Title: Major security flaw?
Last modified: August 30, 2016

---

# Major security flaw?

 *  [James Atkinson](https://wordpress.org/support/users/james-atkinson/)
 * (@james-atkinson)
 * [10 years, 9 months ago](https://wordpress.org/support/topic/major-security-flaw/)
 * We’ve just had a user report that they clicked a link on our site and were automatically
   logged in as me, ie an administrator.
 * At no time have I ever even used this user’s computer, much less logged into 
   WordPress on it – I don’t even know them.
 * Yet they have sent me a screen grab of the site with the admin toolbar running
   across the top, and the ‘Howdy James’ greeting.
 * How has this happened and what do we do to address it?

Viewing 1 replies (of 1 total)

 *  Moderator [James Huff](https://wordpress.org/support/users/macmanx/)
 * (@macmanx)
 * [10 years, 9 months ago](https://wordpress.org/support/topic/major-security-flaw/#post-6355440)
 * Hm, I don’t think that’s directly possible, especially given how many security
   eyes have gone over WordPress lately.
 * Are you using any caching plugins, or is your site behind a caching proxy, like
   Varnish or Cloudflare?

Viewing 1 replies (of 1 total)

The topic ‘Major security flaw?’ is closed to new replies.

## Tags

 * [administrator](https://wordpress.org/support/topic-tag/administrator/)
 * [in](https://wordpress.org/support/topic-tag/in/)
 * [logged](https://wordpress.org/support/topic-tag/logged/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 1 reply
 * 2 participants
 * Last reply from: [James Huff](https://wordpress.org/support/users/macmanx/)
 * Last activity: [10 years, 9 months ago](https://wordpress.org/support/topic/major-security-flaw/#post-6355440)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics