Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

Should You Give Admin Access to Plugin Developers for Fixing Bugs?

Editorial Note: We earn a commission from partner links on WPBeginner. Commissions do not affect our editors' opinions or evaluations. Learn more about Editorial Process.

We have often been asked by users if they should give admin access to plugin developers to fix bugs on their websites.

If it is a free plugin, then you can easily switch to a different one. However, if it is a paid or custom plugin, then you may want to get it fixed.

For some issues, developers may not be able to find the bug and fix it without access to your website.

In this article, we will address if you should give admin access to plugin developers for fixing bugs and how to do it safely.

Giving admin access to developers safely

What Is Admin Access for a WordPress Website?

Admin access for a WordPress website means login access to the WordPress admin area with the administrator user role.

Giving access to the administrator user role for your WordPress website should make anyone feel uncomfortable.

That’s because a user with the administrator user role has full access to everything on your website. They can install plugins or themes, modify code, update the WordPress database, or even delete user accounts.

To learn more, see our beginner’s guide to WordPress user roles and permissions.

For WordPress security, you need to always protect admin access to your WordPress website.

Why Developers May Need Admin Access to Your Website?

When you report a bug and ask for support, the first thing most good developers do is try to reproduce the issue on their testing site.

If they are able to recreate the issue, then they can solve the problem and update the plugin.

Now, if they can’t replicate the issue that you’re reporting, then it’s impossible for them to fix it.

You are probably wondering why these developers can’t replicate the problem that you are having.

Well, that’s because each site is different.

For instance, there are different web hosting environments and different combinations of WordPress plugins and themes. One or more of these variables can be causing the issue.

When a plugin developer is testing their plugin, they don’t have any other plugins activated, and they’re using the default WordPress theme.

This is why sometimes the bug that you encounter is specific to your site. Maybe it’s a bug with a theme you’re using or with a combination of other plugins you have installed.

In order for plugin developers to fix the bug, they must know what’s causing the issue. This is why they ask for your WordPress admin access, so they can have all the same variables.

Should You Give Admin Access to Developers?

Yes, you should give admin access to your website to trustworthy developers so that they can identify the issue and fix it for you. However, the site you share doesn’t need to be your actual live website.

You see, developers want access so they can see the issue with the same hosting environment, plugins, and theme.

If you can make a copy of your website under the same hosting account, it will have all those variables in place while keeping your real website secure.

This temporary copy of your website is called a staging site.

A staging site is a clone of your live website that is used for testing changes before making them live.

Staging sites help you catch errors so you don’t end up breaking your live website. They also help you safely give developers access to make changes and troubleshoot bugs.

Method 1: Share Admin Access to a Staging Website

Many of the top WordPress hosting companies come with the option to create a staging site with one click.

You should first contact your WordPress hosting provider to see if they offer a 1-click staging site for your WordPress installation.

For more details on how to do it yourself, you can see our tutorial on how to make a staging WordPress site.

After you have set up your staging website, you need to log in to the admin area and add a new user account with the administrator user role.

After that, you can share this new admin user account with the plugin developer.

Developer account on a staging site

They can log in to your staging website and make any necessary changes.

Once they have fixed the issue, you can review your staging website and delete the temporary user account you created.

You can now deploy all changes to your live website. This will overwrite your live website and replace it with the staging version.

Note: Some WordPress hosting companies allow you to create a staging site after installing their helper plugin.

The downside of such a staging site is that the admin on the staging site will be able to deploy the changes to your live site without your approval.

In that case, we recommend using the manual method instead.

Method 2: Share Admin Access to a Manual Staging Site

Not all WordPress hosting companies offer 1-click staging websites.

In that case, you may need to manually create a staging website. This staging website will be a copy of your live website.

First, you need to log in to your hosting control panel and create a new subdomain for your staging website (e.g., staging.yourdomain.com).

For this tutorial, we will be using Bluehost. Do note that the steps might vary based on the hosting service you are using.

Once you’re logged in, click on the ‘Settings’ button for the website you wish to create subdomains.

Go to site settings in Bluehost

From here, you will need to switch to the ‘Advanced’ tab at the top.

Bluehost will show different tools and settings you can access under the Advanced settings.

Switch to the advanced settings

Next, you will need to scroll down and navigate to cPanel.

Go ahead and click the ‘Manage’ button.

Open cPanel in Bluehost

On the next screen, you’ll see different tools.

Simply click on the MySQL Databases icon located under the Databases section in your hosting account dashboard.

Opening the MySQL Databases page on cPanel

On the next screen, provide a name for your database.

Then click on the ‘Create Database’ button.

Click create database button

Next, you need to create a MySQL user for your database.

Scroll down to the MySQL Users section and provide a username and password for your new database user.

Add a new MySQL user

Finally, you need to associate the user account with the database you created earlier under the Add User to Database section.

Simply select the new user in the dropdown, make sure your new database is selected, and then click the ‘Add’ button.

Add user to database

You will be asked to select privileges for the user.

Go ahead and select the ‘All Privileges’ checkbox and then click on the ‘Make changes’ button.

Manage user privileges

Your database is now ready to be used for your staging website.

Next, you need to install and activate the Duplicator plugin on your live WordPress site. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, you need to click on the Duplicator menu in your WordPress admin sidebar and click on the ‘Create New’ button.

Create new package

Follow the onscreen instructions to create a Duplicator package for your website.

Once finished, you need to click on the ‘Download Both Files’ button to download the Duplicator package to your computer.

Download duplicator package files

You’ll need to upload both of these files to the file directory of the subdomain you just created. For details, see our guide on how to use FTP to upload files to your WordPress website.

After that, you need to open a new browser tab and enter the subdomain of your staging site like this:

https://staging.yourdomain.com/installer.php

Don’t forget to replace staging with the actual subdomain and yourdomain.com with your own domain name.

This will launch the Duplicator installer wizard. Click on the ‘Next’ button to continue.

Now, you’ll be asked to provide the database information. Enter the database details you created earlier.

Enter database details

After that, simply follow the onscreen instructions to continue. Duplicator will unpack the WordPress package and install it for you.

Once finished, your staging website will be ready to visit. However, it is publicly accessible by anyone on the internet, including search engines.

Let’s change that.

Login to your WordPress hosting account dashboard and click on the ‘Directory Privacy’ icon.

Open directory privacy

Next, you will see different directory folders.

Go ahead and click the ‘Edit’ button for the folder you wish to protect.

Edit directory folder

After that, you need to select the option to ‘password protect this directory’ checkbox.

You will also be asked to provide a name for the protected directory.

Password protect directory folder

Don’t forget to click on the ‘Save’ button to store your settings.

Note: You’ll need to give this username and password to the developers so that they can access your staging site.

Finally, you need to log in to the WordPress admin area of your new staging website and create a new temporary user account to share with a developer.

Developer account on a staging site

Once the developer has fixed the issue, you need to delete their user account.

After that, you need to move your staging site from a subdomain to your root domain.

Method 3: Share a Temporary Login Access (Less Secure)

This method allows you to create a temporary account that allows developers to log in to your WordPress website. You can set a fixed duration for the session, which will automatically expire afterward.

Note: This is less secure and will give a third-party developer complete access to your website. Only use this method if you trust the developer and understand the risks involved.

The first thing you need to do is install and activate the Temporary Login Without Password plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.

Upon activation, you need to visit the Users » Temporary Logins page and click on the ‘Create New’ button to add a new temporary login account.

New temporary login

This will show a form where you need to enter information for the temporary login you want to add.

First, you need to provide the email address for the developer and then their first and last name.

Login details

Click on the ‘Submit’ button to continue.

The plugin will now create a temporary login URL. You need to copy this URL and send it to the developer you want to give temporary access.

Temporary login link

Once the developer has finished fixing the issue, you can delete this temporary link. Otherwise, it will automatically expire after the period you set during the login creation.

For more details, see our tutorial on how to create a temporary login link in WordPress.

We hope this article helped you learn whether or not you should give admin access to plugin developers to fix issues on your website.

You may also like our article on how to track user activity in WordPress and the best WordPress security plugins to protect your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

13 CommentsLeave a Reply

  1. Syed Balkhi says

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Mark says

    Thanks for the article, I totally get the need for trust / co-operation.
    1. What about sending a backup of your site to the plugin developer and letting them create a staging site?
    2. But perhaps the bigger issue, for me, is whether you’re exposing yourself to fraud if you’re running an eCommerce site and pass access to a plugin developer?

  3. WPBeginner Staff says

    David,

    Thanks for leaving a comment. First, we did not say it is the web hosting companies’ jobs to do this.

    However from our experience, when you ask nicely most of them are happy to do this for you. Specially if you’re on a cPanel web host. Why?

    Because it takes literally few clicks to move an existing site to a new subdomain on the server end.

    I won’t get in a debate about WP is easy to use or not because that’s your opinion. I have success stories of users who started learning from WPBeginner in 2009 and today are running successful web design agencies of their own. Others who have started much recently and used our resources to build a website which helped them grow their businesses.

    -Syed

  4. David Fraiser says

    Great article except for the part where you lead users to think that it is somehow the web hosting companies job to set up a test environment for them. This isn’t true. While many hosting companies have support staff who are well-versed in WordPress and other software, it isn’t part of their job to set up a test site for a user.

    In fact most hosting companies have specific clauses prohibiting help with 3rd party apps. I realize your articles are geared towards WP n00bs, but if they aren’t capable of replicating a WP install, then they probably shouldn’t be using WP to begin with. Or better yet, they should hire a knowledgeable Developer to do it for them.

    WP is deceptive in that to USE it is very simple, and most anyone can do it; but to CUSTOMIZE it requires knowing what you’re doing. It’s not all “push a button and it’s going to be just like I want it to be.”

    You do a disservice to your less knowledgeable readers by giving them the wrong information.

  5. lisaleague says

    I’ve had excellent support from reputable developers, and I like to return the favor by providing a great review.

    I think another key is to provide a clear description of the issue, and screencasts are very helpful.

  6. Travis Pflanz says

    I would add that you should ALWAYS ask the developer to let you know exactly what the problem is and which files they changed to fix the problem… Especially if you give them FTP access.

    I’ve seem developers go in and change the core of a plugin that was not theirs, then when that plugin updates, the whole situation returns.

    If there is a conflict with a specific plugin, I always inform both developers and create a public thread somewhere – whether on wordpress.org or one of their sites – and direct both developers to that thread. This way they can (hopefully) work together to fix the issue.

  7. Mohammed says

    Hi wpbeginner,

    Thank you very much for this great article this is exactly what I need to know about what if I should give the plugin/theme developer admin access or not and what can I do about that.

  8. Pam says

    This is great guidance, thank you!
    Question – does having a copy of the site affect the search engines? In other words, would I get penalized for having “duplicate content”? If so, how would I prevent search engines from crawling my staging site?

  9. Meks says

    Nice post WPbeginer.

    Generally speaking the best way to solve bug and help your user is to have access to their WP admin.

    So far we haven’t found any of our customers refusing to send us their WP admin details :)

    I would say that is trust between users and developers :)

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.