Beginner's Guide for WordPress / Start your WordPress Blog in minutes

Should You Give Admin Access to Plugin Developers for Fixing Bugs?

We have been often asked by users if they should give admin access to plugin developers for fixing bugs on their website?

If it is a free plugin, then you can easily switch to a different one. However, if it is a paid or a custom plugin then you may want to get it fixed.

For some issues, developers may not be able to find the bug and fix without access to your website.

In this article, we’ll address if you should give admin access to plugin developers for fixing bugs and how to do it safely.

Giving admin access to developers safely

What is Admin Access for a WordPress Website?

Admin access for a WordPress website means login access to the WordPress admin area with the administrator user role.

Giving access to the administrator user role for your WordPress website should make anyone feel uncomfortable.

That’s because a user with the administrator user role has full access to everything on your website. They can install plugins or themes, modify code, update the WordPress database, or even delete user accounts.

To learn more, see our beginner’s guide to WordPress user roles and permissions.

For WordPress security, you need to always protect admin access to your WordPress website.

Why Developers May Need Admin Access to Your Website?

When you report a bug and ask for support, the first thing most good developers do is try to reproduce the issue on their testing site.

If they are able to recreate the issue, then they can solve the problem and update the plugin.

Now, if they can’t replicate the issue that you’re reporting, then it’s impossible for them to fix it.

You’re probably wondering, why can’t these developers replicate the problem that you’re having?

Well, that’s because each site is different.

For instance, there are different web hosting environments and different combinations of WordPress plugins and themes. One or more of these variables can be causing the issue.

When a plugin developer is testing their plugin, they don’t have any other plugins activated, and they’re using the default WordPress theme.

This is why sometimes the bug that you encounter is specific to your site. Maybe it’s a bug with a theme that you’re using or with a combination of other plugins that you have installed.

In order for plugin developers to fix the bug, they must know what’s causing the issue. This is why they ask for your WordPress admin access, so they can have all the same variables.

Should You Give Admin Access to Developers?

Yes, you should give admin access to your website to trustworthy developers so that they can identify the issue and fix it for you. However, the site you share doesn’t need to be your actual live website.

You see, developers want access so they can see the issue with the same hosting environment, plugins, and theme.

If you can make a copy of your website under the same hosting account, then it would have all those variables in place, while still keeping your real website secure.

This temporary copy of your website is called a staging site.

A staging site is a clone of your live website that is used for testing changes before making them live.

Staging sites help you catch errors, so you don’t end up breaking your live website. They also help you safely give access to developers to make changes and troubleshoot bugs.

Method 1. Share Admin Access to a Staging Website

Many of the top WordPress hosting companies come with the option to create a staging site with one click.

You should first contact your WordPress hosting provider to see if they offer a 1-click staging site for your WordPress installation.

For more details on how to do it yourself, you can see our tutorial on how to make a staging WordPress site.

After you have setup your staging website, you need to log in to the admin area and add a new user account with the administrator user role.

After that, you can share this new admin user account with the plugin developer.

Developer account on a staging site

They will be able to login to your staging website and make any necessary changes.

Once they have fixed the issue, you can review your staging website and delete the temporary user account you created.

You can now deploy all changes to your live website. This will overwrite your live website and replace it with the staging version.

Note: Some WordPress hosting companies allow you to create a staging site after installing their helper plugin.

The downside of such a staging site is that the admin on the staging site will be able to deploy the changes to your live site without your approval.

In that case, we would recommend you to use the manual method instead.

Method 2. Share Admin Access to a Manual Staging Site

Not all WordPress hosting companies offer 1-click staging websites.

In that case, you may need to manually create a staging website. This staging website will be a copy of your live website.

First, you need to login to your hosting control panel and create a new subdomain for your staging website (e.g.

Creating subdomain for your staging site

Next, click on MySQL Databases icon located under the Databases section in your hosting account dashboard.

Create database

On the next screen, provide a name for your database.

Then click on the Create Database button.

Staging site database

Next, you need to create a MySQL user for your database.

Scroll down to the MySQL Users section and provide a username and password for your new database user.

Add new database user

Finally, you need to associate the user account to the database you created earlier under the Add User to Database section.

Simply select the new user in the dropdown, make sure your new database is selected, and then click the Add button.

Add user to database

You will be asked to select privileges for the user.

Go ahead and select ‘All Privileges’ checkbox and then click on the ‘Make changes’ button.

Add user privilege

Your database is now ready to be used for your staging website.

Next, you need to install and activate the Duplicator plugin on your live WordPress site. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to click on the Duplicator menu in your WordPress admin sidebar and click on the create new button.

Create new package

Follow the on screen instructions to create a duplicator package for your website.

Once finished, you need to click on the ‘Download Both Files’ button to download the duplciator package to your computer.

Download duplicator package files

You’ll need to upload both of these files to the file directory of the subdomain you just created. For details, see our guide on how to use FTP to upload files to your WordPress website.

After that, you need to open a new browser tab and enter the subdomain of your staging site like this:

Don’t forget to replace staging with the actual subdomain and with your own domain name.

This will launch the Duplicator installer wizard click on the Next button to continue.

Now, you’ll be asked to provide the database information. Enter the database details you created earlier.

Enter database details

After that simply follow the onscreen instructions to continue. Duplicator will unpack the WordPress package and install it for you.

Once finished, your staging website will be ready to visit. However, it is publicly accessible by anyone on the internet including search engines.

Let’s change that.

Login to your WordPress hosting account dashboard and and click on the directory privacy icon.

Directory privacy

Next, you need to select your subdomain folder and then select the option to ‘password protect this directory’ checkbox.

You will be asked to provide a name for this setting, and then enter a username and password.

Password protect directory

Don’t forget to click on the Save button to store your settings.

Note: You’ll need to give this username and password to the developers so that they can access your staging site.

Finally, you need to login to the WordPress admin area of your new staging website and create a new temporary user account to share with developer.

Developer account on a staging site

Once the developer has fixed the issue, you need to delete their user account.

After that, you need to move your staging site from Subdomain to your root domain.

Method 3. Share a Temporary Login Access (Less Secure)

This method allows you to create a temporary account that allows developers to login to your WordPress website. You can set a fixed time duration for the session and it will automatically expire after that.

Note: This is less secure and will give a third-party developer complete access to your website. Only use this method if you trust the developer and understand the risks involved.

The first thing you need to do is install and activate the Temporary Login Without Password plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Users » Temporary Logins page and click on ‘Create New’ button to add a new temporary login account.

New temporary login

This will show a form where you need to enter information for the temporary login you want to add.

First, you need to provide the email address for the developer and then their first and last name.

Login details

Click on the Submit button to continue.

The plugin will now create a temporary login URL. You need to copy this URL and send it to the developer you want to give temporary access.

Temporary login link

Once the developer has finished fixing the issue, you can delete this temporary link otherwise it will automatically expire after the period you set during the login creation.

For more details, see our tutorial on how to create a temporary login link in WordPress.

We hope this article helped you learn whether or not you should give admin access to plugin developers to fix issues on your website.

You may also like our article on how to track user activity in WordPress and the best WordPress security plugins to protect your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

12 CommentsLeave a Reply

  1. Thanks for the article, I totally get the need for trust / co-operation.
    1. What about sending a backup of your site to the plugin developer and letting them create a staging site?
    2. But perhaps the bigger issue, for me, is whether you’re exposing yourself to fraud if you’re running an eCommerce site and pass access to a plugin developer?

  2. David,

    Thanks for leaving a comment. First, we did not say it is the web hosting companies’ jobs to do this.

    However from our experience, when you ask nicely most of them are happy to do this for you. Specially if you’re on a cPanel web host. Why?

    Because it takes literally few clicks to move an existing site to a new subdomain on the server end.

    I won’t get in a debate about WP is easy to use or not because that’s your opinion. I have success stories of users who started learning from WPBeginner in 2009 and today are running successful web design agencies of their own. Others who have started much recently and used our resources to build a website which helped them grow their businesses.


  3. Great article except for the part where you lead users to think that it is somehow the web hosting companies job to set up a test environment for them. This isn’t true. While many hosting companies have support staff who are well-versed in WordPress and other software, it isn’t part of their job to set up a test site for a user.

    In fact most hosting companies have specific clauses prohibiting help with 3rd party apps. I realize your articles are geared towards WP n00bs, but if they aren’t capable of replicating a WP install, then they probably shouldn’t be using WP to begin with. Or better yet, they should hire a knowledgeable Developer to do it for them.

    WP is deceptive in that to USE it is very simple, and most anyone can do it; but to CUSTOMIZE it requires knowing what you’re doing. It’s not all “push a button and it’s going to be just like I want it to be.”

    You do a disservice to your less knowledgeable readers by giving them the wrong information.

  4. I’ve had excellent support from reputable developers, and I like to return the favor by providing a great review.

    I think another key is to provide a clear description of the issue, and screencasts are very helpful.

  5. I would add that you should ALWAYS ask the developer to let you know exactly what the problem is and which files they changed to fix the problem… Especially if you give them FTP access.

    I’ve seem developers go in and change the core of a plugin that was not theirs, then when that plugin updates, the whole situation returns.

    If there is a conflict with a specific plugin, I always inform both developers and create a public thread somewhere – whether on or one of their sites – and direct both developers to that thread. This way they can (hopefully) work together to fix the issue.

  6. Hi wpbeginner,

    Thank you very much for this great article this is exactly what I need to know about what if I should give the plugin/theme developer admin access or not and what can I do about that.

  7. This is great guidance, thank you!
    Question – does having a copy of the site affect the search engines? In other words, would I get penalized for having “duplicate content”? If so, how would I prevent search engines from crawling my staging site?

  8. Nice post WPbeginer.

    Generally speaking the best way to solve bug and help your user is to have access to their WP admin.

    So far we haven’t found any of our customers refusing to send us their WP admin details :)

    I would say that is trust between users and developers :)

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.