Protecting Admin Tools with a password (Master Password)


THIS IS NOT A SECURITY FEATURE. THE MASTER PASSWORD IS STORED UNENCRYPTED IN THE SITE'S DATABASE. We consider this feature as a simple way for you to prevent your clients from modifying configuration parameters which could break their own site. THIS FEATURE IS NOT DESIGNED TO PREVENT A MALICIOUS PERSON WHO HAS INFILTRATED YOUR SITE FROM ACCESSING ADMIN TOOLS.

Sometimes you are not the sole administrator of a website, for example when there is a large administrative team or when you build the website for a client. In such cases you do not need everyone with administrative access to be able to modify Admin Tool's settings. Instead of giving you the traditional "all or nothing" access control implied by WordPress user roles, Admin Tools allows you to control access to any or all of its features using a "master password". The idea is that before any user is able to use one of the protected features, they have to supply the "master password" in Admin Tools' control panel page.

The Master Password page

When you click on the Master Password button in the Control Panel you get to the Master Password page where you can set both the password and select which features to protect.

The top area of the page allows you to set a Master Password. If you want to disable password protection altogether simply leave it blank.

The bottom area of the page lets you select which features will be protected. Set the radio button next to each feature you want to protect to "Yes" before clicking on the Save Changes button. Features marked as "No" will be accessible by all administrator users. Featured marked with "Yes" will only be available to users who enter a valid password in the Control Panel page. This means that even Administrators will not be able to access the protected features without supplying a valid password.

If you want to quickly protect all features, click on the All button above the list. Conversely, clicking on the None button will disable Master Password protection on all features.

I have forgotten my password. Now what?

The only way to find out your password is to directly read it from the database. Use your host's database management tool —usually it's phpMyAdmin— to list the contents of your site's wp_admintools_storage table (where wp_ is your site's prefix). Find the only record in the table (the key value is "cparams") and take a peek at the contents of the value column. It contains a long text. At some point you will see something like "masterpassword":"mypassword". The mypassword part is your master password.