I’m managing a team of developers working remotely. The site is powered by WordPress with an assortment of custom plugins. I have no problem distributing the source code for our site, but I’m very hesitant to start passing around the production data from the database, which includes user’s names and emails, etc.
I know this is a common problem for developers trying to manage a production and development version of a project, so I thought there might be some common strategies out there. It even occurred to me that there might be some WordPress-specific solutions, which would be even better. Any suggestions for how to handle this problem would be much appreciated.
“obfuscation” or “scrambling” or other methods of (in)security though obscurity is in no way shape or form a secure approach to any problem, and this will always be true.
If you are worried about spilling password hashes to developers, then don’t use password hashes. Use WordPress+Oauth to authenticate.
If you are worried about developers getting other information, then give them a development database snapshot.