Many of WordPress websites owners hesitate giving theme developers, plugins developers or support agents an admin access to their dashboard. Developers will usually ask for a temporary administrator access in order to fix issues in their themes or plugins which they could not reproduce on their own websites. Websites admins usually crane a little before sending the developer the admin access. This happens because of many reasons; the most important one is that the administrators do not usually trust the developers on their data, especially sensitive data such as users emails, eCommerce orders data or even their content (posts and pages).
Since I am a WordPress plugins developer myself, I asked many of my customers before for a temporary admin access to fix issues on their websites. A few of them hesitated or even didn’t agree on sending me the credentials. So, I thought to build a WordPress plugin to overcome this problem.
I built a simple plugin “Controlled Admin Access“. The plugin allows you to create/update/delete temporary users with a limited access to the dashboard pages.
As you see in the screenshot, this is the main page of the plugin. At this page, you can create a new user with the usual username, email and password fields. The other fields which are the important ones. Menu Access is the field where you can check the dashboard pages which you don’t want the new user to access. Moreover, you can check/uncheck sub-menu items. Obviously, plugins and users pages are already checked and disabled since the plugin would be useless if the user had an access to them.
“Expiring in” field is a where you set a time limit for the user, the user will be disabled after the selected period of time. The options of the field are Non-Expiring, 1 Day and 3 Days. You can also extend the time by editing the user in “Manage Users” page in case if the time ended. This time limit is valuable if you forgot to delete the user after he finishes fixing the issue.
I hope that you find the plugin useful to you, and please do not hesitate to send me any ideas to enhance it. Furthermore, if you liked the idea/plugin please give it 5-starts on wordpress.org.
Which area would you leave unticked if it was a plugin developer who required access? So the plugin develop needed to fix a bug in their plugin, how can they do this if you have plugins ticked as standard?
It doesn’t make sense to grant him access to the Plugins page since he can deactivate the Controlled Admin Access plugin and be having a full access anyway. In this specific case, you might need to give him full access from the start. Also, editing a plugin directly from WordPress dashboard is a bad practice.
I have the same problem as Andrew. A Plugin developer needs to get in and see what their plugin is doing to try to fix the problem. Why can’t your plugin have a master password we have to enter to access the settings/deactivation of the plugin? OR let us check all of the plugins we don’t want them to have access to and let theirs be available? OR just have your plugin by default not accessible if we uncheck the Plugins checkbox?
i have an idea to make this plugin better, make it have ability to hide certain selected plugins. So basically you’d give the admin access but he’d only be able to see the plugins that you want him to see.
This is a pretty cool idea. Thanks for putting this out there. The only option for plugins is a “yes” or “no” access, is that correct? I was hoping to limit access to only certain plugins.
Ryan
I have two admins on my wordpress site, How can I limit access to Particular Admin only, instead of locking all admins?
Hi. I like the plugin – at least what it should be doing – but a user with a limited access account can still type the URL of any admin page they want and access them. Even if it is restricted in your plugin.
I am really hoping for this matter to be fixed soon because I liked how easy it was to use your plugin.