How to Grant Vendor Access to a Site in xCloud
Use these steps when a developer, vendor, designer, or support provider needs access to a website hosted in xCloud.
For security, only give the vendor the level of access they actually need. If they only need to upload or edit website files, create a Site User for SFTP instead of giving full server/root access.
Granting xCloud Portal Access to a Vendor
1. Log in to xCloud
Go to your xCloud portal and log in with your account.
2. Open Team Management
From the xCloud dashboard, go to:
Team / Manage Team
xCloud allows team members to be added and assigned permissions through team roles. Permissions can be adjusted from the team role permissions area. (xcloud.host)
3. Add the Vendor as a Team Member
Click the option to add or invite a new team member.
Enter the vendor’s email address.
Example:
vendor@example.com
4. Assign the Proper Role
Choose a role that gives the vendor access to the needed site or tools.
Recommended access levels:
| Vendor Need | Recommended Access |
|---|---|
| Manage WordPress only | WordPress Admin account inside the site |
| Edit files only | Site User / SFTP access |
| Use File Manager | Site access + File Manager permission |
| Database work | Database/Adminer access only if required |
| Server-level troubleshooting | Sudo/server access only if absolutely required |
Avoid giving billing, account owner, or full server access unless the vendor is trusted and the work requires it.
5. Confirm Site Access
After the vendor accepts the invite, confirm they can see the correct site in the xCloud dashboard.
Granting File Manager Access in xCloud
1. Open the Website in xCloud
From the xCloud dashboard, go to:
Sites → Select the Website
2. Go to Access Details
Open:
Access Details → File Manager
xCloud’s File Manager is disabled by default and can be enabled from the site’s Access Details area. Once enabled, you can launch it from the dashboard. (xcloud.host)
3. Enable File Manager
Toggle:
Enable File Manager
Then click:
Launch File Manager
4. Provide Vendor Access
The vendor must have the proper xCloud team permissions to access the site and File Manager.
Do not send your own xCloud login. Add the vendor as a team member instead.
5. Disable File Manager When Done
After the vendor finishes their work, disable File Manager again unless ongoing access is required.
xCloud also has global File Manager settings under Team → Customization, where File Manager access can be kept always enabled or automatically disabled after a set duration. (xcloud.host)
Granting SFTP Access to a Vendor
Best Practice: Use a Site User
A Site User is the safer option for vendor SFTP access because it is limited to that specific site’s files. xCloud describes Site Users as users tied to a site who can use SSH/SFTP but are restricted to that site, preventing access to other sites or sensitive system files. (xcloud.host)
1. Open the Site in xCloud
Go to:
Sites → Select the Website
2. Find the Site User / SFTP Access Area
Look for the site’s access, SSH, SFTP, or user management section.
Depending on your xCloud layout, this may be under:
Access Details
Site Users
SSH/SFTP
Developer Tools
3. Create a Site User
Create a new site user for the vendor.
Use a clear username, such as:
vendorname_site
Example:
john_agency_cloudfixer
4. Set Authentication
Use one of the following:
Password authentication
SSH key authentication
SSH keys are preferred when available.
5. Send the Vendor the SFTP Details
Send only the details they need:
Protocol: SFTP
Host: server IP address or hostname
Port: 22 unless changed
Username: the site user you created
Password or SSH key: provided separately
Remote path: site directory if needed
Do not send root credentials unless the vendor truly needs server-wide access.
6. Test Access
Ask the vendor to connect using an SFTP client such as:
FileZilla
WinSCP
Cyberduck
Transmit
Confirm they can access the correct site files.
7. Remove Access After the Work Is Finished
When the project is complete:
Disable or delete the vendor’s xCloud team account
Delete or disable the Site User
Disable File Manager if it was enabled
Change shared passwords if any were used
Review site files and recent changes
Take a fresh backup
When Root or Sudo Access Is Needed
Only use this for trusted technical vendors who need server-wide access.
xCloud notes that sudo users can access the system and view or modify all sites on a server, so this should be handled carefully. (xcloud.host)
For root-level SFTP, xCloud’s documentation shows the connection generally uses:
Protocol: SFTP
Address: Server IP
Username: root
Remote Path: /var/www/
The /var/www/ path is where site directories are located. (xcloud.host)
Do not provide this level of access to a normal vendor unless absolutely required.
Recommended Vendor Access Policy
Use this as your standard rule:
WordPress work → WordPress admin login
File edits → Site User SFTP
Quick file check → Temporary File Manager access
Database work → Temporary Adminer/database access
Server troubleshooting → Temporary sudo access
Never give more access than needed, and always remove vendor access when the job is complete.