Suss Fiverr Interaction

[nextbend]

Hello,

I recently hired someone from Fiverr to help me with a Wordpress migration. After no luck with the plugins, he decided to do a FTP migration using FileZilla.

He was hesitant to show me his process and only when I requested he share his screen he would but there would be a suspicious amount of time that would pass before he would.

Then when all of the WP password information was exposed in FileZilla I randomly hear the iphone camera sound. I questioned him about it (I think he forgot to turn off his sound by accident), and he studdered and gave me nothing of a valid explanation. He did mention that Fiverr does not allow them to take screen shots and so he did confirm it was with his phone. However, the timing of this was suspiciously convenient.

Now I am worried he may still be logged into the server and my password resets are somewhat futile or if he is selling such information?

Anyways, I setup 2FA with my hosting provider as well as the wordpress website.

Is there anything else you would recommend I do?

I'm sweating a bit over here.

[botg]

Repeat this mantra with me please: Never ever share your login credentials. Never ever upload code to your webserver you haven't personally reviewed.

Whether 2FA is beneficial really depends on the particular implementation. One huge problem with many 2FA implementations is that it isn't done for each and every login attempt, or in case of HTTP, every single request, and that subsequent connections/requests don't terminate ongoing older connections/requests. Long-lived connections and session tokens may remain unaffected.

Personally, were this happen to me, I'd wipe the affected systems and start over from scratch.