As a freelancer/consultant, I use freelancer sites like PeoplePerHour or
Most IT or web-related jobs done on freelance platforms are going to involve the exchange of sensitive data, specifically passwords, which is required in order to do the job. Clients will gladly share everything with multiple freelancers without a second thought, including their logins for control panels, hosting accounts, domain registrars, websites, and everything else.
This unconscious sharing of such details has massive security implications which I will address below and offer better and more secure alternatives.
Security Bad Practices
Firstly and most importantly, you should not post any sensitive information in the job chat/discussion on the freelancer sites (unless they are temporary logins that will be revoked/changed). These conversations are stored in plain text and not encrypted in any way and can be viewed by anyone with access. Certainly, in the case of PeoplePerHour, upwork and Fiverr, I have asked them directly and they have confirmed this is the case.
In fact Fiverr support even said outright to me that they do not recommend sharing passwords on their platform, even though it doesn’t state this anywhere on their site, they do nothing to discourage it and this is exactly what everyone does.
Secondly, your login details are for your own use, and everything that is done with your login credentials links back to you. If you share these credentials with multiple people and there is a security breach, you will have no idea who is responsible. If you are an employee and have a boss, then you will most certainly be blamed for the security breach, which could cost your company dearly.
Thousands of sites get hacked and data is
If any of the freelancer sites suffer a security breach, the hackers will have access to any data which is not encrypted, which includes all those login details that clients have entered in the chat with their freelancers. Not forgetting that the support staff can also read all your discussions as well, so any dishonest support agent could simply lift your login details and use them for illicit purposes.
Sadly there are also a lot of unscrupulous freelancers out there too, who will intentionally do damage to your systems in order to generate more work for themselves, or may seek revenge in the event of a dispute or disagreement.
I have had many jobs cleaning up after such situations and have found all kinds of back doors, insecure plugins, malware and extraneous logins that presumably had been created by other freelancers.
SECURITY GOOD PRACTICES
Ideally, you should find a single reliable freelancer/company who you are happy with and stick with them, rather than hiring a different freelancer each time. Not only is this better for security, but using multiple freelancers can also cause other problems as they are oblivious to what work their predecessor has done, and so will often break or undo each other’s work.
Sticking with the same person/company creates a relationship as well as a recurring income, which will, in turn, result in a better quality of work, fewer issues and less expense as they will know your systems and the work they have done before and be more inclined to keep you happy.
Plus any decent freelancer/contractor will use a task/project manager and will keep notes on the work he does for ongoing clients which also improves communication and project management.
Do not post sensitive information in the workstream/chat. An exception would be if you are providing a temp login which will be revoked once the job is done.
If you do need to give a freelancer (or anyone) temporary access to your accounts or website, then ideally you should provide them with their own login, not give them yours, which you should revoke (delete) once the job is done. You should also give restricted access where possible so the freelancer only has access to what is required to do the job.
If it is not possible to create a separate login for your freelancer, then you should always change your passwords after the job has been completed.
HOW TO SECURELY SHARE YOUR DATA
Create a Secret Link
There are a number of online tools which will allow you to share information with someone securely via a special secret link that is randomly generated just for you and only works once. As soon as the recipient clicks on the link to view the information, that link and all the information is destroyed.
This makes it safe to share that link via email or on freelancer sites, because the link only works once, so is useless to anyone else that finds it after it has been used.
OneTimeSecret is my favourite so far.
This tool allows gives to a large text area, allowing you to share any amount of information in one go. It also allows you to put an optional time limit on the link (how long it will stay active for) and also an optional passphrase to protect the link as well. So you could then provide the password via phone or SMS to make it extra secure in case the recipient won’t be checking the link immediately or there is any chance of it being intercepted.
A few other solutions include- 1ty.me | Saltify | password.link
Cloud document sharing
Everyone has access to cloud storage and the ability to share files and documents FOR FREE.
I come across a surprising number of people who are unaware of this, but every single Windows user has access to OneDrive by default. It is part of the Windows operating system and allows you to sync up to 5GB of files to the cloud for free. You can then share these files with anyone simply by sending them a link.
Even if you do not use Windows, you can still get a free Microsoft /
OneDrive account.
So you could temporarily put all the info you need to share into a text file or word doc, and share that link with your freelancer. Once the job is done, unshare that file and delete it. You can also password protect the share for added security.
If you do not know how to share files with OneDrive, then please read this article “how to share files with others using OneDrive“.
You can also do the same with Google Drive, which you also already have access to if you have a free Gmail account or use Google Workspace.
Use a password manager
Using a password manager is something I recommend to everyone. It will remember all your passwords and other personal info for you, software licenses, bank details etc. It will automatically log you into websites, fill in forms, generate strong passwords for you and more.
Some of the most popular solutions are 1Password, Bitwardenand Dashlane, some of which offer a free edition, although there are many other apps available which vary in features and simplicity.
Password managers are also the most secure way to share logins and other sensitive information with your freelancer and then revoke the share once the job is done. You simply choose to share a login, enter the
As a result the login details are never shared in plain text, as the freelancer will only use the password manager.
WORDPRESS ACCESS
I am going to mention WordPress specifically because this is something I deal with a lot, since I build, support and manage WordPress websites.
In almost every WordPress job I do, clients will send me their own admin login, which they have sent to every freelancer before me, who still has access as the password has never been changed.
If you need to give someone permanent access, then create a new admin user just for them, if just need to provide temp access, then I suggest using the “temporary login without password”