Forgot shop password links to wordpress

  • Resolved julia0902

    (@julia0902)


    6 years, 3 months ago

    Hi there,

    I had a customer (it was a spam-one, but nevertheless the Problem was there and it is really a Problem…..) and he logged in in my webshop. I got an email About it. So far, so good. Next, this “customer” clicked on “forgot Password”. Ok, everything’s fine.
    Next time I checked the WordPress-table with the customer accounts, I discovered that this particular false customer was not logged in as “customer” but as “Administrator”!!!
    I deleted the customer, because this could really cause Trouble….. In the Settings, I set up that all new customer-accounts of the shop are listed as “customers” and of Course not as “admin”.

    Does anybody could help me with this issue?

    I remember one case:
    I was on another webshop, buying some Things. The next time I forgot my Password and asked for a new one (forgot-password-function). In the next step, I was not anymore on the websho-surface but on the Login-screen for WORDPRESS. I did’ not thought anything About it so I asked for the new Password. And this was a Login-Password for the Administrator of the shop! I immediately informed the shop owner About it and they changed something.
    I know that it was not the shop-owner himself who did the changes, so I can’t ask him.

    So I hope that somebody here have an idea what I could do to manage this…..

    Thank you so much!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor Gerhard Potgieter

    (@kloon)

    I would suggest you change all the passwords of accounts that has access to your admin area immediately, the only way an account can be upgraded to an Administrator account would be if someone with admin access changes the user role to Administrator. WooCommerce will not assign the admin role to any accounts, it just creates accounts with the customer account.

    My suspicion is that one of you admin accounts got hacked or the password was figured out and the user logged in and changed their account role.

    I would also double check all your payment gateway settings and even files as an admin user has access to change pretty much everything on your site so they could potentially have changed things or added malicious code to your site that would benefit them.

    Thread Starter julia0902

    (@julia0902)

    Hi,

    thank you for your quick Response! I will check my account and Change Passwords!

    Have a nice evening!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Forgot shop password links to wordpress’ is closed to new replies.