recently we got contacted by a buyer stating that the theme he bought looked nothing like the theme he saw on the live demo.
We went to check the live demo and there were posts, pages, comments, menu items etc deleted aswell as another theme activated.
How could we check if there was someone who logged in? And what can we do to better prevent this?
the first step, ask your hosting provider to scan your hosting account and change all of your password immediately…
From the sounds of it, he loaded up the theme and it didn’t look like the demo (as in, not the same content or layout etc), not that he gained access to your admin to check the backend.
That’s how I read what he said?
Seems like a common client scenario where they don’t see on their Wordpress installation what they see on our demo.
Like the demo would be having widgets, custom fields, page templates, and such setup. Also the custom menu which adds to the look. But the client just installs the theme, and those initial backend setup might not have been done yet.
No there were pages, comments etc deleted on our installation and an older theme was activated instead of our symple theme.
Hé saw the older theme on our live demo and when hé bought it it was the new theme ofcourse!