Description
CraftyTeam Login As User helps site administrators securely log in as another WordPress user or WooCommerce customer without asking for passwords.
The plugin adds a secure Login As User action to the WordPress Users screen, user profile screens, WooCommerce order screens, and WooCommerce order lists. After switching into a user account, the original administrator can return through a visible frontend panel or the WordPress admin bar.
Key features
- Login As User action for WordPress users.
- WooCommerce customer Login As User action from order screens and order lists.
- Secure return to the original administrator account.
- Local audit log under Users > Login As Audit.
- Signed session cookie and temporary transient-based session storage.
- Administrator and super administrator target accounts are blocked by default.
- No tracking, no third-party services, no external API calls.
- Conditional admin and frontend CSS loading.
Security model
Only logged-in users with both manage_options and edit_users can start a Login As User session. Switching to administrator or super administrator target accounts is blocked by default and can only be changed intentionally through filters.
The plugin uses WordPress nonces, capability checks, signed cookies, temporary transients, and safe redirect validation.
WooCommerce support
WooCommerce is optional. If WooCommerce is active, CraftyTeam Login As User adds customer Login As User actions to supported WooCommerce order screens. If WooCommerce is not active, the core WordPress user switching functionality continues to work.
Advanced Filters
Developers can customize selected behavior through these filters:
ctm_login_as_session_duration– changes the temporary Login As session duration. Default: 12 hours.ctm_login_as_allow_admin_targets– allows administrator or super administrator target accounts when intentionally enabled. Default: false.ctm_login_as_target_can_be_switched– controls whether a specific target user can be accessed.ctm_login_as_default_redirect– changes the default redirect after switching into a user account.ctm_login_as_woocommerce_redirect– changes the redirect used by WooCommerce order actions.ctm_login_as_audit_limit– changes the number of local audit events stored. Default: 150.
Screenshots
Installation
- Upload the plugin folder to
/wp-content/plugins/craftyteam-login-as-user/, or install the plugin ZIP from Plugins > Add New > Upload Plugin. - Activate CraftyTeam Login As User from the Plugins screen.
- Go to Users, a user profile, or a WooCommerce order and use the Login As User action.
- Use the frontend return panel or admin bar button to return to the original administrator account.
FAQ
-
Who can use Login As User?
-
Only logged-in users who have both
manage_optionsandedit_userscan start a Login As User session. -
Can administrators switch into other administrator accounts?
-
No. Administrator and super administrator target accounts are blocked by default. This is intentional.
-
Does the plugin track users or send data to third parties?
-
No. The plugin does not track users, does not connect to third-party services, and does not send data externally.
-
Does WooCommerce have to be installed?
-
No. WooCommerce integration is optional. The plugin works for WordPress users even when WooCommerce is not active.
-
Where is the audit log stored?
-
The audit log is stored locally in the WordPress options table and is visible under Users > Login As Audit.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“CraftyTeam Login As User” is open source software. The following people have contributed to this plugin.
Contributors
Translate “CraftyTeam Login As User” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.13
- Loaded WooCommerce integration only when WooCommerce is active.
- Hardened the Users table button for standard and multisite user lists.
1.0.12
- Prepared the plugin for WordPress.org submission.
- Added a WordPress.org-compatible
readme.txtfile. - Added GPLv2-or-later license metadata.
- Added uninstall cleanup for plugin options and active Login As session transients.
- Updated default UI text and plugin naming for the public plugin directory.
- Hardened inline SVG output through an explicit allowed HTML list.
1.0.11
- Applied the same discreet button design across Users, user profile, WooCommerce order, WooCommerce order list, and frontend return buttons.
- Removed SVG icons from action buttons.
- Used muted grey backgrounds, black text, and 5px border radius for action buttons.
1.0.10
- Aligned the Login As button in the Users table column with the row text.
- Removed vertical centering that made the button appear visually displaced.
1.0.9
- Moved the Login As column to the first position in the Users table, immediately after the checkbox column.
- Simplified the Users table button style.
1.0.8
- Improved the Users table layout and column sizing.
- Refined the Users list button style.
1.0.7
- Adjusted the Users table layout so the Login As column appears closer to the expected position.
1.0.6
- Moved the WooCommerce order Login As card with high priority inside the order details area.
- Kept the dedicated Login As column in Users.