Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Hiring a Magento developer, security questions……
 
avozz
Jr. Member
 
Total Posts:  1
Joined:  2011-05-24
 

My Magento programming is not great, so I hired a Magento developer.
He has just finished creating my site and what I found out is that he totally removed the Settings tab in the Admin page.

My questions are:
1) Is it fair for me to not have access to the Settings tab at all? Should I talk to him to put it back?
2) Without the Settings tab, how do I check if he has not also set himself as an admin and come in to check my sales and customers data?
3) Or even with the Settings tab, is it easy for him to sneak into my store without me knowing?

He is more of like a one-man developer, not an actual company.
I am very worried about the security for my site!!
Any other advice.....??

 
Magento Community Magento Community
Magento Community
Magento Community
 
TRMMarketing
Sr. Member
 
Avatar
Total Posts:  145
Joined:  2009-11-29
 

I am unsure what your contract with your developer is but not having full access to the website would be troubling. However, if your developer is playing games, you can reset their admin password via the database, then login and retake control of your website. I would also recommend changing the database password and possibly the username as well. You will have to change the database information in your app/etc/local.xml

If the developer had access to your hosting admin panel, make sure to reset all email passwords and make sure that none of the accounts are being forwarded.

Change all FTP passwords, and control panel passwords.

This is a start but will not help if they have some other form of backdoor setup on your system. In the future, I would recommend hiring a consultant to work on your behalf. They will have the experience and knowledge to keep your platform secure while utilizing outside development firms.

 
Magento Community Magento Community
Magento Community
Magento Community
 
JohnPerry
Jr. Member
 
Total Posts:  21
Joined:  2013-11-13
 

You can hire magento developers for part time and full time from here

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top