: Prevent an associate from changing the Joomla administrator password that they know? How is it possible to prevent my freelancer from changing behind my back the Joomla! administrator's password
How is it possible to prevent my freelancer from changing behind my back the Joomla! administrator's password used for getting to the backend of the Site and that I was compelled to let him know for carrying out his duty? Is there the possibility of forbidding such a fraud? Is there any warning to me, should that freelancer try to change the password?
More posts by @Jessie594
2 Comments
Sorted by latest first Latest Oldest Best
There is a solution, albeit a paid one.
Use RS Firewall, set up "master password" (the password to protect RS Firewall settings), and mark your user as "prevent changes to this user".
Of course, if the freelancer have direct access to the database, there is absolutely nothing you can do to protect the site itself.
Be sure to make VERY clear to your hosting company that you are the owner of the account, and only you have the power to decide anything. Tell them that only mails from your e-mail should be valid for requesting changes, and don't use an e-mail from the hosting to do that (the freelancer can log in to control panel, change your pass, use your e-mail, and request changes). If possible, make very clear that you don't trust your developer (say that it is company policy to never trust a developer, or something along that line).
And if you are going to terminate a dev that you don't trust, delete his account and change ALL passwords at a time that you know he is asleep, then terminate him the next morning. NEVER leave any access open AFTER you terminate him.
Most importantly: Evaluate the reason you don't trust him. Many times I saw a client distrust a dev because he himself couldn't be trusted (its a psychological thing that people prone to take advantage have, I don't know really how to explain that). So, if you plan to sidestep your dev, think again.
If a Dev is honest, and you burn him, he can call upon his friends, or devote his resources, and either pay back, or stain your reputation badly. If a dev isn't honest and you hire him anyway, well, you know where you are sticking your nose into (I background check anyone I hire, even for small gigs, and I don't mind of being checked for a job I want).
Good luck
If you granted Super Administrator access to the freelancer, there is no chance to prevent him from changing anything, including passwords.
You should take a backup of your database (especially #__users ), and be sure to have direct access to the database (eg using phpMyAdmin). With that, you can easily restore your password in case of your freelancer's misbehavior and thus re-gain access to your Joomla! installation.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.