Just fired my overseas worker. Should I change wordpress database password?

17 replies
He has database name, username, and password for a Wordpress website. Is this a security risk? Can he do something to the database or site?
#change #database #fired #overseas #password #wordpress #worker
  • Profile picture of the author PBScott
    Originally Posted by sitekrafters View Post

    He has database name, username, and password for a Wordpress website. Is this a security risk? Can he do something to the database or site?
    Always error on the side of safety.
    Signature

    If you don't look at this => Really Funny Shirts <= you missed something in life

    {{ DiscussionBoard.errors[8249211].message }}
    • Profile picture of the author sitekrafters
      Originally Posted by PBScott View Post

      Always error on the side of safety.
      Thanks but is it really necessary in these cases? I know nothing about Wordpress databases. He doesn't have access to the site nor access to FTP. He just has the database access information. He's not an honest guy. That's why I fired him in first place.
      {{ DiscussionBoard.errors[8249238].message }}
      • Profile picture of the author intellg
        Hi sitekrafters,

        I have many wordpress website running over web. But I do not think that anybody can harm your website from username, password and database name. He can't do anything until he has ftp and admin panel details.

        Thanks
        {{ DiscussionBoard.errors[8249285].message }}
  • Profile picture of the author cypherslock
    You can always delete the specific user from the database (as well as from the admin panel).
    {{ DiscussionBoard.errors[8249290].message }}
  • Profile picture of the author PerformanceMan
    Originally Posted by sitekrafters View Post

    He has database name, username, and password for a Wordpress website. Is this a security risk? Can he do something to the database or site?
    Yes - obviously. Get on with it.
    Signature
    Free Special Report on Mindset - Level Up with Positive Thinking
    {{ DiscussionBoard.errors[8249294].message }}
  • Ummm... yeah?
    {{ DiscussionBoard.errors[8249299].message }}
  • Profile picture of the author Jason Kanigan
    Yes, and delete his username.

    Even if his access level is low, he can still mess with things...and just might, out of spite.
    {{ DiscussionBoard.errors[8249672].message }}
    • Profile picture of the author iAmNameLess
      Originally Posted by intellg View Post

      Hi sitekrafters,

      I have many wordpress website running over web. But I do not think that anybody can harm your website from username, password and database name. He can't do anything until he has ftp and admin panel details.

      Thanks
      Really? It takes 30 seconds to destroy you then. Most WP sites can be hacked in a matter of minutes anyway.
      {{ DiscussionBoard.errors[8249695].message }}
      • Profile picture of the author BamIPD
        You should have changed everything 3 hours before firing them.
        {{ DiscussionBoard.errors[8249835].message }}
        • Profile picture of the author TheCG
          Originally Posted by BamIPD View Post

          You should have changed everything 3 hours before firing them.
          Amen to that.

          Hopefully HE hasn't changed everything by now where YOU can't get in.
          Signature

          Yes, by the way, I AM in the Witness Protection Program. I could tell you who I am but then I would have to kill you.

          {{ DiscussionBoard.errors[8249840].message }}
  • Profile picture of the author eClicker
    Yes please. You never know how someone will react after being terminated. Also you don't know what their associates will talk them into. I have tried to hire VAs in the past and have even forwarded some of them accounts with passwords. I never changed the information , they were not core to my business and nothing ever happened but you need to protect yourself.
    {{ DiscussionBoard.errors[8250203].message }}
    • Profile picture of the author sitekrafters
      He only has the database info. I changed all wordpress passwords before firing him.
      {{ DiscussionBoard.errors[8250907].message }}
      • Profile picture of the author Joel Young
        Originally Posted by sitekrafters View Post

        He only has the database info. I changed all wordpress passwords before firing him.
        Change everything that has anything to do with his connection your site. Period. Never take chances in these situations. A disgruntled worker can and will find a way to sneak in a gun.....
        Signature
        Resources, Tools and Strategies for Your Online Presence
        Website Design & Development - Document Management - Marketing Strategies - Personal Development
        CBI Web Services
        {{ DiscussionBoard.errors[8250910].message }}
  • Profile picture of the author BoJoFitz
    Originally Posted by sitekrafters View Post

    He has database name, username, and password for a Wordpress website. Is this a security risk? Can he do something to the database or site?
    I'd be concerned enough to change the access information ...
    {{ DiscussionBoard.errors[8252850].message }}
  • Profile picture of the author Paul Moss
    If the Database has been setup to accept remote connectivity, then he can gain access using the credentials he has. If not, i.e localhost only then there isn't much he can do at this point.

    I would change the passwords just for piece of mind. However, I'd be more concerned in the event he made a backdoor to your system.

    I knew someone who hired and then fired someone in overseas. The remote guy then wiped everything clean from the server using an unknown superuser account.
    {{ DiscussionBoard.errors[8252897].message }}
  • Profile picture of the author Andrew H
    He's not an honest guy. That's why I fired him in first place.
    For the sake of my curiosity can you please explain the scenario?
    Signature
    "You shouldn't come here and set yourself up as the resident wizard of oz."
    {{ DiscussionBoard.errors[8252907].message }}
  • Profile picture of the author euraffiliates
    Originally Posted by sitekrafters View Post

    He has database name, username, and password for a Wordpress website. Is this a security risk? Can he do something to the database or site?
    Normally ethical developer do not harm. At least I have not done in my 13 years of web experience, although some people did not make the final payment after I delivered the project.

    If you have doubts on his ethics, first change FTP password. Change database password too because he can have full control on database if he has access to phpMyAdmin (that does not require basic auth) or a similar script in the server.

    Thanks
    Signature
    Euraff - Next-G Affiliate Software. With all advanced tools. Know Source and Keyword behind every Non Affiliate Sale and Lead too. Automate 'Revenue Sharing Deals' with your Suppliers and JV partners. Special Edition for Multiple Website Owners. 30 days Free Trial!
    {{ DiscussionBoard.errors[8252936].message }}

Trending Topics