Prevent admins from changing other admins password/email

  • I have a site with more than one administrator role. I need other administrators to be able to change the passwords and a few other things for regular users. However, I am worried my admin password or email could be changed by another admin to lock me out of the site. How can I allow another admin the ability to make changes to all the other user accounts (non admin role) but not be able to change my password or email?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • You need to download custom role manager plugin for wordpress

    and set role for other admins remove password update permission from them this will help you.

    I am worried my admin password or email could be changed by another admin to lock me out of the site.

    If all you’re concerned about is being locked out, then that should really not be a concern at all — unless these untrusted admins also have full access to your hosting account.

    That’s because even if you’re locked out of WordPress — even if your account is totally deleted, you can still change your admin password, create a new admin account, remove the rogue user(s), etc… directly from the site’s database (using something like phpMyAdmin or whatever database management tool your host provides).

    So as long as you’re the only one with access to your hosting account, the particular risk of being locked out of your own WordPress is easily mitigated.

    But what if your rogue admins totally nuke the site?

    That’s one of a million reasons to regularly back up your site. Even if your host claims to back up your site, set up an additional layer of backup under your direct control. Every site I touch gets a free WordPress backup plugin sending nightly backups to a free Google Drive account (15GB free).

    But let’s get to the meat of the specific question you asked.

    The general approach, which is what umarzaki suggested above, is to use a plugin such as User Role Editor to customize the capabilities of individual users or roles.

    But note that if you merely stop their ability to change your password, being admins, they can also disable the role editor plugin or even install new plugins to override whatever restrictions you put in place.

    So to effectively implement the solution approach you’re taking, you’ll need to lock down these admins’ capabilities so much that — in essence, their capabilities might not resemble that of the default admin role at all.

    So perhaps you need to re-think the problem:

    Why did you make these users admins, to begin with?

    Do they really need to do everything an admin can do except change your password?

    Or was there just one thing they couldn’t do and you took the shotgun approach of making them admins so they could do just that one thing?

    Perhaps rather than giving them the Admin role and then trying to remove capabilities from them, maybe you should rather give them the Editor role and add the specific extra capability they need?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Prevent admins from changing other admins password/email’ is closed to new replies.