In some cases, resolving functionality issues with a WordPress plugin requires a crucial element: “trust.” In more straightforward terms, this means granting admin access to the plugin developers. However, the idea of giving outsiders such access can be worrisome for many website owners. The concern arises from willingly handing over admin privileges to someone else and wondering how long they will have access.
There are a lot of factors that can affect the functionality of a plugin and the plugin’s developers can’t mimic every scenario. In such situations providing complete access is the only way that will allow them to dig deeper into the issue.
Here we will be looking at the different methods to create temporary admin access and the recommended way to share it with WordPress plugin developers so that they can troubleshoot the issue and provide a fix.
Also read: How to Install WordPress Locally – Windows, Mac, Linux: The Complete Guide
How to Generate Temporary Admin Access for WordPress Plugin Developers
In order to allow plugin developers temporary access to your website’s dashboard, you need to create a new admin account for them. This can be achieved in two ways, the first is to create an admin account the default way and the second method is to achieve the same, but with some additional features by making use of a plugin.
1. Creating a temporary admin user from the dashboard
This method is the most straightforward and requires the least amount of time and effort. Here, to provide temporary admin access to a WordPress plugin developer, all you have to do is create a new user from the dashboard and that’s it.
Note: When adding the new user, make sure that the role is set to Administrator.
Once you have created a new user, share all the needed information such as the login URL, username, and password with the concerned plugin developer. Once the issue has been resolved, you can delete the new user and that’s it.
2. Creating a temporary admin user with the help of a plugin
Creating an admin user with the help of a plugin offers some additional features, such as setting a time limit, having a unique login URL, or tracking when the developer logged in and how many times. All of this is not offered within the dashboard by default when creating a new user.
All of these can be achieved with the help of the Temporary Login Without Password plugin. The plugin allows you to create a new user and set a time limit. Once the set time limit is reached, the user role will expire. Also, the temporary user won’t be able to delete other existing users.
Firstly, install and activate the plugin.
Once the plugin is activated, we can start creating a new user by selecting the ‘Create New’ option.
The process is very similar to creating a new user the default way, but the plugin offers two additional options for us to configure. One is the ‘redirect after login’ and the second is the ‘expiry’ option.
The expiry section houses three different options that determine how long the newly created user role will be valid. It can be configured to be active the moment you create an account or the expiry time frame can start once the new user logins. If needed you can even set a custom time frame.
Once a new user is created, the plugin will offer a unique URL that can be shared with the concerned plugin developer. With this URL there is no need for the new user to enter any login credentials. The URL will redirect them to the dashboard.
Once the user has logged in, the Users menu will get updated accordingly. One can also disable, remove or edit the user quickly by making use of the icons on the right-hand side.
The logged-in user is also notified of the temporary access on the top right-hand side of the dashboard.
The Recommended Way to Share Temporary Admin Access With Plugin Developers
Irrespective of which method you choose to create a temporary admin user, our recommendation is to use a staging site instead of a production site to share the access. The reason for this is, that if the debug process is initiated on a live site, it may cause downtime or other issues that can affect the user experience.
A majority of the hosting companies do offer a staging site feature by default which is beneficial in a lot of ways. With it, users can deploy a staging site with a single click, without the need for a third-party plugin and once the changes have been made, pushing the changes from the staging site to the live site can be achieved in a couple of clicks.
But if you opt to use a staging plugin such as WP Staging Backup Duplicator & Migration plugin, creating a staging site is straightforward. Install the plugin from the repository and activate it.
Once activated, select ‘ Create Staging Site’ and start the cloning process.
Once the staging site is created, you will be presented with a URL to access it.
Now, log in to the staging site using your admin credentials and create a new user. Now, with the staging site, the new admin user can be created either through the default way or by making use of the plugin. After this, share the necessary details with the concerned individual.
The orange bar at the top will let the developer know that they are working on a staging site.
Once the developer has fixed the issue on the staging site, you can push the changes to the live site and delete the user. If you are using WP STAGING – Backup Duplicator & Migration plugin, only the PRO version allows you to push changes from the staging to the live site automatically.
Note: If you are providing access to a live site and not a staging one, take a full backup of your WordPress website before granting them access.
Also read: In-depth Guide on How to Optimize and Test for WordPress Accessibility
Why Do WordPress Plugin Developers Ask for Admin Access?
Now, should you give admin access to plugin developers, even if it is just temporary? If all the other standard support procedures have yielded no result, then you have no other choice. The best course of action is to provide them admin access to a staging site. In fact, it is what the majority of the plugin developers prefer.
The plugin developers’ main concern will be to fix the issue, and not to do anything that will tarnish their reputation. Plugin developers only ask for admin access as a last resort, when they have failed to recreate the concerned issue on their side.
Now, if they are not able to recreate the issue, it can lead to several problems such as
- Inability to provide a fix, which could either be a code snippet or a patched version.
- This in turn can be a cause of concern, as there exists an issue that could potentially affect a wider user base.
Once they are able to recreate the issue, they can start the debug process and provide the affected user with a patch. This in turn will also allow the plugin developer to to make changes to the plugin’s code and roll out an update, if the issue is on their side so that it doesn’t affect more users.
Also read: How to Identify and Fix WordPress Plugin and Theme Conflicts
The Risks of Sharing Admin Access
The actual risks involved when granting admin privileges include:
- Data security- The plugin developer could download all of the data and keep it indefinitely. There also exists the possibility of sharing the data with a third party.
- Misuse of privileges- They could remove existing users from accessing the dashboard, delete or edit posts and pages, upload files, and so on.
However, the degree of risk associated with sharing login access depends on a number of factors.
- Are you sharing access to a live site?
- Is the plugin developer a reputed one?
- Even if the plugin developer has been around for a while, what is their data policy for the support team?
Sharing admin access to a live site should be avoided at all costs. Now before you grant access to your website, be it live or a staging one, you have to make sure that the developer is trusted by the community.
Now, once you have covered the above-mentioned points, the next thing you need to look for is their data handling policy.
- What all data do they need to access and are they relevant to tackle the issue at hand?
- What steps does the plugin developer take to safeguard your data?
- Do they download and store any of the data or share it with others? If they share the data, is it necessary, and with whom do they share?
If the data policy has everything in place to safeguard your privacy, and the developer is a trusted one, the risks associated with sharing admin privileges are greatly reduced.
Also read: In-depth Guide on How to Remove Tracking Cookies in Your Browser
Wrapping Up
The only reason plugin developers ever need to ask for admin access is when they have failed to reproduce the issue on their side. By following the above steps, you can provide the necessary access for support while maintaining the security and integrity of your WordPress site.