Disabling admin account creation protection when you are locked-out

Really Simple SSL Pro has an advanced hardening option to “Restrict creation of administrator roles”

Enabling this setting will check for users that were assigned the admin role in a different way than through the regular user profile interface. If a such a user account is found  the role of the user will be changed to subscriber immediately and an e-mail notification will be sent to the site administrator.

If for some reason you are locked out of your site this function may prevent you from creating an using a new admin account. For example: You don’t know or have access to the email address of an admin user so you cannot force a password reset.

You could disable Really Simple SSL though FTP and create an admin account by using an add-user.php script. But as soon as you enable Really Simple SSL again, that user account will be changed to a subscriber account, locking you out again. Any admin accounts you create while Really Simple SSL is disabled will automatically be demoted to the subscriber role the moment you enable Really Simple SSL again!

To prevent this from happening Really Simple SSL looks for the following contants defined in your wp-config.php

  • RSSSL_FORCE_ADMIN_REGISTRATION
    When this is set, all registred admins accounts are added to the allowed admin accounts, just as they would when you enable the setting in the Really Simple SSL for the first time
  • RSSSL_SKIP_ADMIN_CHECK
    This prevents admin users from being demoted to subscriber
    When this is set, admin accounts created while Really Simple SSL was disabled will not be reset to subscriber

After logging in and enabling Really Simple SSL with these constants active, you can remove the lines from your wp-config.php again to re-activate the “Restrict creation of administrator roles” setting.

Lightweight plugin, Heavyweight Security features. Get Pro and leverage your SSL certificate for WordPress security standards.