We're getting work done on our site and the guys who are fixing different areas needed our cpanel and wp-admin details (for filezilla and other I think). Is there anything we should be making sure of before letting others log in such as hiding anything or making the access limited etc.? Thanks.
Sign a legal agreement with them, make sure you've payed them as negotiated, and change all passwords after work's done.
It's a weird thing because in a way your stuff is never really secure if you don't host yourself. Your hoster has a root password and can see all your files whenever they want. So it depends, if you trust those webdesigners enough do it, if not, just give them an ftp account and backup everything first. A legal agreement is also good but it can get complicated if the people you work with are from another country.
A legal agreement is great if you can afford to pay a legal battle..... I would pass the details and then change all the passwords after the work has been carried out. Also reference the company you are using! They should be happy to share some other clients with you so you can check them out.
Obviously you should change passwords or create a separate account for the people you work with. A legal document doesn't mean that you are going to court, at least not initially. It just has a psychological impact that you are willing to take action if someone screws with you.
Whenever I've had to work on somebody else's blog they would create a separate account for me with extensive but limited abilities to change things. This would allow me to do my work, send it to them, and yet they were completely sure that I wouldn't hijack their blog. If that's an option that is available to you, you should do that.
Sure, having a legal agreement doesn't mean going to court. It just makes you feel more comfortable with the guys, and makes them less relaxed in dealing with you. Trust is important. Don't deal with the guys you don't trust. It often spoils client-designer relations
A safe option is to simply not give them access. Instead, you could give them a zip of all your files and a dump of your mysql database, or simply a cPanel backup of it all. If they are decent at their jobs, this shouldn't be a problem for them. They would then do their development work locally (on their computers) and give it all back to you when they are completed. You'd then need to upload the new files and replace the MySQL database on your site with what they give you. If that sounds like too much headache or hassle, I'd just give them the credentials... but I'd definitely backup your entire website before giving them access or before uploading their changes. You probably planned on doing that anyway, but it never hurts to mention it! You'd be surprised at how quickly someone can accidentally ruin your website.