I called in asking for help with a design issue on my new wordpress site.
After trying to figure it out for a while, he asked for my admin login credentials, to go in and try to test some things out.
I didn’t give him my actual personal admin login, but I did create a separate user with admin rights, and gave him that login info.
Right after the call I deleted the user login with admin rights I created for him.
Am I in any security risk?
It’s a brand new site, I’ll probably delete it and start over, but just wondering if the Hostgator support rep was actually trying to phish me, and if he could have seen any of my passwords somehow by having admin rights for 30 minutes.
Yes, it’s fine. It’s very common. A well-known company is not going to have a staff member trash your site.
Create an admin account for them. They’ll still be able to do anything, but you can at least delete it when they’re done.
Just make sure you have backups – which you should any way.