[ad_1]
Hi,
A little forewarning: I’ve been experiencing an issue with my site where when I log into wp-admin, I sometimes get redirected to /my-account with no access to the admin dashboard. I’ve found a temporary fix for this by locating wp_usermeta table in phpMyAdmin and changing the wp_capabilities and wp_user_level fields from a:1:{s:8:”customer”;b:1;} and 1 to a:1:{s:13:”administrator”;b:1;} and 10 respectively. This grants me access to the dashboard. However, the original values (customer & 1) soon return after a day or 2 requiring me to do this process every time I want to log in.
Fast forward to today…
I’ve had a customer of my website contact me saying they’ve logged into their customer account and can see 3 other peoples woocommerce orders on their account and that they can see the WordPress Admin dashboard!?
Upon inspecting ‘my orders’ on the admin account, I can see the same 3 orders. After inspecting the order details of each order, I can see the customer assigned to each of these 3 orders is myself (admin) yet I didn’t place these orders?
This must mean the customers who placed these orders are somehow accessing to the admin account and unknowingly placing their order on the admin account?
I have a feeling it’s something to do with the wp_capabilities and wp_user_level reverting back to {s:8:”customer”;b:1;} and 1 thus giving customers access to wp-admin who are then placing orders on that account hence why the customer assigned to the 3 orders in question is myself.
I understand this is likely a plugin compatibility issue but because the wp_capabilities and wp_user_level fields change sporadically, I have no way of telling which plugin is the culprit.
Here is a list of all my installed plugins:
all-in-one-wp-migration
antispam-bee
classic-editor
code-snippets
coming-soon
contact-form-7
contact-form-7-simple-recaptcha
dt_woocommerce_page_builder
enavato-market
et-core-plugin
feefo-ratings
instagram-feed
js_composer
litespeed-cache
mpc-massive
optimole-wp
print-invoices-packing-slip-label-for-woocommerce
really-simple-ssl
revslider
simple-sitemap
tinymce-advanced
trust-payments-gateway-3ds2
user-role-editor
wc-product-subtitle
woocommerce
woocommerce-paypal-payments
woocommerce-pdf-invoices
wordfence
wordpress-seo
wp-popups-lite
yikes-inc-easy-custom-woocommerce-product-tabs
Has anyone experienced similar issues whilst having any of the above plugins installed on their site?
Thanks,
Ellis