We have been often asked by users if they should give admin access to plugin developers for fixing bugs on their website?
If it is a free plugin, then you can easily switch to a different one. However, if it is a paid or a custom plugin then you may want to get it fixed.
For some issues, developers may not be able to find the bug and fix without access to your website.
In this article, we’ll address if you should give admin access to plugin developers for fixing bugs and how to do it safely.
What is Admin Access for a WordPress Website?
Giving access to the administrator user role for your WordPress website should make anyone feel uncomfortable.
That’s because a user with the administrator user role has full access to everything on your website. They can install plugins or themes, modify code, update the WordPress database, or even delete user accounts.
To learn more, see our beginner’s guide to WordPress user roles and permissions.
For WordPress security, you need to always protect admin access to your WordPress website.
Why Developers May Need Admin Access to Your Website?
When you report a bug and ask for support, the first thing most good developers do is try to reproduce the issue on their testing site.
If they are able to recreate the issue, then they can solve the problem and update the plugin.
Now, if they can’t replicate the issue that you’re reporting, then it’s impossible for them to fix it.
You’re probably wondering, why can’t these developers replicate the problem that you’re having?
Well, that’s because each site is different.
For instance, there are different web hosting environments and different combinations of WordPress plugins and themes. One or more of these variables can be causing the issue.
When a plugin developer is testing their plugin, they don’t have any other plugins activated, and they’re using the default WordPress theme.
This is why sometimes the bug that you encounter is specific to your site. Maybe it’s a bug with a theme that you’re using or with a combination of other plugins that you have installed.
In order for plugin developers to fix the bug, they must know what’s causing the issue. This is why they ask for your WordPress admin access, so they can have all the same variables.
Should You Give Admin Access to Developers?
Yes, you should give admin access to your website to trustworthy developers so that they can identify the issue and fix it for you. However, the site you share doesn’t need to be your actual live website.
You see, developers want access so they can see the issue with the same hosting environment, plugins, and theme.
If you can make a copy of your website under the same hosting account, then it would have all those variables in place, while still keeping your real website secure.
This temporary copy of your website is called a staging site.
A staging site is a clone of your live website that is used for testing changes before making them live.
Staging sites help you catch errors, so you don’t end up breaking your live website. They also help you safely give access to developers to make changes and troubleshoot bugs.
Method 1. Share Admin Access to a Staging Website
Many of the top WordPress hosting companies come with the option to create a staging site with one click.
You should first contact your WordPress hosting provider to see if they offer a 1-click staging site for your WordPress installation.
For more details on how to do it yourself, you can see our tutorial on how to make a staging WordPress site.
After you have setup your staging website, you need to log in to the admin area and add a new user account with the administrator user role.
After that, you can share this new admin user account with the plugin developer.
They will be able to login to your staging website and make any necessary changes.
Once they have fixed the issue, you can review your staging website and delete the temporary user account you created.
You can now deploy all changes to your live website. This will overwrite your live website and replace it with the staging version.
Note: Some WordPress hosting companies allow you to create a staging site after installing their helper plugin.
The downside of such a staging site is that the admin on the staging site will be able to deploy the changes to your live site without your approval.
In that case, we would recommend you to use the manual method instead.
Method 2. Share Admin Access to a Manual Staging Site
Not all WordPress hosting companies offer 1-click staging websites.
In that case, you may need to manually create a staging website. This staging website will be a copy of your live website.
First, you need to login to your hosting control panel and create a new subdomain for your staging website (e.g. staging.yourdomain.com).
Next, click on MySQL Databases icon located under the Databases section in your hosting account dashboard.
On the next screen, provide a name for your database.
Then click on the Create Database button.
Next, you need to create a MySQL user for your database.
Scroll down to the MySQL Users section and provide a username and password for your new database user.
Finally, you need to associate the user account to the database you created earlier under the Add User to Database section.
Simply select the new user in the dropdown, make sure your new database is selected, and then click the Add button.
You will be asked to select privileges for the user.
Go ahead and select ‘All Privileges’ checkbox and then click on the ‘Make changes’ button.
Your database is now ready to be used for your staging website.
Upon activation, you need to click on the Duplicator menu in your WordPress admin sidebar and click on the create new button.
Follow the on screen instructions to create a duplicator package for your website.
Once finished, you need to click on the ‘Download Both Files’ button to download the duplciator package to your computer.
You’ll need to upload both of these files to the file directory of the subdomain you just created. For details, see our guide on how to use FTP to upload files to your WordPress website.
After that, you need to open a new browser tab and enter the subdomain of your staging site like this:
Don’t forget to replace staging with the actual subdomain and yourdomain.com with your own domain name.
This will launch the Duplicator installer wizard click on the Next button to continue.
Now, you’ll be asked to provide the database information. Enter the database details you created earlier.
After that simply follow the onscreen instructions to continue. Duplicator will unpack the WordPress package and install it for you.
Once finished, your staging website will be ready to visit. However, it is publicly accessible by anyone on the internet including search engines.
Let’s change that.
Login to your WordPress hosting account dashboard and and click on the directory privacy icon.
Next, you need to select your subdomain folder and then select the option to ‘password protect this directory’ checkbox.
You will be asked to provide a name for this setting, and then enter a username and password.
Don’t forget to click on the Save button to store your settings.
Note: You’ll need to give this username and password to the developers so that they can access your staging site.
Finally, you need to login to the WordPress admin area of your new staging website and create a new temporary user account to share with developer.
Once the developer has fixed the issue, you need to delete their user account.
After that, you need to move your staging site from Subdomain to your root domain.
Method 3. Share a Temporary Login Access (Less Secure)
This method allows you to create a temporary account that allows developers to login to your WordPress website. You can set a fixed time duration for the session and it will automatically expire after that.
Note: This is less secure and will give a third-party developer complete access to your website. Only use this method if you trust the developer and understand the risks involved.
Upon activation, you need to visit Users » Temporary Logins page and click on ‘Create New’ button to add a new temporary login account.
This will show a form where you need to enter information for the temporary login you want to add.
First, you need to provide the email address for the developer and then their first and last name.
Click on the Submit button to continue.
The plugin will now create a temporary login URL. You need to copy this URL and send it to the developer you want to give temporary access.
Once the developer has finished fixing the issue, you can delete this temporary link otherwise it will automatically expire after the period you set during the login creation.
For more details, see our tutorial on how to create a temporary login link in WordPress.
We hope this article helped you learn whether or not you should give admin access to plugin developers to fix issues on your website.