Things To Consider Before Giving A WordPress Plugin Developer Admin Access To Your Site

Have you ever found yourself in a situation where a plugin author requests administrator access to your site for troubleshooting purposes? That’s the question posed by WPBeginner along with a couple of tips to help you decide whether you answer yes or no. Over the years, I’ve given access to a couple of plugin authors for the sake of troubleshooting but I always make sure to delete their account when finished.

Recently, I found myself in a situation where the plugin author needed admin access to experience the problem first-hand. Instead of creating a new account, I scheduled a Google Hangout. Within Google Hangout is a screen sharing application. Using the app, I was able to walk the plugin author through the process of replicating the bug without giving them administrator access.

Screen Sharing App Withing Google Hangouts
Screen Sharing App Withing Google Hangouts

Alternatively, you can use the screen sharing option built into Skype. This keeps the communication channel private and most plugin developers I’ve interacted with have a Skype account. You don’t need any credits to perform a screen sharing call using data. The video sessions were scheduled with plugin developers after I exhausted all other support options.

Giving Admin Access Should Be The Last Resort

Giving administrator access should be considered as the last resort. If you need to give them access, make sure you trust the plugin author. Look at their WP.org profile as well as their support forum history. If the author has a history of being malicious, there’s a good chance someone reported them. If possible, give them access to a staging site or a sub-domain that mirrors the live site. If you need to give them access to the live site, make sure you back up everything first in case the author changes files to try to fix the issue.

When they’re finished, inspect the user administration screen to see if any additional users with administrator privileges were created. If so, delete them and find out why that was necessary to diagnose the problem. In most cases, this type of action is unnecessary and would make me highly suspicious of their actions.

Not all plugin authors have malicious intentions. The tips I outlined are precautionary measures to protect your site.

Have You Been Burned By A Developer?

With that in mind, I’m curious as to whether or not you’ve been burned by a theme or plugin developer? Did you give them administrator access and end up with a site in worse shape? Have you ever had to restore a backup thanks to a developer making a troubleshooting mistake?

If you have any additional tips or advice, you’re welcome to share them in the comments.

Who is Jeff Chandler


Jeff Chandler is a WordPress guy in the buckeye state. Contributing writer for WPTavern. Have been writing about WordPress since 2007. Host of the WordPress Weekly Podcast.

There are 23 comments

Comments are closed.