fbpx

Best Practices for Creating and Sharing WordPress Admin Accounts Safely

Creating and sharing admin login credentials for your WordPress site is a common necessity, especially when you need to grant access to another party for tasks such as content creation or updates, website maintenance, or technical troubleshooting. While sharing your admin login might seem like the simplest solution, it’s fraught with potential security risks and inconveniences. In this blog post, we’ll explore the best practices for creating and sharing admin logins safely and efficiently.

The Pitfalls of Sharing Your Admin Login

At first glance, sharing your existing admin login details with another party might appear to be the easiest route. However, this approach requires you to expose your password, which can be particularly risky if you’re using the same password across multiple accounts—a surprisingly common practice among internet users. You could temporarily change your password before sharing it and then change it back afterward, but this is cumbersome and impractical if the other party needs access again in the future. Moreover, since you’re already in your dashboard, it makes more sense to take a few extra steps to create a separate admin login for the other party. This ensures that your own password remains secure, eliminates the need for constant password changes, and allows you to easily enable or disable access as needed.

How to Create a Separate Admin Login

Creating a separate admin login for another user on your WordPress site is straightforward and enhances security and convenience. Here are the steps:

1. Log in to your WordPress dashboard.

2. There are several ways to initiate the add new user request:

2a. From the top-bar menu, go to New → User, or;

2b. From the side menu, go to Users → Add New User, or;

2c. Go to Users, then click the Add New User button.

3. Fill out all the required fields.

Pro-tips:

3a. Username can have spaces or even in languages other than English, but please, please, please avoid using easy-to-guess usernames like “admin”, “siteadmin”, “mainadmin”, etc. When your username is easy to guess, you make attacker’s job 50% easier!

3b. Make sure to set the Role accordingly:
Subscriber – Can visit website frontend if it’s password locked.
Contributor – Can login to backend, can create their own posts/pages but cannot publish them.
Author – Can publish and manage their own posts/pages.
Editor – Can publish and manage anyone’s posts/pages.
Administrator – Can manage the website including installing plugins/themes, etc.

4. Click “Add New User” to complete the process.

This method ensures that each admin has their own login credentials, keeping your password secure and making it easy to manage access.

One crucial requirement for creating an admin account is that it must be linked to a unique email address. This usually isn’t a problem, as most internet users have an email. However, this requirement can become a challenge in special circumstances, such as when an email address is not available or when creating admin accounts for multiple users at once. This leads us to an alternative solution for sharing admin access without the need for individual email addresses.

When Email Addresses Are a Challenge: Temporary Login Without Password

In situations where creating multiple admin accounts is impractical or an email address is not available, the “Temporary Login Without Password” plugin offers an elegant solution. This third-party WordPress plugin allows you to create temporary admin logins without needing an email address.

Introduction to Temporary Login Without Password

The “Temporary Login Without Password” plugin simplifies the process of sharing admin access. It enables you to create temporary login links that can be shared with others, granting them admin access for a specified duration or until you decide to revoke it.

How to Use the Plugin

1. Go to Plugins, then click Add New Plugin.

2. Use the keyword search field, search for Temporary Login Without Password.

3. Click Install Now, then Activate.

4. Once the plugin is activated, you should be redirected to Temporary Logins main page. Otherwise, go to Users → Temporary Logins. Click Create New.

5. Fill in actual or fake email address, doesn’t matter as you will only need the link,

  1. Specify the role (Administrator, in this case), the expiry duration for the link, and optionally, a user’s email or name for reference.
  2. Share the generated link with the intended party. They’ll be able to log in as an admin without needing a password.

5a. Make sure you select the right role for whoever you want to grant access to;

5b. Redirect After Login – lets you decide where you want the person to be redirected after login. This is really useful as users will not need to wonder around to find their ways after login.

5c. You may set the login link to expire after certain period. The choices are self-explanatory.

6. Click Submit, and you will be redirected to Temporary Logins main page and see all the logins created so far.

6a. Click the “link” icon to copy the login link, which you may share with the other party. You may share the link by pasting it in email, or WhatsApp message. The link will look long and complex, make sure you copy and paste without missing any characters.

6b. Click the “pencil” icon to make changes to the login link, eg change role or set a new expiry date.

6c. Click the “padlock” icon to disable the link, or the “cross” icon to delete the link.

Conclusion

In summary, when it comes to creating and sharing admin accounts in WordPress, the golden rules are straightforward yet crucial for maintaining the security and functionality of your site:

  1. Trust is Key: Only grant admin access to individuals you trust implicitly. Admin roles come with significant power over your site, so it’s vital to ensure that only responsible and trustworthy individuals have such access.
  2. Role Appropriateness: Not everyone involved in your website needs admin access. Evaluate the specific needs of each user; if their role is to create content, then assigning them as a contributor or author is often sufficient. This not only minimizes security risks but also helps in keeping your site organized and roles clearly defined.

By adhering to these principles, you can ensure a secure and efficient management of your WordPress site, keeping it safe while fostering a productive environment for all users involved.

Picture of Dean Loh
Dean Loh
Dean's been in the web game since way back in 2000, surviving the Y2K scare and riding the rollercoaster of the Internet's ups and downs. He still gets a kick out of building websites, but these days, he's all about keeping them safe and sound. That's why he started WebSifu - protecting websites is where it's at for him now!

Ready to choose happiness?

There’s a reason you ended up here today; we dare say it wasn’t just because you had some free time to click around. You likely have a problem that needs solving, and in searching for a solution, you found us. We hope to be the solution you’re looking for!

Switching to WebSifu is a breeze! It all starts with your decision to choose happiness, and from there, we handle everything else. That includes reaching out to your current vendors – your hosting provider, your domain name provider, and even your developer – to seamlessly transition the management of your website to us.

Still not sure? Go ahead and have a chat with us!