How secure is it having multiple sites on same godaddy shared hosting account?
- If I give client their own ftp access to their directory – theoretically they can upload any php script they want and if they are adventurous/unknowingly install malicious script which can then modify/delete files across all sites. I wrote a sample script to test this which I placed in hosting/testsite/www/test.php and I managed to delete files in root dir(I didn’t yet check if I could go back down to other child dirs).
- Even if I wouldn’t give them ftp access but say they have WordPress with access to Admin Panel – they could always upload malicious theme/plugin with the same effect!
- Please add other loopholes that are caused by hosting multiple sites
So is there a way of blocking these loopholes (and others). Am I able to setup multiple users with each one only having permission to read/write their own site and say giving read only access to necesssarry root dirs (e.g. frameworks/cms’s). Remember I am specifically asking about shared hosting plans where probably there are more limitations. I have SSH setup but if possible what commands would I need(I couldn’t find anything in web interface).
Or this is the limit and I can only host multiple sites(with FTP/Wordpress standard Admin Interface) for clients that I trust that will not play around?
If all your clients are on the same account, then they will be able to access each other’s data. This is obviously a very bad idea.
Instead of using a single account, use a reseller account; this will let you give each client an individual account of their own; you can also bill them separately.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.