Is it secure to provide CMS2CMS with access details for my website or server?
Posted by Olena Kerentseva on 28 November 2014 02:35 PM
CMS2CMS support technicians may require access to a website, web server and database in order to investigate issues or fix the reported problems.
We completely realize that this kind of access information is highly confidential, and is best kept private. With this in mind, we ask for access credentials to your website only when it is absolutely indispensable.
We have taken every precaution to ensure that our systems which deal with access information are highly secure and reliable. Still, there are additional precautions that we recommend our clients to take before providing us with access details.
In all cases when access to a website is requested, we will make it clear to you exactly what kind of access is needed, and for what reason.
Access to your websiteDepending on the task which needs to be performed, a CMS2CMS technician may require access to your website. We strongly recommend you to change the password of Admin/FTP accounts being provided with a random password for CMS2CMS support duration period of investigation, with only the essential permissions to your website.
Access to a website administrator accountMore often than not, we will require access to an administrator account on your website. Follow the steps outlined in the Access to your website section of this article.
Access to an FTP or SSH accountIn order to investigate the problems, CMS2CMS support may require access to the files of your website. Follow the steps outlined in the Access to your website section of this article. Make sure that this account is a user-level account that has access to the directory where your CMS software is installed, unless our technician specifically requests an unrestricted access account (see below).
'Root' (unrestricted access) to your serverIf a technician asks for 'root access' to your server (a root account with unrestricted permissions), please do not be alarmed. Only in the rarest of cases will we ask for this type of access - i.e. when our ability to diagnose and resolve your issue absolutely requires it (such as generating or monitoring server logs, or making server configuration changes). When providing us with root/unrestricted access to your server, it is imperative that you follow the temporary account creation steps outlined in the Access to your website section of this article.
Firewalls and IP based authenticationIf your systems use or are protected by IP address authentication (e.g. if you have a firewall), please let us know about this and we will provide you with the list of our office IP addresses to allow through.