Hello, Paul, & welcome. Actually, passwords are not visible. What you really need to do if you want someone to have admin privileges on your site is to create a *separate* user for that person. You can do this under ‘Users > Add New’. The default role is ‘subscriber’, so don’t forget to change that to the role you want the user to have–not that it’s a biggie if you do–you can always go back in & change it–it’s just easier to do it correctly the first time, & far less frustrating, too. Once the user’s finished, he can be deleted at your pleasure. You should also leave the option checked to notify the user via email of his new account.
Again, welcome to the world of WordPress in general & to the WordPress support forum specifically.
I think what I’d do at this point is to create a new admin user for myself and, when that other developer is done, I’d delete the older admin user.
Problem solved.
There might be a concern that he found the new user and has access to the database. You’ll want to make sure the email for the new admin is still pointing at your email.
It might also be wise to change the Control Panel and database passwords to prevent him from ever getting access to those again. Your web host can help you with that process.
This person has a reputation to protect if he’s a professional so he won’t want to leave you in a bad place and possibly expose his own reputation. So, for the most part, just pay attention to him as he works and fix your site to help protect him and you when he finishes.
Joy
(@joyously)
If you go to the User profile for your account, scroll to the bottom and you will find the Sessions option. If there are multiple sessions, it will be enabled and say “Log Out Everywhere Else”. Click that, and then change the password.
The other advice given is also good advice.
@jackie
@jnashhawkins
@joyously
Apologies for this delayed reply from me.
“Actually, passwords are not visible”
You are right! I haven’t noted it.
This is helpful in my case
“create a *separate* user for that person. You can do this under ‘Users > Add New’. The default role is ‘subscriber’, so don’t forget to change that to the role you want the user to have”
I’m going to try
“I think what I’d do at this point is to create a new admin user for myself and, when that other developer is done, I’d delete the older admin user.”
You sure would.
Problem is, with my zero-knowledge I’m extremely wary of playing around with creating, modifying and deleting admin roles.
Probably at the end the only remained website admin would be the developer guy
“You’ll want to make sure the email for the new admin is still pointing at your email.”
Good advice
I hadn’t think about that by myself
“It might also be wise to change the Control Panel and database passwords to prevent him from ever getting access to those again.”
I contacted a2hosting chat service yesterday and asked also about that.
No problem now on this point
“This person has a reputation to protect…”
I chose one with around 300 reviews, 5 stars average. Normally there are no problems. But you never know
“If there are multiple sessions, it will be enabled and say “Log Out Everywhere Else”. Click that, and then change the password.”
This seems the most easy, quick and less problematic way.
I saw this option, I just wasn’t sure if klicking it, only other users get logged out or “the other me” too.
Before I mark this problem of mine as solved I want to play around some more in my wp dashboard and try out your tips.
Thanks for the help to all the three of you.
Very much appreciated
I have created a second admin, with the name of the developer as his username and his own password.
But with my email-address.
Once he’s finished –> cancel his username –> Log out everywhere else –> change passwords.
I feel comfortable with this procedure.
(I haven’t find the superadmin option, but it’s not important.)
——————————-
Just a couple of last questions, more out of curiosity:
a) Can such a developer put malware inside my wp admin account?
b) Can he delete or change pre-installed admin capabilities like in settings, tools etc.?
c) Is it possible for him to install in my wp admin account some trick so that later, when after job’s completion I change the password, he gets in some way the new password?
Joy
(@joyously)
Any of those is possible, since an admin can put code onto the site.
About the superadmin option, I just discovered something interesting:
I just logged into a2hosting’s Plesk Onyx
Over there my role is Owner.
I have the possibility of giving other users the role of WebMasters.
WebMasters have the capability of building website, but they cannot manage roles.
It looks like this feature is the same as the superadmin feature
Anyway, I won’t give the developer access to Plesk. He doesn’t need it.
Ok, job has been done,
everything is fine,
pleasurable experience with the freelancer from Dhaka, Bangladesh.
Now it’s up to me to fill the blog with content…
-
This reply was modified 5 years ago by paul887.