When you’re managing a site which has a decent amount of users, the worst nightmare happens just overnight. Slowly but constantly, i started to receive various email from the subscriber telling me “hey, i can’t access the website anymore, can you see what’s happening?” and when i go to check the users list….they were vanished, gone, deleted. So the only way to fix this thing was to check a previous backup and re-import the user or re-add with the proper privileges, accounts, date and linking the user again to the stripe or paypal plan they used to be assigned to(if it’s a paid membership site, for example). Being a coder and also a WP security expert i thought it was quite easy to troubleshoot, but i can tell you that it took me a while. I decided to take a basic but effective approach: working by exclusion.
The Problem-solving attitude and mindset
I am a coder and a troubleshooter, this is something that you work on a daily basis, even when you’re not on the computer. Thinking about finding solutions, solving problems it’s an attitude, and the more you grow it, the better you become. This Example of a real use case is just one of the hundreds, but i want to explain that you have to approach the problems with the right mindset first. I help a lot of people also on Facebook Support dedicated groups, and many people just don’t want to read the docs even for the basics, while they could easily fix their issue with 5 minutes. But they prefer to make a post and wait for someone. If you have a company you want the problem to be solved fast, and efficiently, so you call a specialist. If you’re a solopreneru or an hobbist, i totally recommend trying to solve things yourself, you will learn and also in the future you could help someone else with the same situation! But let’s go back to the story!
The Steps to troubleshoot and understand the issue
I decided that the 1st thing to do was to make sure my website hasn’t been hacked or there was some backdoor active that could potentially compromise the security of the site. Even if I’m always very careful and pay a lot of attention, things can happen also to me, and I wanted to make sure this was not the case.
And this was NOT the case, the site was good and there was no malicious code inside the files I examined and the DB was also clean.
Okay, maybe some users then were able to exploit the site and cancel randomly some other users? Could be. But how to track it? In this case, I decided to use a very powerful and effective plugin for WordPress called WP activity log monitor. It has various settings but what it does is monitoring your WordPress sites for changes, updates and other details you set up. In this way, I could know to discover for sure more about the issue.
This is how it works, you install and set it up and every day it logs the activity of users and also admins or the system itself, and it’s super clean and useful. After a few days…..again it happened, but this time it was logged! The message was clear: my WordPress site (system) was deleting a user…..but there was no trace on the event that launched this task. Still, this info was valuable to me cause I could exclude that it was caused by malware or by another user.
What triggers then wordpress? An automated task : a CRON JOB!
But checking the cron jobs was not enough, I needed more details, so I decided to install a plugin that would show more in detail the Crons and their activity called CRON CONTROL. It was quite useful and i totally recommend using it if you want to have more control over the cron jobs on your WordPress website
I did not spot anything at first glance…..then I found out that these cancellations were happening at the same time more or less, and the Cron that was triggered at that time was one that was added by Woocommerce!
I was able then to find a setting that was basically deleting the inactive user’s account. woocommerce seems to treat the customers as users hence it deleted the users from WordPress after x days or months of inactivity. This setting was enabled (maybe for error, or the customer may be enabled but was not aware of the fact that it would impact also on the subscribers, not only to the “customers” – not knowing they share the same user table). The setting in Italian is tricky, cause it reads like “keep inactive users”…..if you disable you will keep them, but if you set like 1 month after that time has passed, it will automatically delete them.
Deactivating the setting made it and now things were back to normal. Even if it was a simple fix, it took me time to understand what was the problem, cause when something like this happens you must always exclude somthing bad and bigger at first.
If you are having some similar issue, and you have also Woocommerce installed, i suggest you check that setting and give it a try, you could find that’s the one causing this problem also for you!