How To Give Your Web Person Limited FTP Access
Your control panel is the foundation of your entire website. Databases, emails, web pages, additional scripts, hidden folders. This is some place you don’t want everybody to access.
The trouble is, if you want to outsource, you have to turn over something or you’ll be seriously hindering your web developer from performing the best job he/she can do for you.
The good news – there is a middle ground – of sorts. Much of this depends on what you hire your web person to do. If it’s maintenance and troubleshooting that only need FTP access, you are in luck. You can give them access to your web host with a separate, limited scope FTP account. Here are the steps to achieve them on cPanel.
1. Locate FTP Accounts
2. Give it a username (can be anything) and password. Give this account access to the particular folder you want.
As you can guess from the above, if you have WordPress (or anything) installed in a folder – this makes it very easy. Not so good if you have WordPress installed in your website root (public_html or www folder) where everything else is.
If that is the case, should you still create separate FTP accounts?
It’s a good idea. Yes. Simply so you know who is logging in/out and you can better control or revoke access. If they disappear after a week, just delete the account.
There are cases where this alone is insufficient for your web person to work. For example, when they need to create or access the database, manage email accounts, setting up or maintaining cron jobs (automatically recurring tasks).
These types of tasks however, are not usually needed on a day to day basis. In addition, if you absolutely must give access to your logins, use something like LastPass to share it.
By default, when you share a login, LastPass hides the password but still be able to log in. This isn’t always ideal because sometimes developers may need to input the password into a different program.
I’d personally go with limited FTP access to start with, then provide access as/when needed, or when they’ve proven themselves. Is this foolproof? No, but a little caution never hurts. Besides, not all developers are system admin savvy or know how to hack into websites. Many don’t. Most successful ones don’t have time to. They just want to be given the right tools, do the job, get paid and everyone goes about their merry way.
Bonus Tip
If you want to view where/what an FTP user has accessed, check out the Webalizer FTP log. This will show you which FTP account accessed your site recently, what files/URLs were accessed, how often, how many Kilobytes uploaded/downloaded and more.
Do You Want A Hands-Free Business?
Then get this guide to help you systemize your business so you'll have more time working on your business.
Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.
What a lovely, clear “how to” article, Lynette. I have bookmarked it.
Thanks–I did not even know one COULD give limited FTP access!
Thank you Marya!
Thanks Lynette! I didn’t know about the bonus tip and will remember to use that next time!
Oh yeah! That’s one good thing about giving separate FTP logins even if you need to give them access to the entire public_html folder, you can see what they are accessing.