Easily Create & Manage WordPress Temporary Users with a Plugin

Last updated on August 31st, 2018 by Robert Abela. Filed under WordPress Security Tutorials

Do you need to give temporary access to a developer or an author to your WordPress website?

If you manage a WordPress website, you surely need to give temporary access to someone so they can fix a problem or do some work on your website. Though there is a problem – the process of creating and managing temporary users can become cumbersome and can also lead to security issues.

Hence to eliminate the issues related with temporary users, our friends at StoreApps developed the Temporary Login without Password plugin.

Why Would You Need to Give Temporary Access to Someone On Your WordPress?

You’ve never had to give temporary access to someone on your WordPress website? Never say never especially if you have a business website. There are many use cases where you need to give temporary access-

  • You have an issue with a plugin and the developer needs to troubleshoot the issue
  • You give access to a graphic designer to do some fancy design work
  • You need to check inventory status and give access to the shop manager
  • You want to review a blog post and grant access to the editor

and the list can go on….

The Problem – Manually Creating & Managing Temporary Users on WordPress

The process of creating a new user on WordPress is not a big deal – you just have to specify an email address and the username. Then an email, including the password is automatically sent to the recipient. The problems though start afterward, and get worse when you have multiple temporary users.

Weak Passwords in Temporary WordPress Users

You create the temporary account, most probably with admin access and use a complex password. Upon receiving the account details, the third party changes the password to something that is easy to remember.

This might sound like a stupid thing to do but many support departments do this – they use a common passwords on all of their customers’ website so they do not have to deal with complex passwords. It is more practical for them but the security of your WordPress website is jeopardized.

Not Deleting Temporary WordPress Users

You have to also remember to delete the temporary WordPress users. And let’s face it, in most cases we all forget to do it.

I’ve seen thousands of WordPress websites, they all have users which are no longer needed. So considering that weak passwords, stolen credentials etc are the main source of WordPress hacks, no surprise so many WordPress websites get hacked.

The Solution – A Plugin to Give Temporary Access to Third Parties on Your WordPress

As the name implies, the Temporary Login without Password plugin allows you to give a temporary WordPress login to someone without needing a password. You can choose when the login expires, as well as the user role of the temporary account. Here is how it works.

Creating a Temporary WordPress Login

Once you install the plugin, a new Temporary Logins node is added to the Users menu in your WordPress dashboard. Click it and click on the Create New button to create the first temporary WordPress login.

Creating a temporary WordPress user with the Temporary Login without Password

When creating the new login, you have to specify the email address where the URL for the temporary login will be sent, the role of the user and for how long should the temporary login remain active.

Configuring the WordPress User Role and Expiration

From the WordPress security point of view this is a perfect solution:

  • It allows you to set the role, which is very important because you should never give WordPress users more privileges than they need.
  • You can set an expiry date which means you will not need to remember to delete the account. Therefore should the recipient’s email account get hacked, malicious users cannot use the link to login to your WordPress because it is temporary.

When setting the expire for the link, you can select any of the predefined options or simply specify a date.

The Temporary Passwordless WordPress Login URL

The URL for the temporary WordPress login

Once the temporary WordPress user is created you are given a URL that you need to share with the developer or whomever you want to give temporary access to. When the user clicks on the link, he or she is automatically logged in to your WordPress site. If they log out by mistake, clicking on the link again will restore their session.

Managing Multiple Temporary WordPress Logins

Managing multiple WordPress tThe URL for the temporary WordPress temporary logins

All the temporary WordPress logins that you create with the plugin can be managed from the same Temporary Logins menu node. As you can see in the above screenshot, you can disable and delete any of the temporary logins with just a mouse click. So should you have any suspicion on the activity of one of the users you can use these options.

Benefits of Using Temporary Login Without Password Plugin

The Temporary Login without Password plugin makes the whole process of giving temporary access to a third party to your WordPress website very easy. Here are the benefits of using this plugin:

  • You and your contractors do not need to hassle with long passwords,
  • The security of your website does not depend on that of third parties,
  • You get self expiring temporary login links,
  • You can create as many temporary logins as you want!

Keeping Log of What Temporary WordPress Users Are Doing

When you give temporary access to a third party on your WordPress website you need to keep an eye on their activity. You need to ensure that they are doing the work they are being paid for and also make sure they do not do anything  that could potentially damage your website or put it at risk.

To keep a log of the temporary WordPress users’ activity you should use the WP Security Audit Log plugin, which is fully compatible with the Temporary Login without Password WordPress plugin.

For example in the screenshot below, we can see that the temporary WordPress user Anekke has created and published a new post, changed its URL, uploaded a media file etc.

Monitoring the changes of the temporary wordPress users

What Can the WP Security Audit Log Keep a Record Of?

The WP Security Audit Log plugin can keep a record of any type of change on your WordPress websites and multisite networks, such as posts, pages, custom post types, plugins, themes, user profiles, menus, widgets and global WordPress settings changes.

It is WordPress’ most comprehensive activity log plugin – it does not just tell you that something has changed, but also reports what has changed.

Refer to the complete list of WordPress changes that the WP Security Audit Log plugin can keep a record of for more information.

Giving Temporary Access To Your WordPress & Monitoring Changes Just Got Easier

Temporary Login without Password is an easy to use solution that reduces the drudgery and security risks that come with creating temporary WordPress users for third parties.

On top of that then you have the WP Security Audit Log plugin which allows you to monitor what users with temporary access is doing on your WordPress.

WordPress Hosting, Firewall and Backup

WP White Security is hosted on A2 Hosting, protected with BBQ:Block Bad Queries Firewall and backed up with BlogVault online WordPress backup service

Leave a Reply

Your email address will not be published. Required fields are marked *