WordPress Block developer from exporting Database via PHP

Valentina: 2 weeks ago

From time to time, I get a developer to make changes to my WordPress website installation. The developer only gets access to website via FTP.

I want to make sure that there is no way for developer to export or delete anything in the database of the website via PHP. What precautions can I take on my end to make sure they are never able to export Database by uploading any PHP script and export whole database?

I have never used GIT, but can giving access them via GIT take care of this issue?

Thank you in advance!

Mateo: 2 weeks ago

First of all, as Mark suggested in the comment:

never use developers you don't trust.

Once you give a developer FTP | Git | SSH etc. access to your site, he or she can do anything you can from the admin panel & even more. There is no way to stop them that will not hamper their ability to work for you.

If for some reason, you cannot find a developer you can trust, you may do the following:

  1. Create a development environment that has the exact same CODE and server setup, but has a dummy database set up & doesn't contain any sensitive information from the original site, like original Database password, SALT keys etc.

  2. Then, once the developer is done working on the development setup, you'll have to know how to apply the changes to the original site. Learning Git will help you a lot in that case. Also, if you know Git, you'll also be able to see the changes the developer has committed.

Having said that, if you don't understand the CODE or not careful, the developer may still do something harmful. So we are back to the initial statement:

never use developers you don't trust.

Frankly, most people here answering questions are developers & there are literally hundreds of thousands (if not millions) of trustable developers out there who will do no harm. In fact, in any business, you cannot continue your work without some amount of trust. For example: knowingly or unknowingly, you are trusting WordPress CORE developers, developers that are building your server software, developers that are building your browser, Operating System and so on.

So instead of having trust issues, try to build a long term relationship with one or more developers with mutual trust and respect. That will take you a long way. And if you get time, try to gain at least a rudimentary understanding of the technologies that are powering your site. That'll help you as well.