Warning | |
---|---|
THIS IS NOT A SECURITY FEATURE. THE MASTER PASSWORD IS STORED UNENCRYPTED IN THE SITE'S DATABASE. We consider this feature as a simple way for you to prevent your clients from modifying configuration parameters which could break their own site. THIS FEATURE IS NOT DESIGNED TO PREVENT A MALICIOUS PERSON WHO HAS INFILTRATED YOUR SITE FROM ACCESSING ADMIN TOOLS. |
Sometimes you are not the sole administrator of a website, for example when there is a large administrative team or when you build the website for a client. In such cases you do not need everyone with administrative access to be able to modify Admin Tool's settings. Instead of giving you the traditional "all or nothing" access control implied by WordPress user roles, Admin Tools allows you to control access to any or all of its features using a "master password". The idea is that before any user is able to use one of the protected features, they have to supply the "master password" in Admin Tools' control panel page.
The Master Password page
When you click on the
button in the Control Panel you get to the Master Password page where you can set both the password and select which features to protect.The top area of the page allows you to set a Master Password. If you want to disable password protection altogether simply leave it blank.
The bottom area of the page lets you select which features will be protected. Set the radio button next to each feature you want to protect to "Yes" before clicking on the
button. Features marked as "No" will be accessible by all administrator users. Featured marked with "Yes" will only be available to users who enter a valid password in the Control Panel page. This means that even Administrators will not be able to access the protected features without supplying a valid password.If you want to quickly protect all features, click on the
button above the list. Conversely, clicking on the button will disable Master Password protection on all features.The only way to find out your password is to directly read it from
the database. Use your host's database management tool —usually it's
phpMyAdmin— to list the contents of your site's wp_admintools_storage
table (where wp_
is your site's prefix). Find
the only record in the table (the key
value
is "cparams") and take a peek at the contents of the
value
column. It contains a long text. At
some point you will see something like
"masterpassword":"mypassword"
. The
mypassword
part is your master
password.