Tips for giving a developer access to your hosting account

If you need to hire a developer, designer or any other type of contractor, there will likely come a point where they need to access your hosting account. If you’re using a control panel that allows multiple account logins, you may be able to create a login with limited access for the contractor to use. If you’re using a control panel like CPanel, one which only provides a single sign on, things can get a little more complicated.

Providing a stranger with your account login has risks, especially when there is live data on the account. If the contractor is someone you’ve only recently met from a site like Elancer, Guru, or Freelancer, you should lean to the side of caution. This isn’t to say that these developers are bad (I myself can be found on each site). It’s more of a warning to be aware that some lack a moral compass. Doing something damaging to your existing data or outright stealing information is well within the realm of possibility.

So what can you do in order to provide a developer access to your CPanel account? Depending on what the developer needs to do, you may be able to grant access to specific functions.

Create an FTP Account

If the developer needs to access your file system, you can easily create an FTP account in CPanel. We provide a tutorial here which can guide you through the process. Once the account is created, it will provide the developer access to the chosen directory (and it’s subdirectories) so they can work with the files within. Often times, this is all that is needed.

Once the developer has finished their work, you can delete the FTP account to remove access.

Install the Application Yourself

If the developer will be using an off the shelf piece of software such as WordPress, Joomla, Drupal or Prestashop, they would typically need access to your account in order to setup a database. To avoid giving them access for this task, you can install the software yourself. If you have Softaculous or Fantastico on your CPanel account, you can instantly install any of the applications I’ve mentioned, along with hundreds of others. It will create the file system, database and database user in about one minute.

Some applications require you to manually create a database. Application frameworks like Codeigniter, CakePHP, and Laravel are pieces of code used to build on. There is no database until you create one. Fortunately, we also have a tutorial on manually creating a database in CPanel.

Reseller account

Having a new site developed when you have a reseller account is an easy process. Simply create a CPanel account for the developer to use. You can also limit the features of the account, such as removing Email or SSH. Instead of purchasing a domain, you can setup the account using a subdomain of an existing domain. For instance, if you have example.com on your reseller account, you can create this account using the domain dev.example.com.

Once the developer has completed their work, you will have a full working site in a real environment. From there you can backup the account and copy the files into your live location.

If you are a web developer, this is a great way to manage your own development. I make frequent use of creating under CPanel accounts because it allows me to work in a live environment without affecting the real website.

What to do after giving a developer your login

In some cases you may have to provide the master login for your account. If that’s the case, there are steps you must take in order to limit the various risks involved.

Make sure you have real contact information for the developer. Get as much information as you can. A single email address will not do it, especially if it’s a GMail, Yahoo! or other disposable address. At the very least, get a phone number.

Sign a contract. I myself have signed NDAs (non disclosure agreement) which are used to protect the client. I understand why they are necessary. Some developers like to show off their client list, which is fine. If you are OK with the developer doing so, put that in the NDA, but make sure there is information contained to prevent them from taking or utilizing your data without your consent.

Backup your data. CPanel makes this very easy. We have a tutorial which walks you through taking a full CPanel backup which automatically includes your files, email, database and more. If the developer breaks something that they can not fix, you will have a backup of your site.

Always change your password after you’ve allowed anyone into your control panel. Make sure it is a difficult password to guess. It’s also recommended to change the passwords on anything else you’ve given the developer access to, including databases, email, and content management systems.

Run a virus scan after they are finished. Part of my work has involved cleaning up after various developers. I could tell some very horrible stories of what I’ve found in customer accounts. The worst has been finding hacked files that were infected with malware. These files were likely from less than reputable sources, so the developer who installed them may not have been aware of their infections. The customer would pay the developer and soon after find their websites hacked or being used to blast out thousands of spam emails a day. This causes more headaches because a web host will often shut down a site if it is spamming, regardless of why it happened.

If you have an account with 6Scan or Sucuri, run it as well. If you do not have one, it’s recommend that you purchase one. Both companies make it their business to clean up hacked sites and prevent future issues. Even if you aren’t allowing a contractor into your site, either of these services are good to have to help prevent future issues.

Now that you have the tips to help you give a web developer access to your hosting account, you will have a much better chance of keeping your account safe. As a web developer and server technician, I know what can happen when bad developers get into your system. The information provided should help reduce the risk. If you have any additional tips, feel free to leave them in the comments section below.

10 Hosting Terms You Should Know

If you are just getting started as a webmaster, there are a few terms you’ll come across that you may not understand. To make it easier for you, we’ve compiled a short list of 10 common web hosting terms that you should know.

Data Transfer (Bandwidth)

Each time a file is uploaded to or downloaded from your hosting account, you are using a resource called data transfer (some hosts refer to it as bandwidth). This transfer of data is often unlimited on shared hosting and may only count for outgoing traffic (downloading).

Storage

Each file of every website takes up space. The space used comes from an allotment of storage space on a disk drive on the host server. The amount of storage space is often unlimited on shared hosting, but this does not mean it is limitless.

Inode Count

One often overlooked limit in web hosting is the inode limit. Each file and directory represents one inode. If you have 20 files and 3 directories, you are using 23 inodes. The inode limit varies between web hosts, but it’s common to have a limit over 150,000. You should check with your web host to find out what your inode limit is.

CPanel

One of the most popular web hosting control panels is CPanel. It has been an industry leader for over a decade. This control panel provides a large list of features to manage nearly every aspect of your hosting environment. CPanel offers email setup, file management, DNS configuration, IP blocking, statistics software, error log viewing, easy redirects, and much more.

WHM

If you need more than one CPanel account, you need WHM. WHM (Web Host Manager) is a control panel that manages your web hosting environment. It provides many configuration options and makes it easy to create unlimited CPanel accounts. Many people use WHM to resell hosting services using the built in Package feature.

FTP

FTP is a method of transferring files from your computer to your web hosting account. Using software called an FTP Client, you can upload files to and download files from your web hosting account. You can also mass delete files and directories. For a list of FTP Clients, check out our article Getting Started with Building a Website.

SSH

If you need to interact with your hosting account and file system on a command line level, using SSH is the way to go. SSH creates a secure connection to the server so you can run various commands in the server shell.

Addon Domains, Sub Domains and Parked Domains

If you want to use multiple domains on the same hosting account, you will use the Addon Domain feature of your control panel. Each domain will appear to be on their own hosting account to anyone who views them, but they will each run from the same hosting account. Keep in mind that this means each domain will pull from the same pool of resources. You must own the additional domain that you would like to use as an addon.

If you would like to direct an additional domain to the same site the primary domain is showing, use the Parked Domain feature. You must own the additional domain to park it.

The easiest explanation for a sub domain is this: sub.domain.com. The domain itself is domain.com. The sub. is the sub domain. This feature is often used by web sites which want to separate areas of their website, such as blog.domain.com. Sub domains do not require additional domains to be purchased.

Softaculous

When you want to install a popular piece of web software, look into Softaculous. Softaculous is a one click installer that boasts a massive library of more than 300 applications and scripts. You can quickly install WordPressJoomlaPrestashopMagento, CodeIgniter, phpBB, Dolphin and many more.

Unlimited

Contrary to what it sounds like, this typically does not mean you have an endless amount of resources. Storage space, one of the primary unlimited features, has a limit. Disk drives only have so much space, and the more drives and files there are, the harder it is on the server. If you are considering a web host that offers unlimited resources, ask the host for more specific information. If you plan to host 50GB of content and serve it out to 30,000 people a month, make sure your host allows that on the plan you’re considering.

While this isn’t an exhaustive list of common terms, these are things you should get to know well. They will help you understand your hosting plan better and how to interact with it.

What is a VPS?

Many web hosts offer a product called VPS (virtual private server). You may have seen it on their service listing, or perhaps received a recommendation from your web host to upgrade to this option. In this article, we’ll explain what a VPS is and why you should consider one.

A VPS is the middle ground between a shared hosting account and a dedicated server. It acts like a dedicated server, running it’s own copy of the operating system a container. It comes with a specific amount of RAM and CPU power for your hosting environment for your operating system, server software and website to utilize.

Typically, you are allowed to run various software that the OS can support, including those not allowed on shared hosting (such as chat and other resource intensive applications). This doesn’t mean you can run everything ever created, but you are usually allowed to run applications that are banned from a shared environment.

data-center-2

A VPS usually comes in two flavors: user managed and host managed. While each company will have their own definition of user and host managed, this is the typical meaning of each:

User Managed VPS (also called ‘unmanaged VPS’ or simply ‘VPS’) is a blank install of the OS of your choice, with no control panel and little support from the hosting company. In fact, the support is usually limited to network and hardware issues. In many cases, you can reinstall your OS at any time with only a few clicks. The service comes with root access so that you may handle installation, configuration and maintenance of your hosting environment. At least one dedicated IP address is provided.

Host Managed VPS (also called ‘Managed VPS’) includes a control panel and full support from the hosting company for network, hardware, and the server environment configuration. It may or may not come with root access. A Host Managed VPS is usually very similar to a Shared hosting account, but with less chance of neighbors on the server causing problems and more flexibility in terms of configuration. At least one dedicated IP address is provided.

Why should you choose a VPS

There are a few reasons why you should choose a VPS. Below is a short list of several common instances when you should opt for a VPS.

Your site has outgrown a shared host

Does your website need to move to a VPS?
Does your website need to move to a VPS?

As a website grows in popularity and/or complexity, it will naturally consume more resources. When this happens, your site will eventually reach a point where it needs to move beyond a shared hosting environment. Moving to a VPS will allow your site to grow into the new pool of resources provided by the plan you choose.

You need root access

Some webmasters require root access. It may be for configuration of the website and software or for access to logs when something goes wrong. Since a web host is never going to provide root access for a shared server, you will need to go with at least a User Managed VPS. This will allow you to log in as root and do anything to your operating system and server software that you need.

You need to run software which is banned on shared hosting, is resource intensive, or requires an OS different than that of a shared plan.

chat-smaller-smushitSome software is banned from shared hosting for good reason. Software which is resource intensive or may otherwise cause problems for other shared accounts will not be allowed to run on a shared environment. You can usually find a list of such software in your web host’s Terms of Service or Acceptable Use Policy. In many cases, much of this software can be used on a VPS, though you should double check with your host prior to purchasing a plan.

Some software is OS specific. With many web hosts using CentOS Linux, running software that is made for Debian would require a different OS. With a User Managed VPS, you can typically choose from a list of available operating systems in which to use.

You need to send bulk email

Shared servers will usually have an hourly email sending limit which will stop email from being sent once you reach that threshold. This is to prevent mass spamming and bulk emailing. If the limitation is not network wide, you may be able to avoid the limit by using a VPS. If you need to send bulk email, check with your service provider about sending bulk email via VPS, and if there are any hourly sending limits that you may face.

You want to store large files

Software like ownCloud allows you to backup files to your hosting space to store and share with others. Your web host may have rules against storing files that are unrelated to your website. These rules don’t always apply to VPS and higher. If you need to store files, in particular large files, a VPS is usually the place to do it.

You want to reduce the risk of issues from other customers who share your server.

A VPS is a shared environment of sorts. There are other people on the server with you, but each account is privatized within it’s own operating system container. This reduces the chances for others on the server to cause headaches for you. On a standard shared hosting plan, your server neighbors have a much greater chance of breaking things for everyone on the server.

You Need Additional Configuration Changes

Some websites require changes to various settings in the hosting environment. While your hosting provider may allow you to change PHP.ini settings, they are unlikely to allow you to modify how many concurrent connections can be made to your site (how many people can be on your site at a single instance). Limitations on entry processes and MySQL connections are among some of the most common ceilings that people hit. With a VPS, these can be modified to a higher value.

When to Move to a VPS

WorkingIf your web hosting provider is suggesting an upgrade, don’t just brush it off as a greedy attempt to get more money out of you. Evaluate the reasons behind the request. If your site is breaking a Terms of Service rule for Shared Hosting, there is likely little you can do other than remove the cause for the infringement or upgrade. If the reason is because of resource usage, you may be able to hold off moving to a VPS.

Your website should be as tightly optimized as possible. Make sure your code is strong and well written. If you are working with a system like WordPress, use thoroughly vetted optimization plugins and remove any outdated or unused/deactivated plugins. It is also a good idea to utilize services such as Cloudflare to deliver cached versions of your content, thereby reducing the resource usage on the server. Cloudflare also filters incoming traffic to help prevent malicious users and comment spam.

If optimizing your website isn’t enough, moving to a VPS is going to be the best next step. If you are moving to a Host Managed VPS, the upgrade is relatively painless. A good web host will take care of migrating your account for you. All you will need to do is update the nameservers for your domain.

Using a VPS has several advantages for a website, but make sure you get the correct product. If you are not comfortable working with a user managed product, one which requires you to handle everything about the OS and server software, get a Host Managed VPS. You will pay more for it, but the peace of mind is worth it.

What is Unmanaged Hosting?

If you are searching for a hosting provider which offers services beyond shared hosting, you will likely come across the term unmanaged hosting. This term may sound odd. Shouldn’t all hosting be managed? Let’s explain what unmanaged hosting is.

Each host will interpret the term unmanaged hosting in their own way, but the following is a fair definition of what unmanaged hosting is:

Unmanaged Hosting
Web hosting in which the provider manages the network and hardware of the server, but very little (if anything) else. Unmanaged hosting is a term typically used for VPS, Cloud and Dedicated platforms, sometimes referred to simply by the type of hosting (such as VPS as opposed to Managed VPS), or called user managed.

The unmanaged hosting environment is often chosen by someone who knows how to handle a server environment and requires resources higher than that of a standard shared hosting platform. Also, it will usually come with root access to the server to allow the customer the ability to configure the server the way they want, and install various software which may be unsuitable for shared hosting. For instance, someone wanting to run a resource heavy chat client would choose an unmanaged VPS or dedicated server to run their application, something usually prohibited by shared hosting terms of service policies.

Unmanaged hosting is usually less expensive than it’s opposite, managed hosting. This is because the cost of additional labor to handle configuration and troubleshooting, as well as provider installed software is not needed. However, the cost is only worth it if you know what you are doing. If you feel comfortable with an unmanaged platform, go for it. If not, you may want to check out managed hosting.

What is Managed Hosting?

A term you may see mentioned by several web hosts is Managed Hosting. Those who are shopping for a platform above that of regular shared hosting, such as VPS, Cloud or Dedicated, will likely see this term on hosting websites. But what exactly does it mean?

While every host will have a different interpretation of their services, the following definition provides a pretty fair idea of what managed hosting is:

Managed Hosting
Web hosting in which the hosting provider manages the network, hardware, and configuration of the hosting service. Often referred to in VPS, Cloud and Dedicated services, the host typically handles the service in the same way (or close to) they do their shared services, but with the addition of more advanced configuration.

The managed hosting environment is typically the option chosen by someone who doesn’t know how or doesn’t want to have to manage the server themselves. For instance, a small business who has a bustling website that is too popular for shared hosting will often choose to upgrade to a Managed VPS so the host can continue handling the server, and they can keep up with their business.

Managed hosting is usually more expensive than it’s opposite, unmanaged (or user managed) hosting. The premium cost is there to cover the additional labor and/or features that come with managed hosting. Still, if you don’t know much about managing a server environment, the extra cost is worth it, as you won’t have to learn to become a server administrator overnight.

What is a web host?

A web host (website host) is a company that offers a place for your website to live, making it visible to the world. They offer space on what is called a server, a powerful computer configured to run websites and web applications.

An easy way to think of a web host is like a land owner. Your house is your website, and the land owner is the web host. Without the land the land owner has, your house has no where to exist. The same is true for a web host.

A web host will typically offer web hosting in a variety of types, with the most common being shared hosting. Some web hosts offer hosting services for free, while most charge a fee. To explain the typical differences between free and fee based web hosts, we’ve created a small list below:

Pros of Typical Free Web Hosts

[checklist]No cost
Simple to moderately advanced web builder
Instant setup
Free site templates
Free site tools (guestbooks, contact forms)
Paid hosting upgrades
Free URL[/checklist]

Cons of Typical Web Hosts

[xlist]Include advertising on your site
May not allow personal domain names (your own .com)
May not offer programming engines like PHP, Java or Ruby
May not offer databases
Do not allow DNS editing
Do not allow your own SSL
Hugely limited storage
Hugely limited bandwidth
Free URL is branded with the host’s name
No support for popular web applications like WordPress, Joomla, or Magento.
No ecommerce support[/xlist]

Pros of Typical Paid Web Hosts

[checklist]No advertising
Supports PHP, MySQL, Python, and Perl. Some also support Java and Ruby
Supports multiple (sometimes unlimited) email accounts, MySQL databases, addon domains, parked domains, and subdomains.
Huge storage
Huge bandwidth (unlimited in many cases)
Supports domain
Auto installers to provide installation of popular web applications
Allows SSL Certificates
Allows DNS editing
Greater upgrade possibilities[/checklist]

Cons of Typical Paid Web Hosts

[xlist]Not free
Often requires domain name without option for free URLs[/xlist]

As you can see from the list, a paid web host is going to offer a lot more than a free host. It also won’t negatively affect your web presence as much as a free host. You don’t want your design impacted by forced advertisements or your URL showing off your web host.

No matter which web host you choose, make sure they can support your site in it’s current form and as it grows. Moving from one host to another is a hassle that is better left avoided if possible.