Security when hiring freelance developers

Q: I am planning on getting some freelance developers to work on my website. I am concerned that if I give them access to the back-end of my WordPress system they could quite easily go in and change my PayPal email and have any payments go to an account of their choice. Any suggestions to prevent/control this?

A: Theoretically there is nothing to stop them. If they are decent PHP programmers they could alter the process files themselves, so no trace of the orders would ever appear. Try to make them all sign contracts and also try to buy some of your own products after they finish.

When hiring developers for an e-commerce, it is better to hire one reputable developer that is well known than several ones that no one else knows. Its kind of like hiring a cleaning service for your house. If they were good robbers, you would never know they stole something. To protect yourself, you would hire a cleaning system that all your friends use.
When you need help and for Jigoshop, post your request in Forum. Then, when you get a reply click on freelancer name to view his profile. What you are looking for is a large number of posts and started and/or replied, which indicate the person is probably reputable among the community.
You get what you pay for. If you don’t use a reputable Jigoshop or JigoWatt developer or involved community member you might be getting a lower cost, but at a great tradeoff that:

1. they might have no idea how Jigoshop works, and

2. might not be the nice non-robbing developers you thought they were.

The best way you can check for damage is to save a copy of all of your files offline. Then use a program to run a code compare and look for signs of unauthorized tampering, such as obfuscated code, added links to third parties or anything in general mentioning PayPal.

You could also hire a second developer to go in and check the work of the first freelancer guys.