I need to have some changes made to my Prestashop website. The freelancer says he needs ftp access to the back office. Do others allow access to their back office and is there risk?
Thanks.
Not sure what you mean by “back office”. But it does make sense that the freelancer needs FTP access if his job is to update the CSS … although I don’t know how Prestashop works. Is there a login interface were you can update styles? That could be an alternative. Also, it is possible to write and test new CSS styles in a browser without actually uploading them, so theoretically, the freelancer could send you the styles when finished, which you could then upoad yourself. However, if you don’t trust the freelancer to behave professionally, you perhaps should get another one. I would probably not do the work myself unless I were given FTP access. 
- In the meantime, make a new directory solely for the CSS file(s).
- Make a new FTP account for the freelancer, giving him/her write permission (777) ONLY for the the CSS directory.
After the freelancer finishes their work, simply delete their FTP account, move your CSS file(s) back to wherever you originally had them.
Alternately, if it isn’t only CSS files in question, but rather some kind of template like wordpress, just grant permission (777) only for that directory. However, if it is a template directory, before granting the freelancer access, I would first save a directory listing of the directory’s contents and sub-contents, and then do so again once the freelancer finishes. Then I would compare the two to make sure no shells or otherwise malicious files were added.
I have the opposite problem. They want to just give me access to everything from FTP and other site-related accounts to VISA cards, checking accounts, and everything else, and say, “Just fix it!”
Wow, the day clients start to give me access to their bank accounts, I’m back in business.
[ot]
Yep - me too. We must have very honest faces. [/ot]