Title: Admin access override Last modified: March 22, 2017 --- # Admin access override * Resolved [notanyone](https://wordpress.org/support/users/notanyone/) * (@notanyone) * [9 years, 2 months ago](https://wordpress.org/support/topic/admin-access-override/) * Hi! Recently I found that the “Administrator Access Override” setting easily overrides such wp-config directives as DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS, which is probably a huge security issue for those who have these directives enabled. * At the same time, I would expect that the “Administrator Access Override” setting would allow me to assign content to Groups that I don’t belong to, cause otherwise I need my admin account to be a member of each and every group that I will ever want to assign some content. Is there a way to fix this? Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [Kento](https://wordpress.org/support/users/proaktion/) * (@proaktion) * [9 years, 1 month ago](https://wordpress.org/support/topic/admin-access-override/#post-8987932) * Hi, * Many thanks for your feedback on this feature. The admin override can be useful during development but you should keep it turned off on a production site. * Regaring the group restrictions, this is going to change – currently (Groups 2.0.3) you must be a member of a group to use it to restrict access and in the next release about to come out, this is not required anymore for user accounts with appropriate permissions. Usually, an admin would be allowed to apply any group without the need to belong to it. * I suppose this can be marked as resolved, but please feel free to ask further if you need more help or have any suggestions. * Cheers * Thread Starter [notanyone](https://wordpress.org/support/users/notanyone/) * (@notanyone) * [9 years, 1 month ago](https://wordpress.org/support/topic/admin-access-override/#post-8987981) * Hi Kento, many thanks for great addon & support! While I totally agree on changes to the restriction behaviour regarding admin membership, may I argue a bit on the admin overrides, if you don’t mind? I still think it’s a security issue. * The idea of setting DISALLOW_ directives as I see it is to prevent intruder or malitious script, that somehow gained access to admin, from modifying your files( usually to insert some malware, redirects etc.) But what’s the point in these directives if such intruder (ofc if is aware of the Groups addon) could easily switch on “Override” option and ignore those safety measures? * Plugin Author [Kento](https://wordpress.org/support/users/proaktion/) * (@proaktion) * [9 years, 1 month ago](https://wordpress.org/support/topic/admin-access-override/#post-8998531) * Hi [@notanyone](https://wordpress.org/support/users/notanyone/) * In the latest release 2.1.1 the access override has been removed as an option from the admin interface and can now only be activated by defining the constant` GROUPS_ADMINISTRATOR_OVERRIDE` as `true` (in wp-config.php). * Many thanks again for your feedback! Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Admin access override’ is closed to new replies. * ![](https://ps.w.org/groups/assets/icon-256x256.png?rev=983146) * [Groups](https://wordpress.org/plugins/groups/) * [Frequently Asked Questions](https://wordpress.org/plugins/groups/#faq) * [Support Threads](https://wordpress.org/support/plugin/groups/) * [Active Topics](https://wordpress.org/support/plugin/groups/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/groups/unresolved/) * [Reviews](https://wordpress.org/support/plugin/groups/reviews/) * 3 replies * 2 participants * Last reply from: [Kento](https://wordpress.org/support/users/proaktion/) * Last activity: [9 years, 1 month ago](https://wordpress.org/support/topic/admin-access-override/#post-8998531) * Status: resolved