Site Owner & Admin Manager

Introduction

Running a WordPress site with multiple admins can be tricky. Site Owner & Admin Manager helps you keep tabs on who’s accessing your site.

It lets you limit allowed email domains for new admins, track admin logins, and get notified about unusual login activity. You can even set up emergency-use only admin accounts and force email-only logins for extra security.

Plus, it sends you a monthly rundown of recent admin logins, so you’re always in the loop. It’s like having a reliable assistant watching your WordPress back-end, without the coffee runs

Admin User List

WordPress allows any email address as a site’s administrator, and it doesn’t even need to be an active user! That’s not great for good site governance.

Site Owner & Admin Manager fixes that with a handy list of all eligible administrator users. Once chosen (and saved) the specified user account can no longer be deleted (via the UI), or have its role downgraded.

Settings > General

The site administrator user will be shown additional settings throughout the site.  These are available from the Settings > General screen:

  • Email login only – Prevent user names from being used on login
  • Administrator login notification – Receive notification emails on any admin login
  • Allowed administrator email domains – Provide an allowed domains list for new admin users (when created via UI), blocking any that don’t match
  • Enable admin session expiration (V2.1) – Admin user sessions will be restricted to only 1 hour, down from 2 days / 14 days

Per User Settings

Users in the administrator role gain additional settings which can be managed by the site administrator:

  • Opt-IN Administrator emails – Send a copy of site admin emails to additional users, acts like a distribution groups.
  • Opt-OUT emails – Shows that the user has chosen not to receive any admin related emails.
  • Emergency use only – Sends a extra special notification email to the site administrator’s email. Handy for web designers and client’s accounts.

Added Security

Administrator user accounts should be used for admin related tasks only, not day to day page edits or running sales reports.

The default 2 day session time-out has been shrunk to 1 hour for any user with the administrator role, with the ability to manually extend it back to 1 hour if required.

The admin bar at the top informs you of how long remains.

User capability checks
Every 6 hours all user accounts are checked for administrator level capabilities. Any matching users are checked against the allowed domains list and a warning email sent if required.

Owner Opt-Out

The site’s administrator user receives a special one-time link once a month. When used it will inform other administrator users (by email) that a change of user is required.

The next administrator to log in will be redirected to the Settings > General screen and a notice displayed.

Additional Features

  • Active Admin User Check: Check if the current administrator email matches an active admin user account and display a dashboard notice if it doesn’t.
  • Last Login Display: Show the last login date and time for admins on the Users screen. A monthly summary of current admins and their last login times are emailed to the site owner.