Be a WordPress Super Administrator !

Wordpress is the most powerful and popular blogging engine today, but it certainly has some limitations. If you are running a blog which have multiple contributors,editors or authors, you would have definitely felt the need of having an administrator to your blog.  Even if you would have given the person  admin rights, you are always insecure of what if he/she changes your password, deletes your account, changes your theme, reset other people’s password. This insecurity however can be removed by tweaking the code.

This Post will show you how you can just sit and relax while other people manage your blog and no one can take the control of your blog from you ( unless you lose your password).

You have other plugin currently available like role player and role scoper but that requires continuous monitoring on each and every new user which registers to your blog and what rights you have to give or other admins can give them. With this method you would not require to monitor your blog. Other admins can give any authority to users can even make other admins to your site but the sole owner ship lies with you.

Let me just start by introducing:

What is a Super Admin ?

This is basically a concept taken out from Joomla, a super admin is a user who has more powers than other users including other administrator of the website. If you are the Super Admin you can hire people to administer your blog and you have total control of each and everyone of them.


How do you become the Super Administrator of your WordPress Blog?

You need to make few changes to theme and to the wp-admin folder in the WordPress installation. The changes in the Wp-admin are bound to be removed in the next WordPress update but since these are 1 or 2 line changes you would not find much trouble inserting these lines again. Why do you need to change wp-admin? this is only area which would be visible to you since you own the site and that will help you in getting  the privilege you need.

Prerequisite: You should to be the admin of the site and have access to the server where your site is installed.

You just need to change 3 files to get the privilege of a Super Administrator of your WordPress blog:

1. Functions.php [..wp-content/themes/{yourtheme}/functions.php] : This will allow you to hide certain sections in your wordpress dashboard which are only visible to you. In this case I have given the privilege to the “admin” (marked in red) which is the name of the user change the name as per your requirement.

Add this code at the end of the file:

<?php

add_action(‘admin_head’, ‘hide_menus’);
function hide_menus() {
global $current_user;
get_currentuserinfo();
If($current_user->user_login != ‘admin‘) {
?>
<style>
#menu-plugins{
display:none;
}
#menu-appearance{
display:none;
}
#menu-settings{
display:none;
}
#menu-media{
display:none;
}
#menu-links{
display:none;
}
</style>
<?php
}
}?>
In the above code i have tried to hide the Plugins menu, Appearance menu, media menu, settings menu and links menu.


2. Users.php [..wp-admin/users.php] : Editing this file would restrict users including the administrators to delete your account.
Find this line in the code
if ( ! current_user_can(‘edit_user’, $id) )
wp_die(__(‘You can&#8217;t edit that user.’));
add this in the if condition
|| $userid[0] == 1 &&  $current_user->ID != 1
now your code should be
if ( ! current_user_can(‘edit_user’, $id) || $userid[0] == 1 &&  $current_user->ID != 1)
wp_die(__(‘You can&#8217;t edit that user.’));

Note: Take care that the since the admin user had user id as 1 this code is valid. You need to find out user id of your user, by try and deleting your account by some other admin account and you when you reach the confirmation page you see something like this
ID #2: RiYo8 ———–> 2 is the ID and Riyo8 is my user name.
or you can directly access your database check out the table Wp_users and find your username entry and corresponding userid.
3. user-edit.php [..wp-admin/user-edit.php]: Editing this file would restrict users including the administrators to change your password.
find this line this is the very check for a valid user id in the file

if ( !$user_id ){
……..//come line of code
} elseif ( !get_userdata($user_id) ) {
wp_die( __(‘Invalid user ID.’) );
}

and just add your user id and change it to
if ( !$user_id || $user_id == 1) { ——> again user ID you your own user
This would prompt and invalid id error when someone tries to change your password.
Although there are and can be various ways of doing this, this is what I have done and tested.
Do send me comments and queries if you have any, i’ll be happy to help.
Check out my next post where I will show you how to reset your Super Administrator password in case you have forgot you password.
Best of luck!


Ripul is a web designer and a tech enthusiast. He is an MBA & a computer science graduate.He is an advanced PHP developer and one of the founding members of 99Fusion.com. He loves web and gadgets. He currently works as a Product Manager at India's largest eCommerce portal for electronics LetsBuy.com.

Discussion

19 Comments

  1. Pubudu Kodikara says:
    April 19, 2010 at 2:09 pm

    Wow.. now this is something that i have never heard of! :D Nice post mate :D

    Reply
  2. tiffany and co says:
    May 2, 2010 at 7:05 pm

    great experience, dude! thanks for this great

    Articles wow… it’s very wonderful report.

    Reply
  3. free trial says:
    May 7, 2010 at 6:38 pm

    Great article, thank you very much!

    Reply
  4. seo says:
    May 7, 2010 at 6:51 pm

    I never, ever would have imagined I would be required to be familiar with this, but thank goodness for the internet…

    Reply
  5. Myrtice Ormiston says:
    May 8, 2010 at 7:36 am

    I agree

    Reply
  6. loose goose says:
    July 21, 2010 at 12:54 pm

    you lose a password, not loose ;)

    Reply
  7. Mau says:
    November 30, 2010 at 8:42 pm

    Does this work on WP 3? I tried step one so far and it didnt work, then the line that is to be edited on step two, does not exist in the wp-admin/users.php file, I would suppose things have changed around, by any chance, do you have any updated post for doing the same things on WP 3??

    Thanks!

    Reply
  8. Wackao says:
    December 1, 2010 at 8:17 am

    @Mau: Thanks for pointing that out,I would try this on WP3 as soon as I get some time.I would make another post on how to do this on WP3.

    Thanks!

    Reply
  9. csoftAdmin says:
    March 17, 2011 at 7:32 am

    I used it and it works great, but how can I restrict other user (apart from ‘admin’) not delete or edit post, page or any which is not created by that user.

    Reply
    • Ripul Kumar says:
      April 17, 2011 at 3:14 am

      To restrict any user from deleting my suggestion would be to make assign him the role of an author, in case that doesn’t match your requirements.
      You will have to edit
      wp-includes/capabilities.php line number 862.
      However, I would be coming out with a plugin soon and all those who have commented on this page would be given a copy of the beta version for free.

      Reply
  10. Mariam says:
    April 17, 2011 at 3:02 am

    I recently replaced another webmaster so I changed the emails and usernames in wp-users to mine. user ID is 1 so I should have Site Admin or Super Admin capabilities but I don\’t. I have tried everything so far but I still don\’t see certain menus that I need access to. Do you have any suggestions?

    Reply
    • Ripul Kumar says:
      April 17, 2011 at 3:34 am

      If you have followed the steps described in this hack, then you should go to functions.php in your theme file and look for something like

      If($current_user->user_login != ‘admin‘) {
      ?>
      <style>
      #menu-plugins{
      display:none;
      }

      The above line describes if your username is not admin then do not show the plugins menu in the admin panel. You can remove the if condition from your functions.php file.
      I am creating a plugin which would add more features to your admin interface including the super admin. I will be giving free beta copies with full support to all those who have commented on this post. You may like to undo all the changes and just wait for the plugin.

      Reply
  11. virus_cz says:
    May 22, 2011 at 1:57 am

    Same here, i need to be super-admin, and the "user" to be admin, but no success, when the plugin ?
    thank’s

    Reply
  12. Miguel says:
    June 1, 2011 at 1:40 pm

    Hi,
    How can I hide some submenus, like the "Updates" in the Dashboard menu?

    Thanks
    Best…

    Reply
    • anaa says:
      July 11, 2011 at 2:29 pm

      Menu editor wordpress plugin is great for this thing. You can easily hide anything from users and you can assign particular menu items to a particular user level as well…

      or add this function in your theme file
      function remove_menus () {
      global $menu;
      $restricted = array(__(‘Dashboard’), __(‘Links’), __(‘Appearance’), __(‘Tools’), __(‘Settings’), __(‘Comments’), __(‘Users’), __(‘Posts’), __(‘Pages’), __(‘Plugins’));
      end ($menu);
      while (prev($menu)){
      $value = explode(‘ ‘,$menu[key($menu)][0]);
      if(in_array($value[0] != NULL?$value[0]:"" , $restricted)){unset($menu[key($menu)]);}
      }
      }
      add_action(‘admin_menu’, ‘remove_menus’);

      add_action(‘admin_menu’,'my_admin_menu’);

      and add following to hide sub menus of settings
      function remove_submenus() {
      global $submenu;
      unset($submenu['options-general.php'][10]); // Removes ‘general’.
      unset($submenu['options-general.php'][15]); // Removes ‘Writing’.
      unset($submenu['options-general.php'][20]); // Removes ‘Reading’.
      unset($submenu['options-general.php'][25]); // Removes ‘Discussion’.
      unset($submenu['options-general.php'][35]); // Removes ‘Privacy’.
      unset($submenu['options-general.php'][40]); // Removes ‘Permalinks’.
      unset($submenu['options-general.php'][30]); // Removes ‘media’.
      }

      add_action(‘admin_menu’, ‘remove_submenus’);

      Reply
  13. kado bruiloft says:
    August 19, 2011 at 1:10 pm

    With havin so much written content do you ever run into any issues of plagorism or copyright infringement? My blog has a lot of exclusive content I’ve either authored myself or outsourced but it appears a lot of it is popping it up all over the web without my permission. Do you know any techniques to help reduce content from being stolen? I’d really appreciate it.

    Reply
    • Ripul Kumar says:
      August 20, 2011 at 3:41 am

      This is a genuine issue, but there not much we can do. However, the best thing to avoid being plagiarized to get your article submitted to all the search engines as soon as possible. This at-least helps to avoid being penalized by search engines. And those who copy you would not get the advantage of unique content and search engines sooner or later would penalize them. But when popular sites or top blogs copy you, you might end up on the loosing side.

      Reply
  14. Jesus says:
    August 25, 2011 at 7:01 am

    Super nice tweak, I’m using the latest wp 3.2.1, created a second admin, the thing is, if I logged in as the second admin and change the Super admin password, I noticed it actually lets it go through stating the changes were updated, yet, they weren’t, I still can login with my original Super Admin pswd, so this confirms that your tweak works, minus the obvious error which is good, gives them the impression they changed a password when they didnt after all ;)

    Reply

Trackbacks and Pingbacks

Leave a Comment