One of the most common dilemmas faced by WordPress website owners is whether or not to grant admin access to theme and plugin developers or support agents. While developers often request temporary admin access to troubleshoot issues, website administrators are understandably cautious. The primary concern? Trust, especially when it comes to sensitive data like user emails, eCommerce orders, and content.
The Trust Gap
As a WordPress plugin developer myself, I’ve frequently encountered hesitancy from clients when asking for temporary admin access to resolve issues on their websites. Some clients have even outright refused to share their credentials. This led me to think about a solution that could bridge this trust gap while still allowing for effective troubleshooting.
Introducing “Controlled Admin Access”
To address this issue, I developed a WordPress plugin called Controlled Admin Access. This plugin provides a secure way to grant temporary, limited access to your WordPress dashboard. It’s designed to give you peace of mind while allowing developers to do their job efficiently.
Features of Controlled Admin Access
Here’s a rundown of the plugin’s key features:
The main page of the plugin allows you to create a new user with standard fields like username, email, and password.
Menu Access Control
The real magic happens in the “Menu Access” field. This is where you can specify which dashboard pages the temporary user can or cannot access. You can even drill down to sub-menu items. By default, the plugin already checks and disables access to the plugins and users pages, ensuring that the temporary user can’t compromise the plugin’s functionality.
The “Expiring in” field lets you set a time limit for the temporary user. Options include “Non-Expiring,” “1 Day,” and “3 Days.” If you need to extend the time, you can easily do so via the “Manage Users” page. This feature is particularly useful if you forget to deactivate the user after the issue has been resolved.
Why Time Limits Matter
Setting a time limit for temporary users is not just a convenience; it’s a security measure. If you forget to deactivate a user, the time limit ensures that their access will automatically expire, reducing the risk of unauthorized activities.
Introducing the Pro Version: Enhanced Security and Control
For those who are looking for even more control and security features, the “Controlled Admin Access” plugin offers a Pro version. This premium version comes with a suite of advanced functionalities designed to give you complete peace of mind while managing temporary admin access. Let’s delve into these features:
Plugins Internal Pages
Gain granular control over plugin-specific pages. For instance, you might want to grant access to the WooCommerce Settings page but restrict the Payments Gateways tab. The Pro version currently supports WooCommerce, Easy Digital Downloads, and BuddyPress, with plans to extend support to more plugins.
No Password Login
To make the process even more convenient, the Pro version allows you to generate a secure login URL. The temporary admin can use this URL to log in without needing a password. You can also disable password-based login for these restricted accounts, adding an extra layer of security.
Keep a detailed record of all actions performed by the restricted admin. The Pro version logs more than 20 different activities, including plugin management, theme switches, data exports, and post publications or deletions.
If you decide that a restricted admin no longer needs access, you can remotely log them out from all devices and locations. This immediate action ensures that no unauthorized activities can occur once you’ve decided to revoke access.
The “Controlled Admin Access” plugin aims to make the process of granting temporary admin access less stressful and more secure. It allows you to maintain control over your WordPress dashboard while still enabling developers to troubleshoot issues effectively.
I hope you find this plugin useful, and I’m open to any suggestions for improvement. If you appreciate the functionality it offers, please consider giving it a 5-star rating on wordpress.org.