Potential security threat if ‘admin’ access?

Hi there,

If I let my programmer access to my woocommerce as an admin can he manipulate to deviate payments? where could I look in the woocommerce plugin to check that everything is fine? Also, in this case, would you suggest any alternatives to avoid possible threats?

Sure, the potential is there because your programmer would have full access to your site. It all comes down to how much you trust them.

But in most cases, we’d recommend creating a separate site for testing that your programmer can use to develop whatever extra functionality you’re trying to accomplish. And since payment gateways (PayPal, Stripe, etc.) have separate sandbox(testing) credentials, you can still do things like test payments on the testing site without having to worry about affecting real customers or real transactions.

A developer could drop in a trojan horse for activation when the primary site is updated. There are too many lines of code to check.

Using a developer based in your own legal jurisdiction would help in case he proves to be malicious.

A vetted developer may not be the cheapest at the outset.

Thank you @seanreloaded @lorro,

Unfortunately it is a programmer I found in Upwork….
-I understand then that I could let him build the site, and for the woocommerce set up, I could ask another more trusty to set it up. Could be one way, right?
-I did a scanning of my website on sucuri.net and everything seems ok

Hi there,

It’s hard to provide a definite answer with the current amount of information. There is always some risk involved, however, the more reputation a particular developer has (on Upwork or anywhere else) – the less they are likely to risk it. It also depends on the amount of money going through your site.

One way to go is to consult a lawyer and sign an additional contract. We won’t be able to provide this kind of legal guidance though.