What role to assign to a wordpress developer?

It depends on what you are going to want them to do.

To be honest, the majority of things that you’ll be engaging a developer for are going to need at least Administrator access, and most likely FTP access. With that, they will be able to pretty much see everything on your site.

There’s two things that you can do in this situation…

First, take a complete backup (files AND database) before any work starts. That way you will have that if anything does go wrong.

Second, if you can’t trust that developer enough then find another developer that you can trust. That may sound harsh, but that is really what it comes down to.

ok I’m just a bit wary because I’ve never used one before — I’m looking for some pretty extensive plug-in manipulation. Generally speaking, for a beginner, would it be safer to hire someone in the same country as you (i’m based in the US) right so you can have them sign non disclosure agreements and T&C’s?

or will it not make a different ultimately?

Hiring a US resident will give you some peace of mind because you have some legal recourse (assuming a valid contract is executed) if things go sour. But you really don’t want to go there if at all possible. It’s best to try to fully vett any prospective developer as much as you can. Verify their CV claims where possible. Contact their references. Try to interview them face to face or at least over video chat. People’s faces reveal a lot of subtextual clues. Execute a written agreement about what’s expected from both parties. It doesn’t have to be drawn up by a lawyer, but it should clearly outline everyone’s responsibilities.

@bcworkz Thanks — and I just learned about staging websites. With a staging website, I can prevent the dev from accessing any customer info correct? If the staging website only has fake customer data, and I only ask them to make plug in modifications, I can just migrate the plug in modifications the live site correct?

Anything I’m missing?

It depends on what sort of access they are granted and where your real customer information is kept. And where your staging site is kept for that matter. If on entirely separate servers, then customer data is probably safe. Staging is often in a same server’s sub-directory and works off the same mySQL server. If access is not carefully partitioned off someone could possibly get to the customer data if they were so inclined.

At some point staging will need to be moved to production. Unless you will handle that yourself, the access necessary to move would likely expose customer data. It always comes back to there needs to be trust.