Hosting Tutorial & Guide

How to Allow Temporary Logins in WordPress

updated on Nov 04, 2016
How to Allow Temporary Logins in WordPress To make your website secure, you always have to create an account with a strong password for each person who needs to access the admin area of your site. However, this may cause some trouble when you want to grant someone temporary access to your site. For example, in the following situations, you will need to allow temporary logins.
  • You have hired a developer or designer to perform small tweaks on your website.
  • You have to allow special users to post to your site or do any other thing that requires the admin access.
For both situations, you can certainly create an account with enough capabilities for the user, and then disable or delete the account when the user doesn't need the access anymore. But the unfortunate fact is that many webmasters would forget to disable the unneeded accounts, which brings potential threats to the website security.

In this tutorial, however, we will introduce an easy and secure way to create temporary logins for those who need to access your WordPress admin area during a certain period of time. The plugin that works for this goal, then, is named Temporary Login Without Password.

About the Plugin

This special plugin allows you to create temporary logins easily. You can select the user role of every temporary account, and define the expiry time. When a new user account is created successfully, the plugin provides you with a special link which you can share with anyone you want. By clicking on the link, the user is able to log into your WordPress site without a username and password. And the user account will expire automatically on the expiry time defined by you.

While ensuring the ease of use, the plugin also guarantees the security of the account even though there is no password because the special link is exclusive to the user. Therefore, you can use it as a great helper.

Temporary Login Without Password

Create a Temporary Login

To create your own temporary logins, you have to install the plugin at first, and then go to the "Temporary Logins" submenu under the Users main menu in the WordPress dashboard. On the new page, click on the "Create New" button, and then you will get the following form.

Create a Temporary Login

Like what you can see in the screenshot above, you are required to enter the email address of the user to whom you want to give access to your admin area. Make sure the email address is valid. The name of the user is optional, but we still suggest you complete the corresponding fields for easier user management in the future.

Another important thing to deal with is the user role. In the dropdown for "Role", all the available user roles on your site are listed there, so you can choose one based on the real needs. Be careful about the selection, and only give permissions to those who really need them, because excessive capabilities could expose your site to more security threats.

At last, you need to choose the expiry duration. You can talk with the user before deciding how long he/she needs the access. The available options include one hour, three hours, one day, three days, one week and one month. However, our suggestion is, you'd better create a normal account for those who have to maintain the access for a week for even longer.

As soon as you click on the "Submit" button, the plugin will generate a temporary login link. You can copy the link and share it with the person who needs it. Also, there is an email option. Clicking on the email link will open your email client. You can then easily send the login link to the email address you entered when creating the temporary account.

Temporary Login Link

Manage the Temporary Logins

The Temporary Login Without Password plugin provides you with a list of all the temporary accounts you have created. From the list, you can see the username, email address, user role, the time that the account is logged in, and the time remaining for the expiry.

Besides, there are several actions you can take for each account. Under the "Actions" column, you are able to disable the account, permanently delete it, and copy the login link. If you choose to delete an account permanently, then the user will be deleted from your WordPress site, and the content added by the user, such as posts, pages and comments, will display an admin's account as author.

Manage Temporary Logins

Special Tip – Enable an Audit Log to Know What the Users Have Done

The plugin introduced in this tutorial allows you to track the basic information of each temporary account. But to make sure that the users, especially those with sensitive privileges, don't do any harm to your site, we would suggest you monitor the user activities and keep a security audit log. With such a log, you can know clearly what each user has done on your site.

The plugin recommended for enabling the audit log is WP Security Audit Log. It logs everything on your website, and alerts you when a user uploads a file, installs a plugin, modifies an existing page, moves a widget, etc.

Monitor User Activity with WP Security Audit Log