Don't give away the keys to your store! Never post your WordPress log-in details!
This morning I was catching up on emails and received a very alarming notice. Now, I'm not going to call anyone out, but this email impelled me to write this blog post right away.
I'm a frequent user of the WordPress.org forums, which is an excellent resource to get help with self-hosted WordPress sites. However, posting pertinent information on the forums, just like any public site, is a no-no!
One of the users (a web designer) of the forum was seeking help for an error message on his client's website and posted the log-in details on the forums. YIKES!!
I'm not sure if the designer needed a good dose of caffeine, a brain scan, or was in such a panic that he/she felt it necessary to post the administrator username and password on the forum to get help faster.
Your username and password for your WordPress blog or ANY other place you log-in is PRIVATE!! It should never be shared with ANYONE! If you have someone work on your site, give them their own unique log-in details and when they're done, remove them.
Think before you post! If you hire someone, make them sign a non-disclosure agreement (maybe it will put a spark under their butt to remind them that your pertinent information is sacred) . And monitor your webmasters to make sure they are using common sense, protecting your data, and know what they're doing.
Leave Your Feedback
Do you have your webmaster sign a non-disclosure agreement? What would you do if your web designer posted your log-in details on the web? How do you monitor your WordPress admins? Leave your comment below.
Securely yours,
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan
Yikes is right. Man what a stupid thing to do.
Great article! thx!
Got 2 great plugins i’m using totally FREE)
1.Jumpple – If something is wrong with your website,Jumpple will notify you via Mail,SMS,Skype,Google chat and more.Does it work? it works great!
2.SweetCaptcha – Got a CAPTCHA on your website ? you and your users hates it? sure – we hate it too…
That is why we invented SweetCaptcha! Design it yourself or choose a ready design from the categories.
Cheers,
Josh.
And just imagine you’d just hired this turkey to fix your blog…!
Tx
Al
Wow! That’s spooky stupid. I use non disclosures, but you never think that it should have to include such obvious security related things.
Wow! That’s really a brain blimp. I try to only give my clients Editor or lower privileges and restrict the number of admins. I counsel my clients on how absolutely critical it is that they keep their admin login secure and change the password periodically. I can’t imagine any of my clients posting on the forums. They usually turn to me for that kind of help. I give them the admin login info, but tell them that’s only in case I’m not available and they should login with their editor or contributor user when they are adding new posts.
I don’t know about people sometimes.
I’ve done some really stupid things in my life and most of them happened because I just didn’t expect that bad things will happen. I was told long ago there was a big difference between trusting people to do the right thing and being stupid.
I hate being completely locked down at every turn. But I also love my close friends, family and NAMSters. If someone divulged my private access content – on purpose, maliciously or not – that would be the end of that relationship. In any sense. (I really hope my wife never does that. I’d hate to see her go…)
That’s just too dumb. Especially for a web designer!
dp
The world is a better place because Regina is in it! Good catch.
Holy moley, bat friends. Talk about irresponsible, nit-witted things to do!
I hope the customer fired the developer.