Granting temporary access to developers or collaborators is a common need for WordPress site owners. However, managing these accounts can quickly turn into a security headache—not to mention it being a time-suck. Weak passwords, forgotten deletions, and manual processes leave your site vulnerable and leave you spending far too much time managing user accounts.
Fortunately, there’s a better way. In this guide, we’ll explore how a plugin can make creating and managing temporary users easier and more secure.
Table of contents
- Why Would You Need to Give Temporary Access to Your WordPress Site?
- The Problem – Manually Creating & Managing Temporary Users on WordPress
- The Solution – A Plugin to Create Temporary Users
- Managing Multiple Temporary WordPress Logins
- Keeping Log of What Temporary WordPress Users Are Doing
- Giving Temporary Access To Your WordPress & Monitoring Changes Just Got Easier
Why Would You Need to Give Temporary Access to Your WordPress Site?
Temporary access minimizes security risks by ensuring third parties don’t keep unnecessary access to your website. This helps reduce security risks caused by unused accounts.
There are many situations where you might choose to give temporary access instead of creating a new account, including:
- Safely giving a developer access to troubleshoot a plugin issue
- Giving a graphic designer access for design updates
- Letting a shop manager check inventory
- Granting an editor access to review a blog post
In all these situations, giving temporary access instead of a new account ensures they can do their job while limiting potential risk.
The Problem – Manually Creating & Managing Temporary Users on WordPress
The process of creating a new user on WordPress isn’t a big deal – you just have to specify an email address and the username. Then an email, including the password is automatically sent to the recipient. However, the problems start afterward, and get worse when you have multiple temporary users.
Key Challenges with Temporary WordPress Users
- Weak passwords: Temporary accounts, often with admin access, are initially set up with strong passwords. However, third parties frequently change these to weaker, easy-to-remember ones, compromising security. There are steps you can take to overcome this, like using a login security plugin, but it’s still an important challenge to consider.
- Forgetting to delete users: Temporary accounts are rarely deleted on time. Many WordPress sites accumulate unused accounts, leaving them vulnerable to breaches caused by weak passwords or stolen credentials.
- Unmonitored account activity: Temporary users often operate without any form of tracking or oversight. When there are multiple accounts on the site, this makes it nearly impossible to identify which account made which change.
- Manual management challenges: Relying on manual processes to create, manage, and delete temporary accounts can be time-consuming. The more accounts on the site, the more work goes into managing them.
The Solution – A Plugin to Create Temporary Users
To eliminate the issues related to temporary users, most people opt for a plugin. The Temporary Login without Password plugin is the most commonly used option.
As the name implies, the Temporary Login without Password plugin allows you to give a temporary WordPress login to someone without needing a password and without as much manual management. You can choose when the login expires, as well as the user role of the temporary user account. Here is how it works.
Creating a Temporary WordPress Login
Once you install and activate the plugin, a new Temporary Logins node is added to the Users menu in your WordPress dashboard.
Click it and click on the Create New button to create the first temporary WordPress login.
When creating the new login, you have to specify the email address where the URL for the temporary login will be sent, the role of the user, and for how long the temporary login should remain active.
The temporary login link
After clicking submit, you get a temporary login link to share with whoever you want to give temporary access to. This temporary link will be valid for the duration you set and looks like this:
https://site.com/wp-admin/?wtlwp_token=b4cc27c42c54b2ffcb533f441a4856ka1aee7283ccf90d9594a4d8f90694a90da4810c2b8d4db3642150e9376495d6329cdf0bccfa25acg245c3O598e3a88e0b
You can either copy the link and send it manually, or you can press the small envelope button in the tool to send it.
When the user clicks on the created login link, he or she is automatically logged in to your site on a temporary login account. If they log out by mistake, clicking on the link again will restore their session.
Configuring the WordPress User Role and Expiration
From the WordPress security point of view this is a perfect solution:
- It allows you to set the role, which is very important because you should never give WordPress users more privileges than they need.
- You can set an expiry date which means you will not need to remember to delete the account. Therefore should the recipient’s email account get hacked, malicious users cannot use the link to log in to your WordPress because it is temporary.
When setting the expiration for the link, you can select any of the predefined options or simply specify a date.
Managing Multiple Temporary WordPress Logins
All the temporary WordPress users you create with the plugin can be managed from the same Temporary Logins menu.
As you can see in the above screenshot, you can disable and delete any of the temporary logins with just a mouse click. So, if you ever have any concerns about the activity of one of the users you can use these options to revoke their access.
Keeping Log of What Temporary WordPress Users Are Doing
When you give temporary access to a third party, you need to keep an eye on their activity. They could accidentally do something they shouldn’t that harms your website, or their email could get hacked, giving a bad actor access to your site. Monitoring temporary user activity and identifying potential issues before they harm your site is very important.
Our WP Activity Log plugin does just that, and it’s fully compatible with the Temporary Login without Password WordPress plugin.
For example in the screenshot below, we can see that the temporary WordPress user Anekke has created and published a new post, changed its URL, and uploaded a media file.
WP Activity Log can keep a record of any type of change on your WordPress websites and multisite networks, including those made by temporary users. This includes changes to posts, pages, custom post types, plugins, themes, user profiles, menus, widgets, and global WordPress settings changes, just to name a few.
Refer to the complete list of WordPress changes that the WP Activity Log plugin can keep a record of for more information.
Giving Temporary Access To Your WordPress & Monitoring Changes Just Got Easier
Temporary Login without Password is an easy-to-use solution that reduces the drudgery and security risks that come with creating temporary WordPress users for third parties. This solves a whole host of problems, but it’s still important to monitor changes made by these users.
The WP Activity Log plugin does just that, allowing you to ensure the temporary accounts can be managed in a secure fashion. Together, they make giving and managing temporary access a whole lot easier.