Late last night, a young agency owner published a YouTube video walking his client through his weekly status update.
In that public video, he was sharing on screen what access he had and still needed– not realizing that he was publishing the client’s various admin credentials for the world to see.
This includes admin to the website, Google Ads, and so forth.
There are millions of bots trawling the web looking for this information.
And once they get access, all kinds of havoc happen– credit card spending, ransom notes, and spam posts.
Especially troublesome is the backdoor malware that is hard to find and uninstall.
In our site audits, we uncover backdoor spam about 20% of the time– largely because of WordPress plugins that are out of date or not being supported anymore.
Back to the story of this agency owner— he got locked out and wasn’t able to get back in.
Fortunately, it was one of our guys who rescued it– using the very credentials he published for the entire internet to see.
Think about how many plugins you have on your site, how many systems your business is using, how many pixels are passing data, and how many people are involved.
It’s normal to be onboarding and removing people who are working on your business, each of them with varying levels of access.
Are you firmly in control of this?
If you have your Access Checklist locked down, you’ll never have to worry about being exposed.
This is the first of 10 components within Digital Plumbing.