Is it secure to provide aisite with access details for my website or server?
CMS2CMS support technicians may require access to a website, web server and database in order to investigate issues or fix the reported problems.
We completely realize that this kind of access information is highly confidential, and is best kept private. With this in mind, we ask for access credentials to your website only when it is absolutely indispensable.
We have taken every precaution to ensure that our systems which deal with access information are highly secure and reliable. Still, there are additional precautions that we recommend our clients take before providing us with access details.
In all cases when access to a website is requested, we will make it clear to you exactly what kind of access is needed, and for what reason.
- When providing a technician with your website access credentials, it is best to change the password of the admin account being provided temporarily while the issue is being resolved by us.
- Once your issue has been fixed, you should change the passwords of all provided accounts as soon as possible.
- In all cases where access to your website is needed, the technician will explain to you what kind of access is necessary.
Access to your website
Depending on the task which needs to be performed, a CMS2CMS technician may require access to your website. We strongly recommend you to change the password of Admin/FTP accounts being provided with a random password for CMS2CMS support duration period of investigation, with only the essential permissions to your website.
- Change the existing password of the user/staff account with a random and complex password.
- Right after your issue has been fixed, change the passwords to all provided accounts.
Access to a website administrator account
More often than not, we will require access to an administrator account on your website. Follow the steps outlined in the Access to your website section of this article.
Access to an FTP or SSH account
In order to investigate the problems, CMS2CMS support may require access to the files of your website. Follow the steps outlined in the Access to your website section of this article.
Make sure that this account is a user-level account that has access to the directory where your CMS software is installed, unless our technician specifically requests an unrestricted access account (see below).
‘Root’ (unrestricted access) to your server
If a technician asks for ‘root access’ to your server (a root account with unrestricted permissions), please do not be alarmed. Only in the rarest of cases will we ask for this type of access – i.e. when our ability to diagnose and resolve your issue absolutely requires it (such as generating or monitoring server logs, or making server configuration changes).
When providing us with root/unrestricted access to your server, it is imperative that you follow the temporary account creation steps outlined in the Access to your website section of this article.
Firewalls and IP based authentication
If your systems use or are protected by IP address authentication (e.g. if you have a firewall), please let us know about this and we will provide you with the list of our office IP addresses to allow through.