Protecting Your Websites on Bluehost
One of the problems with virtual workers is that until trust is established, you can not give strangers full access to your budding empire. It is imperative that you instigate ways to protect your websites from accidents or sabotage. If you have several different websites (and if you do not, why are you reading this?), You need a way to isolate them from each other.
It can be foolhardy to hand cPanel control over to an unknown webmaster. It is possible to do great damage from the cPanel screen. The list of problems you can have when you give out uncontrolled access includes; shutting down your websites (through incompetence or malice), shutting down your entire account at Bluehost (through the webmaster breaking the Terms of Service), to having your account hijacked and held hostage.
If any of your sites are your source of income, however small, you do not want that site to be the experimental stage for budding webmasters. So how can you both test applicants and protect your sites? I have several sites that have been established for years. I also share the webspace with a business partner. There is no way I can give an untried, untrusted person full cPanel access to my Bluehost account.
I have come up with the following procedure to isolate my websites. My method involves setting up a password protected FTP account to the folder that contains the files for my test site. All of my Bluehost sites are Add-on domains. Of course, I have password protected FTP access to the root domain, which gives me access to all of the sub-folders.
For security purposes, when I want to test a new prospect webmaster, I first create a new Add-on domain in Bluehost. This involves purchasing the domain name, creating the account as an Add-on domain, installing the basic version of WordPress, and creating a backup. This takes about 30 to 45 minutes.
I then set up a new FTP account, password protected, to allow my prospective webmaster the ability to transfer files to and from that website's root folder. I then add an account in WordPress for the new user.
Here is a procedure you can use to assign each of your websites a separate FTP login and password:
Start out by logging in to your Bluehost account:
Scroll down to the Files section and select "FTP Accounts"
You will arrive at a new window that allows you to add an FTP account, named "Add FTP Account".
For our purposes, we do not want to use the standard options. We want to create unique FTP accounts for the domain or sub-domain just created. This will allow the prospect webmaster access to only that domain.
So, create a unique Login ID for this individual account. Make sure that your login info for the Add on domain is NOT the same as your master FTP account.
Password can be either created by you or you can use the auto generate function built in to the Bluehost page.
Note that the program automatically filled the "Directory:" field with a directory of the same name as your login. This is because the standard use for this tool is to create new directories. In our case, we are creating an FTP account for an existing directory, so we will have to change that entry. Change the "Directory:" pointer to point to the directory of the site that you wish to provide access to. It is important that you point to the correct directory, this will be in the form "/ home / mainsite / mysite".
I leave the "Quota:" set to unlimited. You might want to set limits on your sites, but I have not found it necessary.
Next, Press the "Create FTP Account" button.
You will see an info screen once the account has been created. This is the username and password for FTP access to that folder. You must give this info to your webmaster so she can access the account with FileZilla. Naturally, keep a copy for yourself.
Next, test the access using my favorite FTP client, Filezilla.
Open your FileZilla program.
Select "File Site Manager …"
Select "New Site" to create a login for your new FTP site.
Name your new site something creative; "mysite" is my favorite choice for demos.
Then enter the information to log in to your new site, using the information from the Bluehost account settings screen. To enter the info, you will also need to set the "Logontype:" parameter from "Anonymous" to "Normal"
Next, test your login by pressing the "Connect" button:
A successful connection will allow you to transfer files to and from the folder of your selected domain. You should not have access to any other folders on the hosting server with this username / password combination.
Now the user you designed can access the selected directory using the FTP information provided. However, she will only have access to that selected directory. This will prevent opening up all of your Bluehost domains and sub-domains to any single user.
Here are the advantages of this system:
The new user must use FileZilla (or an equivalent program) to add or remove files to the site. This is a test of basic web functions. I have had several applicants tell me that they could not perform this function. They were not invited to continue.
The new user must be able to use the built in WordPress account (Admin level, of course) to perform a WordPress upgrade, theme installation, and plug-in setup. If they can not perform these functions, they do not pass the screening.
The new user must be able to install and use my favorite backup tool, WPTwin, to back up the new site.
As your trust with the new webmaster grows, you can add access to other sites you own using the same method. If the employee proves to be not up to the tasks you assign, the password can easily be changed on that FTP account (under the "FTP Accounts" section of your cPanel), blocking their access to your site. You can then give out a new password to another applicant to allow access to the site.
The disadvantages are that you will have to have already purchased a URL, set up a site, and installed WordPress. As noted above, this usually takes me less than an hour. However, I feel that the peace of mind from taking these steps outweighs the pain of setting up the sites. The same sites can also be used again later, for future webmaster tests, allowing you to easily review your applicants.