Need a developer or support team on your site to troubleshoot or tweak? Granting access can be done quickly, easily, and safely.
We all need a hand sometimes. Reached out to a plugin support team that needs access to your site for troubleshooting? Hired a developer to make changes or upgrades to your website? Needing WordPress support or development are common scenarios, and both often require temporary administrator level permissions.
Handing out temporary login credentials can sound complicated and risky. While it’s true that there are safety concerns anytime you hand out access to your site, handling it intelligently will minimize the risk involved. As for being complicated? It’s not.
We’ll walk through how to do it safely and quickly below!
First, create a new user in WordPress
Creating a new user account in WordPress is super simple. Just head to Users > Add New in your dashboard. It’ll look like so:
To create temporary login credentials for WordPress support or development, there are really only 3 important pieces:
- Username
- Password
- Role
The username and password will be passed to the support team or individual doing the work. The Role should be set to Administrator as pictured above. WordPress wants an email address, but it can be any of your choosing and does not need to be passed on.
With Username, Password, and Role taken care of, click Add New User. You now have a temporary admin account!
Next, pass along the info above (and then monitor user activity with one of these plugins if desired)
Again, all that needs to be handed off are the Username and Password for the new account. The team you’re working with can log in, do what they need to do, and get out.
A word of caution: the new user account you’ve created has administrator privileges on your website. This means any user that has these credentials has a great deal of leeway with what they can do on your website. This includes but is not limited to:
- Creating and deleting posts or pages
- Installing, activating, deactivating plugins
- Installing, activating, deactivating your theme
This isn’t necessarily bad, as many support teams and/or developers will need to do many of the things only an administrator can do. That’s why we’ve given it this role. It is, however, a point you should be aware of. Be sure to only give these to individuals that you trust!
As an additional safety layer, there are a number of WordPress plugins that will monitor and record user activity on your website.
Finally, delete the temporary login credentials for WordPress when the work is done!
After your issue has been resolved or the work that you needed has been done, be sure to delete the temporary login credentials for WordPress that you’ve created. Unnecessary administrator level credentials sitting around on your site is a bad idea in general from a security standpoint.
You can delete the credentials simply by navigating back to Users > All Users in your dashboard. Hover over the account name, and click delete. That’s it!
Bonus: This plugin will create self-expiring user accounts!
Rather not have to remember to delete the account when the work is done? Would prefer to send a unique login URL instead of a password?
The Temporary Login Without Password plugin checks both those boxes. Use it to generate temporary login credentials for WordPress without the hassle of manually going through the steps outlined above.
You’ll find the comments below. Do you have favorite plugins that help with ease-of-use or boost security when managing temporary logins?
