Hey friends! 👋
If you’re managing a WordPress site and care even a little bit about security, this one’s for you.
🔒 Why You Should Care About New Admin Users
In WordPress, users with the Administrator role have full control — they can install plugins, edit themes, delete content, change settings, and even remove other admins. 😳
So imagine someone adds a new admin without you knowing. That’s a big security risk.
✅ What We’re Going to Do
We’ll write a simple code snippet that sends an email notification every time:
-
A new user is registered as an Administrator
-
An existing user’s role is changed to Administrator
This is perfect for WordPress site owners, web developers, security-conscious admins, or even agencies managing client websites.
📜 Code to Send Email Alerts When a New Admin Is Added
Just copy this code and paste it into your theme’s functions.php file or create a mini plugin:
// Notify when a new admin is registered
function notify_on_new_admin_registration($user_id) {
$user = get_userdata($user_id);
if (in_array('administrator', (array) $user->roles)) {
send_admin_alert_email($user);
}
}
add_action('user_register', 'notify_on_new_admin_registration');
// Notify when an existing user's role is changed to admin
function notify_on_admin_role_change($user_id, $old_user_data) {
$user = get_userdata($user_id);
$old_roles = (array) $old_user_data->roles;
$new_roles = (array) $user->roles;
// If user wasn't an admin before, but now is
if (!in_array('administrator', $old_roles) && in_array('administrator', $new_roles)) {
send_admin_alert_email($user);
}
}
add_action('profile_update', 'notify_on_admin_role_change', 10, 2);
// Shared function to send email
function send_admin_alert_email($user) {
$to = 'test1@gmail.com, test2@gmail.com, test3@gmail.com';
$subject = 'Administrator Role Assigned';
$message = "A user has been assigned the Administrator role:\n\n";
$message .= "Username: " . $user->user_login . "\n";
$message .= "Email: " . $user->user_email . "\n";
$message .= "Updated: " . current_time('mysql');
wp_mail($to, $subject, $message);
}
📨 Who Gets the Email Notification?
Right now, the email goes to:
You can easily change or add more recipients — just edit the $to variable in the code.
⚠️ Bonus Tip: Make Sure WordPress Can Send Emails
Sometimes WordPress email notifications don’t work because your server blocks them or your emails land in spam. To fix this, I highly recommend using the WP Mail SMTP plugin. It connects your WordPress site to Gmail, Outlook, or any SMTP provider so emails send reliably.
🚀 Final Thoughts
This is a simple but powerful trick to keep your WordPress site secure. You’ll always know when a new admin is added — either during registration or by someone editing a user.
No more surprises. No more silent admin access.
Let me know if you want me to turn this into a small plugin for your site. Happy coding! 👨💻✨