Title: Restricted User Activity Author: Steve Puddick Published: 2 de Marzo de 2026 Last modified: 2 de Marzo de 2026 --- Buscar plugins ![](https://ps.w.org/restricted-user-activity/assets/banner-772x250.jpeg?rev=3472322) ![](https://s.w.org/plugins/geopattern-icon/restricted-user-activity_878870.svg) # Restricted User Activity Por [Steve Puddick](https://profiles.wordpress.org/stevepuddick/) [Descargar](https://downloads.wordpress.org/plugin/restricted-user-activity.1.0.0.zip) * [Detalles](https://cl.wordpress.org/plugins/restricted-user-activity/#description) * [Reseñas](https://cl.wordpress.org/plugins/restricted-user-activity/#reviews) * [Instalación](https://cl.wordpress.org/plugins/restricted-user-activity/#installation) * [Desarrollo](https://cl.wordpress.org/plugins/restricted-user-activity/#developers) [Soporte](https://wordpress.org/support/plugin/restricted-user-activity/) ## Descripción This plugin prevents unauthorized admin users from damaging or compromising your website. A common technique for hackers is to exploit vulnerabilities in your plugins or theme and try to create an unauthorized admin user for themselves. Once they have admin access they can do whatever they want to your website. They can deface it, display inappropriate content, or carry out many other malicious acts. Restricted User Activity adds an extra step to the process of allowing Admin users to perform actions on your website. It achieves this by explicitly specifying valid Admin user ids in the wp-config.php file. Even if a hacker was able to create an Admin user for themselves, they won’t be able to perform any actions since their user id would not be in the valid user list. **Note:** This plugin requires some technical knowledge about how the WordPress wp-config.php file works and basic PHP coding. A single line of code needs to be added to the wp-config.php file. ## Capturas de pantalla * [[ * Admin users who attempt to perform admin actions will receive this error screen if their user id is not also in the allow list * [[ * A sample wp-config.php file with the allow list specified * [[ * An additional column in the User list page to conveniently find user ids ## Instalación 1. Note the user ids of authorized Admin users 2. Modify wp-config.php file and add the RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST constant with an appropriate array value of verified Admin users. For example, ` define( 'RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST', array( 5, 1, 13 ) );` 3. It is recommended to move this to the mu-plugins folder to prevent malicious scripts from trying to deactivate Restricted User Activity, in an attempt to bypass this security measure 4. Once the RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST constant has been properly set, the admin notices will disappear and the additional verification will be active ## FAQ ### Help, I have locked myself out of my website admin. How do I fix this? There are a few ways of resolving this scenario: * **Disable plugin**: From the web server file system, if you rename the plugin to something like ‘restricted-user-activity_off’ WordPress won’t recognize the plugin as being installed and won’t run the plugin. * **Remove variable**: If you remove or comment out the ‘RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST’ constant from wp-config.php you will be able to log in. * **Add your user id**: If you know your user id, you can add it to the ‘RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST’ constant in wp-config.php * **Ask another admin**: You can ask another verified admin to disable the plugin ### This seems like this would be a great plugin for every WordPress website. Are there any downsides to using this plugin? This plugin does require manual management of user id list in wp-config.php. It also requires some basic technical knowledge on how to modify the wp-config.php file. However, most websites only have a few admins and new admins are created infrequently. The extra management involved to provide additional security here will be minimally inconvenient in almost all cases. ### Does this plugin allow me to create admin users directly from the wp-config.php file? No, this just provides an extra step for verification. User ids of non existent users, or non admins will have no effect on the functionality. ### Why aren’t there any admin controls to manage the admin allow list? It is intended that users of this plugin has an appropriate level of technical knowledge, or works with someone (a web agency, freelancer, or internal IT department) that has this. An admin page which would allow non technical users to manage the list could create situations where they lock themselves or other admins out of the website. In order for the plugin to function it requires the technical ability and knowledge to modify the wp-config.php file in the first place (just an additional single line is needed). ### Where can I find the User IDs of my website’s valid Admin users? On the user list (/wp-admin/users.php) in the admin, you will see a new column in the user table indicating each user’s id. ### How do I get the admin notice to disappear? * The admin notice will appear until it detects the ‘RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST’ constant has been defined in the wp-config.php file with proper values. * If you are not interested or unable to set up Restricted User Activity, you can deactivate the plugin and the admin notices will disappear ### How can I edit my wp-config.php file to create the ‘RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST’ constant? Refer to documentation or support from your website hosting company to learn how this works. ### Can you give an example of what the RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST constant should look like? define( ‘RESTRICTED_USER_ACTIVITY_ADMIN_ALLOW_LIST’, array( 5, 1, 13 ) );. You will replace the array of admin user ids with the ids appropriate for your website. ## Reseñas No hay reseñas para este plugin. ## Colaboradores & Desarrolladores “Restricted User Activity” es software de código abierto. Las siguientes personas han contribuido a este plugin. Colaboradores * [ Steve Puddick ](https://profiles.wordpress.org/stevepuddick/) [Traduce “Restricted User Activity” a tu idioma.](https://translate.wordpress.org/projects/wp-plugins/restricted-user-activity) ### ¿Interesado en el desarrollo? [Revisa el código](https://plugins.trac.wordpress.org/browser/restricted-user-activity/), echa un vistazo al [repositorio SVN](https://plugins.svn.wordpress.org/restricted-user-activity/), o suscríbete al [registro de desarrollo](https://plugins.trac.wordpress.org/log/restricted-user-activity/) por [RSS](https://plugins.trac.wordpress.org/log/restricted-user-activity/?limit=100&mode=stop_on_copy&format=rss). ## Historial de cambios #### 1.0.0 * Initial release ## Meta * Versión **1.0.0** * Última actualización **hace 1 mes** * Instalaciones activas **Menos de 10** * Versión de WordPress ** 4.4 o superior ** * Probado hasta **6.9.4** * Versión de PHP ** 7.0 o superior ** * Idioma * [English (US)](https://wordpress.org/plugins/restricted-user-activity/) * Etiquetas * [access](https://cl.wordpress.org/plugins/tags/access/)[admin](https://cl.wordpress.org/plugins/tags/admin/) [security](https://cl.wordpress.org/plugins/tags/security/)[user](https://cl.wordpress.org/plugins/tags/user/) * [Vista Avanzada](https://cl.wordpress.org/plugins/restricted-user-activity/advanced/) ## Calificaciones Aún no se han enviado valoraciones. [Agregar mi reseña](https://wordpress.org/support/plugin/restricted-user-activity/reviews/#new-post) [Ver todas las reseñas](https://wordpress.org/support/plugin/restricted-user-activity/reviews/) ## Colaboradores * [ Steve Puddick ](https://profiles.wordpress.org/stevepuddick/) ## Soporte ¿Tienes algo que decir? ¿Necesitas ayuda? [Ver el foro de soporte](https://wordpress.org/support/plugin/restricted-user-activity/)