Support » Fixing WordPress » Giving Admin credentials to get help

  • Hi,

    I just updated the theme I use with my WP website, but now I face a compatibility issue with that theme and WP 5.6 (the theme was working fine with WP 5.5).

    So I asked help to the theme developper, here is his answer:
    “To better assist you please provide your wp-admin details (access to your WordPress dashboard) and we will check it.”

    I’m feeling confused about this demand: obviously if I give my admin credentials to the developper team, there is a risk. What if he messes up with my website? What if my credentials fall into the wrong hands?

    I plan to create a new user instead, with editor rights, but I’m not sure it will be sufficient for his need.
    Do I need to create an administrator user account instead?

    I’m just not sure how to proceed.

    Your help is very much welcome,

    Thank you in advance,

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator Yui

    (@fierevere)

    ゆい

    Hi, @needhelpwiththat

    If there is a theme compatibility issue with 5.6 the theme’s developer can fix it on their end, and release an update for the theme.

    To make sure it is a theme problem and not a plugin conflict, please attempt to disable all plugins. If the problem goes away, enable them one by one to identify the source of your troubles.

    If you can install plugins, install “Health Check”: https://wordpress.org/plugins/health-check/ On the troubleshooting tab, you can click the button to disable all plugins just for you, while you’re still logged in, without affecting normal visitors to your site.

    If the problem persists, then it’s the theme and you can let the theme’s developer that they need to fix it.

    As Yui said, on these forums giving credentials is not allowed. And still not a good idea outside of these forums either.

    Kind regards!

    Thread Starter NeedHelpWithThat

    (@needhelpwiththat)

    Hi guys,

    Thank you so much for your help, much appreciated 🙂

    So I’ve disabled all plugins (except Wordfence): the problem remains.
    My conclusion is that the theme has an issue.

    I am going to let the developper know about this, and I’ll also let him know I’m not going to give him administrator credentials.

    Initially, I found an interesting article that suggests it can be acceptable to give a developper administrative credentials: https://www.wpbeginner.com/opinion/should-you-give-admin-access-to-plugin-developers-for-fixing-bugs/
    But they do mention to give the developper credentials to a staging site, not to the live site.
    As I don’t have any staging site at the moment, I hope the developper will be able to release a fix on his side.

    I’ll keep you updated.

    Thanks again guys,

    and Merry Christmas,

    Thread Starter NeedHelpWithThat

    (@needhelpwiththat)

    Hi,

    Here is the answer I received from the theme developper:

    “Before making any changes on the customer’s website we recommend to do the website backup.
    Please note that if you provide access to your website, only our company has it, we do not share it to any 3rd parties.”

    Despite that guy says “only our company has it, we do not share it to any 3rd parties”, I know, and he probably knows too, that it’s not a secure practice. What if this company is already compromised when I give him my credentials? They will then fall into wrong hands.
    Given the recent Solarwinds disaster, I think enforcing best security practices is a must for every company, whether small or big. I understand in order to fix the issue it will be easier for them to work directly on my website, connected as an admin, but they have to understand it’s not a secure practice at all. Nobody would actually have to give his admin credentials to any 3rd party, and I believe nobody should actually being asked to do so, no matter what company it is. Would you give your house keys to a plumber while you’re away for him doing whatever he wants in your home? Of course not.

    So I’m disapointed: I already paid them 1 year support subscription renewal only because of that issue, and now, I feel like I have to give them admin credentials, or accepting to revert back my website to WP 5.5 which is not secure as I assume WP 5.6 is more secure than WP 5.5.

    What is your advice guys?

    Thank you again,

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.