We have recently started using SuiteCRM on our web hosting.
At the time of first using SuiteCRM, we got in touch with a developer (from India) who was given full admin access + cpanel access to the web hosting where SuiteCRM is held.
The developer made bespoke customisations to SuiteCRM as we required.
Following this, we installed a plugin which had a problem so we gave access to our SuiteCRM to the plugin developer to check out the issue.
Since all of this we have changed web hosts/cpanel login password and changed login passwords for admin users of SuiteCRM.
My concern is that something could have been installed on our SuiteCRM by one of the above developers at the time they had access, which allows them to access our content remotely.
Some kind of backdoor access that sends our data or allows them still to connect.
Is there any chance this could be the case? If so, how can I stop this?
Thanks, I appreciate advice any one can give for improving security of SuiteCRM.