Unauthorised website backup

  • Unknown's avatar
    samnireland · Member ·

    Hello, we had a problem with the ShopLentor plugin on our website (formerly WooLentor).

    The customer service asked if we could make them a temporary admin to fix the issue.

    They fixed this issue after several days however before leaving we can see they have taken an entire backup of our website with the all-in-one migration plugin with their admin login still active.

    We find this highly concerning and a security risk, not to mention they can now copy our entire store.

    We have now had to change all our login passwords as well as our payment gateway api keys, however we are unable to change all our paid for plugin license keys.

    Are there any other recommendations we need to take to keep our website safe for the future? for example is there a database password we need to change? What information will be recoverable from the backup?

    As you can imagine we are extremely angry with the company for doing this without our consent and we find it highly unprofessional.

  • aleone89 · Staff ·

    Hello there,

    Many thanks for reaching out.

    Are you able to confirm the URL of the website that you need assistance with please?

  • Unknown's avatar
    samnireland · Member ·

    Hi Aleone,

    Thank you for your concern, after speaking again with the developers they issued a lengthy apology for not notify us, they explained that the reason was to not affect our live site and also to be able to restore the website if a problem had arisen.

    We have taken all the appropriate security measures by changing our passwords, apis and sql database password. We believe this should be sufficient, we have also saved the relevant evidence for future reference if a problem was to rise.

    So this problem has now been rectified and you can close the case. Thank you

  • Unknown's avatar
    helper-heroponriki · Member ·

    So this problem has now been rectified and you can close the case. Thank you

    I do need to clarify a few things as there are three different “WordPress” at play here:

    1. The free, open-source WordPress software which powers your website.
    2. WordPress.org which is the open-source project that works on the WordPress software and where you can get the software for free to use on your own hosting provider.
    3. WordPress.com which is a managed hosting provider of the WordPress software and with whom you’re contacting now.

    It sounds like your site is not hosted here with us and as such there would be nothing we can do to affect or advise on your website if problems would arise in the future. We can only help with sites hosted on our platform.

    In the future if you need help, please reach out to the WordPress community or your hosting provider for guidance:

    https://wordpress.org/support/forum/how-to-and-troubleshooting

    I hope that clarifies things!

  • The topic ‘Unauthorised website backup’ is closed to new replies.