ArticleDo you have to give FTP access to your OpenCart for developers?

Sorry for my English! English is not my native language. One of the reasons to create this blog is to improve my English writing. So I will be highly obliged if you will help me with this. If you find a grammar error on this page, please select it with your mouse and press Ctrl+Enter.

It is very common situation. You bought a module, installed it on your site, but the module doesn't work. You contacted with module developer for support and got an answer that you need to give full access to your site for this developer. But if somebody gets an access to your site they can do everything with it! Is it safe to give access to your site for the module developers?

This is definitely not safe! If someone will gets access to your site they can do everything with it! They can steal your database, add evil code into your site. They also can unintentionally add some bad code into your site because there are many beginner developers who work with OpenCart.

But it is one of the bigger flaws of OpenCart. It has not advanced API system and module developers need to use the "crutch" vQmod for change some OpenCart logic. vQmod is not a good solution for it because it causes many errors and conflicts. In the most cases the only way to fix these conflicts is to have full access to the site.

So what you need to do? You can't give access to your site, but you need to do it. I'll give you some recommendations:

  1. If you know php a little you should fix all errors on your site by yourself. One of the advantages of this approach is that you'll get more programming experience.
  2. If you don't know or don't want to do it by yourself, you should hire a programmer for this work. Only this programmer will have full access to your site and will fix all errors and conflicts.

But if none of the above approaches is not for you and you need to give access to your site for some developer then:

  1. You should give access to your site only for developers you trust. They should have many extensions, good reputation and many good testimonials.
  2. You should give access not to the your working site, but to the test copy of your site located on the test domain or subdomain. In this case no one can steal your database and if they will break your site they will break just a copy of it, not the working site.
  3. You should compare all the files and directories of your site for changes after the programmer has done his work. You can use file managers, the diff utility, the version control system like git etc. You will find all changes what was done and if this developer has done something wrong you will see it. If he added an evil code into your site, you should immediately notify the community about this developer.

Add new comment

Spam protection
Enter the characters shown in the image.
You are reporting a typo in the following text:
Simply click the "Send typo report" button to complete the report. You can also include a comment.