This person subscribed a month or so ago and today I suddenly saw they were admin. I don;t know when this happened, how to prevent it from happening again, where to begin looking, or how serious of a security issue it is.
When i googled the email I got even more concerned as this email is a known bad actor.
[https:\/\/www.stopforumspam.com](https://preview.redd.it/zpimz8f7xgwc1.png?width=2358&format=png&auto=webp&s=2f4a2685780b10449a897a759a1665c58cfbcd04)I just set up woo commerce with my client and that’s my number one concern at the moment; Would this person have access to payment details.
The site isn’t officially launched yet so I’m tempted to wipe it completely rather than risk missing something and having it bite us later. But I still don’t know how it happened..
Could it be related to the way Contact7 form is configured?
https://preview.redd.it/9k6kremtxgwc1.png?width=1878&format=png&auto=webp&s=a3d9887caa0297a91f0655d29e9709067386035d
UPDATE: I know what happened, but don’t know how to respond. ANother “admin” made the default user role admin…………..so someone signed up and they were just given admin.
Unbelievably stupid I know.
What to do now? This unknown person had admin access for 7 days…..