When you are purchasing a website from someone, there are always those risks associated with the purchase.  Will the buyer deliver the goods after I make payment?  Will the claims made by the seller prove to be true and accurate?  Did I make a sound investment?  Those are typically the first common thoughts that pop into people’s minds when they think about the risk a buyer assumes.  Lately, however, I am learning that there can be even a broader scale amount of risk involved that I don’t hear people talk about very often.

Keeping Your Server Secure

Since I haven’t mentioned it in the article itself so far (only in those large letters that make up the title), let me just tell you that I’m a seller.  I currently make it my living solely by developing, designing and flipping websites.  Recently I’ve been hearing more and more similar stories from my clients about buyers that have violated their trust.

For example, in one situation the buyer had provided the seller with the login to their entire site control panel.  Once the seller had access to this, they proceeded to login to the account, copied all of the buyer’s previously existing websites and then proceeded to sell copy cat versions on Flippa.   There is definitely a risk and a danger in granting too broad of access to someone on your server; particularly if you have never had any type of established rapport or relationship with them.

What Can Be Done?

Thankfully, there are some definite, easy-to-implement measures that you can take as a buyer to help safeguard yourself from this type of incident.

1. Never give a seller access to the control panel that manages all of your domains /addon domains.
2. Set up restricted FTP access for them so that they can only gain entry to the area they need to upload files to and nothing more.
3. Delete their FTP access or change the password as soon as their work is done.
4. If you are comfortable in doing so, set up your own database and request the database backup  file to import yourself.  Coordinate with the seller to let you know what configuration file you will need to edit in order to update it with  your new database settings.
5. If you are not comfortable importing your own database, then grant them access to phpMyAdmin (or similar) only for the site they are setting up.  If you are on a shared server and it is not possible to grant them restricted phpMyAdmin access, then it would greatly benefit you to learn how to do this step on your own.  It is really incredibly easy once you learn what to do.  We’ll cover that in an upcoming tutorial to show you just how easy it really is.