This is a super simple code snippet that provides an additional level of security against unexpected admin roles on your WordPress websites. Let’s see how it works.
Problem: In WordPress, I see random admin roles.
You might have seen such a picture on your WordPress page with Admin users:
Some guy injected himself into your WordPress system, even though you have firewall plugins, which unfortunately aren’t perfect.
Solution: Prevent and automatically delete newly created or injected roles.
When you paste this code snippet into functions.php or as a separate snippet, you can try to inject or create a new user with the admin role. This snippet will prevent this action, and no one will have a chance to control your WordPress project from the inside.
🔴 Important: installation process. Follow this guide
- Find your userID for your existing admin roles. Open admin role card, check URL.
Example: https://yourwebsite.com/wp-admin/user-edit.php?user_id=4.
In this case, the userID is 4 - Paste all these IDs via comma in this part of the code.
Example: (in_array ($user_id, [2, 5, 7, 14691,)) - Activate your snippet
Here are places where you have to add IDs:
That’s it! Scroll to the top and check the demo.
Note: If you want to add more admin roles, please deactivate this snippet, add new users with admin roles, and then activate the snippet.
