SECURITY RISK - Your own staff can steal your snapshots and go into business themselves, or sell it for $97
S
Sam Garanzini
Here's what happened. I upgraded to SaaS because GHL pushes it so much. Cool. Until almost immediately, i hired someone off Upwork to help me out, and he started asking a bunch of questions about what the other staff and i had created. Then i looked on his upwork screen capture (thank god) and realized that he was chatting with other people about how much the logic that i had spent $10,000 in labor fees to my staff to create would be worth. His plan was to slowly get upgraded to Agency User, which allows him to export the snapshot.
This software operates like a cheap wordpress theme. There is nothing safe about it from a stability standpoint for a business.
FIX: Only the owner should be able to export snapshots.
SECURITY ISSUE #2. Did you know that if you don't want your agency sub account users, your SaaS clients, to steal the logic, you should turn off access to workflows? Makes sense. There's NO other software i can think of that gives the regular user access to the logic. Can you go in the back of Evernote and change it for yourself? Bucket? Facebook? No. But did you know that if that agency-admin that has workflows turned off adds a staff member, they can give their staff MORE PERMISSIONS THAN THEY HAVE? They can give their staff access to the logic, then take their time recreating it.
We made a really amazing product on this platform, and now we're finding that every moment needs to be watched internally. I never would have gone down this path with GHL had i known it would all be so susceptible to theft. I'd never recommend GHL SaaS to anyone.
Be careful who you hire.
Log In
A
ALmoatsem ALsharhan
strangely such an important issue has not been addressed yet. High Level is known to listen to its customers' opinions. What happened?
S
Sam Garanzini
Nice. We're at 26 upvotes in the security bug section, more than anything else. I've reached out to Shaun directly about this because word is getting out that GHL is basically a ticking time bomb waiting to have all our stuff stolen.
S
Sam Garanzini
Is this still gaining little traction? GHL is such a pyramid scheme there's no reason anyone should try to build a major business on this platform. I've had some really huge internet marketers ask me about my experience and i always mention this, and all the shady losers GHL has brought in this space by making every numb nuts a "SaaSpreneur". Thanks, now anyone can take what i created.
J
JLW
Is this security issue still extant?
S
Sam Garanzini
ALSO, sub-domains can be pulled to any sub-account inside GHL once they're pointed to the servers. So technically, one sub account can use anothers' sub domains. Nor can you back up a subaccount with the sub domains in place. If right now, I was a malicious person and I delete a sub-domain in my account, even if we backed up everything with a snapshot, the entire operation goes down. Reconnecting a sub-domain will not reactivate the pages/funnels that have lost association with that subdomain. We'll have to manually set them again and when we do, all the URL slugs we have set, they all need to be redone.
K
Kyo Moura
Sam Garanzini Not sure if that is still the case. I tried on my end and it didn't let me. Are you still experiencing this?
S
Sam Garanzini
Kyo Moura YESS!!!! Just fired another employee last week who was trying to do it!
I cannot safely take on more staff, so my growth with GHL is completely limited now.
I've been talking to Shaun about it on Linked In, and that NOTHING is being done here.
K
Kyo Moura
Sam Garanzini THANKS for the heads up man. Cheers
O
Oliver Cordingley
Sam Garanzini Sales & Marketing An easy fix for this would be to have a TXT verification record, similar to how Facebook & GSC do to verify domain names