Really Simple Security Pro has an advanced hardening setting to “Restrict creation of administrator roles”
Enabling this setting will check for Users that were assigned the Administrator role in a different way than through the regular user profile interface. If a such a user account is found, the role of the user will be changed to Subscriber immediately and an e-mail notification will be sent to the site administrator.
If for some reason you are locked out of your site this function may prevent you from creating an using a new admin account. For example: You don’t know or have access to the email address of an admin user so you cannot force a password reset.
You could disable Really Simple Security though FTP and create an admin account by using an add-user.php script. But as soon as you enable Really Simple Security again, that user account will be changed to a Subscriber account, locking you out again. Any Admin accounts you create while Really Simple Security is disabled would automatically be demoted to the Subscriber role the moment you re-enable Really Simple Security.
To prevent this from happening Really Simple SSL looks for the following contants defined in your wp-config.php
-
define('RSSSL_FORCE_ADMIN_REGISTRATION', true);When this is set, all registered Administrator accounts are added to the list of allowed Admin accounts, just as they would when you enable the setting in the Really Simple Security for the first time.
-
define('RSSSL_SKIP_ADMIN_CHECK', true);This prevents Administrator users from being demoted to subscriber
When this is set, admin accounts created while Really Simple Security was disabled will not be reset to subscriber
After logging in and enabling Really Simple Security with these constants active, you can remove the lines from your wp-config.php again to re-activate the “Restrict creation of administrator roles” setting.