We will in this piece summarize why we don’t test in a live environment when troubleshooting. We will also go over a few other things we do from a security perspective. Or don’t do.
There are a wide range of tickets submitted to our support here at Krokedil. The level of how complicated it is to solve of course varies from case to case. We dare to say that it’s usually possible to solve them quite quickly. Without anything more than guidance from us. However, it happens that we need to log in to your online store and take a closer look. It’s on these occasions that it’s important with the right conditions.
In general, there are two areas that we attach great importance to when it comes to the fact that we need to actively interact with your WooCommerce store.
Login and user account
One of the things is that we will need to log in to your store, which can be sensitive. We always advocate that the login information we receive should be temporary. You should also delete this as soon as we have done what we are supposed to do. In cases where we may need to log in again at a later time, it is better that we get a new temporary login rather than you saving something. We need a login as administrator to be able to do our troubleshooting without restrictions. Instead the restriction should be in how long we have access. This is imoportant to us. There is no reason why we should be able to log in to your website for any purpose other than troubleshooting. Not at any other time than the actual troubleshooting either.
The best thing from a security point of view is that you completely delete this temporary user as soon as the job is done. Leaving it alone is not something we recommend. But if for various reasons you want to avoid creating new users every time you need the help of an external consultant, it is good to make sure it is safe. You can set up a user account specifically for this purpose, but change the password of this user immediately after the consultant has done what they are supposed to. We also recommend that you change your password before giving out access to this account. This way you know that there is never an outsider who has access and you have secure and temporary passwords. Even during the periods when the account is not used. Limiting the account so that it does not have administrator rights during inactive periods is also a good idea in this case.
Whichever way you choose to do it, you should avoid having any other user accounts with administrator rights other than your own.
The other thing that is important in our potential troubleshooting is that we never test anything on your site if we don’t have access to your staging environment. Also known as test environment. If you do not know what a staging environment is, you can read more in the article Keep your WooCommerce store up to date, without worries.
The reason for this is that we can never guarantee that nothing unforeseen can happen. Especially not when we troubleshoot and need to test different things. We may need to turn off some plugins. Or we might need change the theme. We never do this on a page that is live and published publicly. Our goal is that we should not have to log in and test at all. But rather have you be able to troubleshoot yourself. Sometimes that is unfortunately not enough though.
We have extensive experience of developing plugins and also having support for this. We know that our requirement for a staging environment for testing can be a problem. Especially for those who have acute problems, but do not have such an environment. Therefore, it is important for us to be clear that the reason why we do not perform tests in a live environment is entirely based on a concern for your business.
In the best of worlds, neither you nor we need to troubleshoot your WooCommerce store. But when needed, it should be done in as safe conditions as possible where we avoid further problems.
In addition to the article Keep your WooCommerce store up to date, without worries that we refer to above, we also want to recommend our guide to troubleshooting in WooCommerce. Always try to learn and understand as much as possible about your WooCommerce installation and its components. The more you learn, the less the risk that you will encounter problems you can not solve.