (or worse a mistake resulting in a security vulnerability) and if i need help i can give temporary access to the dev site.
This + automatic daily backups have worked just fine for me.

If you have a business site or site that contains financial or client information and need development done, check with your insurance company first (they may have some requirements related to third party access and the developer).

[mithunbaiju]

I am web developer. Let me help you with this. There’s a thing called staging website. This helps you to stage your website to a different URL and develop or design on it instead of messing the live one up.

Once, you create a staging website(If you don’t know how to create one, you should your web hosting provider.), change the username and password of your website and then send this new info to the seller. THIS ONLY WORKS WHEN YOU HAVE A WORKING CMS INSTALLED.

Now, if you are skeptical about sharing your cpanel login credential, make sure that you have backed up everything in your local computer or cloud. After the work is complete, change the password to something really complicated. I use password generators to do so.

[turiya62]

NO WAY should you give any seller on Fiverr admin access if you value your site. On TWO occasions I have had my website come crashing down within a week of closing out a job with a seller. If the relationship goes well and the seller is proficient in communicating, you might be okay. But if there is any hint you might be dissatisfied enough to give a seller a bad review, you’re dead. That happened to me TWICE (2015 and 2018). Both times I had problems with the seller (communication and technical problems), and indicated I was going to mark them down in the ratings. Here is what I learned: they can close out the job before its technically complete so that you can’t leave a review. Once they shut the door from their end, you can’t leave a review, so the ratings and reviews are not accurate reflections. Even if you’ve changed your password, they have ways of getting in and taking down your site. If you try to get customer support to assist you, they will tell you they have ZERO supervision over these technicians. There is ZERO accountability for poor service. They are independent contractors, mostly living in India. Its a cash cow for American business people who actually cannot stand behind the work these people do. So NO. Do not trust these people with anything you aren’t willing to lose.

[weverbentertain]

i’m a wordpress developer and i face this problem every day on every freelance site, buyer don’t want to share wp admin login info with seller, so i always told buyers to create backup of your website, all major hosting companies provide this feature free of cost.

How do i do that tho?lol

[humanissocial]

How do i do that tho?lol

First, you’re responding to someone 4 years later.

Second, you do this work, yet you don’t know how to create a backup of a Wordpress website?

[misscrystal]

How do i do that tho?lol

If you use a hosting company with a phone number, and I hope you do!, then you can call them and ask how you can allow someone to work on your site in a safe way. And as was mentioned have a backup of your site in case something goes wrong.

Also since we have access to all the information in the world at our fingertips, a fast google search turned up this:

You can quickly create a temporary account to share with your designer. You can give them access for a day, a week, a month–however long you need–and delete it later.

## How to Set Up a New User Account

WordPress lets you create an unlimited number of users. This means you can create separate user accounts for your web designer, your SEO, your VA, and any other web professional who needs access to your WordPress website.

There is all the information you need about this on google. Just do a search.