I have hired a freelancer to help add custom functionality to my wordpress website. He asked me to zip and send him the whole public_html folder. So I did in good faith but now I am worried that he might be able to access my password, login details and other sensitive data. Or am I over-reacting here?
Asked
Active
Viewed 40 times
-3
-
1Only you could know this based on looking at the contents of said folder for said sensitive information. – TylerH Aug 30 '18 at 21:18
-
Welcome to SO. This question would probably be more appropriate on security.stackexchange.com. That being said, you are assuming the worst about your freelancer, who you (hopefully) chose because they were proven to be knowledgeable and had good references. As a precaution, you can change your access credentials for your database, change the salt, and ultimately require your users to change their passwords. – Justin R. Aug 30 '18 at 22:00
1 Answers
0
Yes he can … sorry but if you send him the wp-config.php he has access to your entire database and can hack there the passwords for users of WordPress. By luck as far as I know ftp data is not stored somewhere in WordPress
theode
- 300
- 1
- 7
-
thank you. that confirms my thoughts. I'd be honest, I'm not very good at WP and or programming. I did look through most of the files individually before sending but they all look the same to me. – Milcroy Aug 30 '18 at 23:36