Staging

About that issue I posted regarding staging on different domains, my hosting account on WordPress is through bluehost. I contacted them about this issue and they asked me to take it up with WordPress.

• This reply was modified 3 years ago by raniamz.
• This reply was modified 3 years ago by raniamz.

Staging is very complicated process which already requires either Administrator access to the site and installation of a plugin that provides staging functionality or access to the site’s hosting account to manually download/copy the site’s files and databases.

Either would require that you extend that access yourself to the person who eventually makes the staging site, so as with most things, we strongly encourage that you only give out this access to people you trust.

WordPress sites are entirely self-contained, and we have no more access to them than any normal visitor. Your only option here would to impress upon your develop that they stop doing this, or remove their access by changing your hosting account’s password and removing them as a user from the Users section of your WordPress site’s Dashboard.

@macmanx unfortunately I am not a developer. If you hire one (I know his mother actually), you need to trust this person and provide access so that they can do their work. There are many people like myself who are clueless about that hosting stuff, that’s why we need the hosting companies to make sure that before a site is staged on another domain or files are downloaded, the owners signature and some proof of identity is provided in a way that verifies that it’s actually the site owner who is requesting this download, or action.

• This reply was modified 3 years ago by raniamz.

Additional checks really wouldn’t help.

In order to create a staging copy of your site, they would already have to of been given access of a level high enough that you could completely wipe your site from the internet, an obviously worse fate.

As such, just like with giving someone your house keys or your car keys, you’re already assuming a certain level of trust when you give them that much access.

Your only options here would to impress upon your developer that they stop doing this, or remove their access by changing your hosting account’s password and removing them as a user from the Users section of your WordPress site’s Dashboard.

@macmanx Thanks for the tip. I did remove access from cPanel, but someone who knows them (or doesn’t) managed to register and I received an email saying that it’s from that staged site. I can’t find that new user in my dashboard.
If WordPress tracks what’s happening on or with our sites, can’t they track this staged version and block it or something?
Just a thought. I did speak with the developer several times about this staging issues, but if he omitted the truth, then he has no intention of doing anything about it, and in this case WordPress should try to help. It’s terrifying to think of how many similar cases can be out there.

managed to register and I received an email saying that it’s from that staged site. I can’t find that new user in my dashboard.

If they only registered in the staging site, they won’t be on your production site. They’re essentially two separate sites.

If WordPress tracks what’s happening on or with our sites, can’t they track this staged version and block it or something? […] and in this case WordPress should try to help.

WordPress is not a service, like Twitter or Facebook. It’s more like an application, like Microsoft Word or that Solitaire game on your computer.

As such, WordPress sites are entirely self-contained. We don’t control anything, we don’t track anything beyond what you see at https://www.ads-software.com/about/stats/ and we have no more access to your site than any normal visitor would.

It’s terrifying to think of how many similar cases can be out there.

I can’t stress enough that you need to have explicit trust in whomever you give Administrator access to your site and hosting account.

Personally, I recommend that folks manage their WordPress site themselves and leave third-parties out of it.

@macmanx The trouble is he has it live with testing on that site and it’s not fully developed. In other words he’s causing damage to the site before it’s launched, even though I pointed out this risk when I asked him several times to remove it. It’s hosted by WordPress in that staging environment too. WordPress should close it down. Let’s say I’m ignorant about how these works and hired a developer to build a site for me with a contract and all. Should WordPress staff punish me and not help when they can close this site down and get it off google search?

In other words he’s causing damage to the site before it’s launched

Staging sites are entirely separate from production sites. It’s a safe development ground to test things before they are sent to the production site.

Changes made on staging sites only affect the staging site until the developer pushes them to the production site.

It’s hosted by WordPress

Wordpress is not a hosting provider. As I have repeatedly explained, it’s software that is installed on a hosting provider.

Your hosting provider is whomever you pay monthly or yearly to host your site. It’s possible that hosting may be a service provided by the developer you hired.

WordPress should close it down. […] Should WordPress staff punish me and not help when they can close this site down

As I have repeatedly explained, we cannot help with this. Please refer to my previous replies about why, I’m not keen on repeating myself so much.

I wish we could help, but we simply cannot.

Ok… got it. Thanks for explaining what WordPress does exactly.

Should WordPress staff punish me and not help when they can close this site down and get it off google search?

Just to clarify this one more time for anybody who doesn’t understand.

“WordPress” is not a company. We have no “staff”. We cannot “close this site down” or have any effect of any kind on Google’s search results.

WordPress is a piece of free software. That’s it. It’s made by volunteers.

We all help make the software. We do not retain any control over its usage, whatsoever. We don’t run the hosting services, we don’t index any pages or do anything to make them live on the internet, and we don’t tell Google a single thing.

The software runs on whoever you pay for hosting, and it runs without our approval or knowledge or ability to control it in ay way. It’s free software. So, no, we can’t “close” anybody’s site or prevent anybody from doing anything they like with the software.

Just so that this is perfectly clear… See, people seem to not understand what WordPress actually is, and they often think we have some kind of magic power to control it. We do not have that ability.