Hide super admin or admin from user list?

Hi Guys,
is it possible to hide the super admin or admin from the user list?

I searched the threads and bing and only found this one piece of info.
Is this safe? Potentially harmful?

Still it is at best only for admin.

Thanks for all.

  • Richard

    Hi Vaughan,
    The extent of my php so far is to be able to replace code and follow instructions on how to change things. I can't read or write but can cut and paste. So far. Am learning.
    From what I see, I replace pre_ with wp_ and the yoursite with my domain? Does that include .tdl/.net?
    I can add it to my function.php and all is well?
    I know the first rule of code club. Back Up, Back Up, Back Up. :slight_smile:

    I assume this will take care of Super Admin?

    Thanks for your time and troubles.

  • aecnu

    Greetings Richard,

    Concerning this item it is inconsequential for the most part and the other site admins can even delete your admin in their site and you as the Super Admin can still have access and full control of the site.

    Indeed looking at the code that Vaughan kindly pointed out, it can be pretty challenging to support other peoples work though we do try to help if we can.

    A coder would need to go over this code to give a spot on answer to this which is beyond the scope of the support we provide here but that code is very aging and referencing versions of WordPress long past release.

    But once again the issue is inconsequential and I was personally in on the test to find out if it was :slight_smile:

    Thank you for being a WPMU DEV Community Member!

    Cheers, Joe

  • Terence

    Whoa... hold on their mes amis!

    There IS an issue here and I hope you won't think I am trying to divert this thread in order to discuss it, and ask your advice.

    One of the primary security measures you must take ~ we are told ~ is to ensure that we make it as hard as possible for the hackers, and that often starts with changing the admin name to something like "£7fIB*%wel1weLlwe||", or something equally un-brute-force-able.

    So what good is if, for example, other users can see the login name in the post meta (always a bad idea to post as an "admin"), and what about all the plugins that use the username and display it, those that create and publish the sitemap.xml for example?

    Surely there is good cause here to publish some kind of obfuscatory plugin or snipit that will create a faux Super Admin name like "Rodney123" plus a faux first, last and nickname, and so not draw other people's attention to the login name that will give them just as much chance of hacking your site had you left it as "admin"?


  • Vaughan


    the login name could probably be got using other methods.

    sure it's an inconvenience, but changing the login name will give you a false sense of security & isn't reliable anyway. personally i would get rid of usernames entirely & just use email address as login.

    if your password is long enough (by that i mean a absolute minimum of 12 characters & complicated enough (ie. it uses random letters, characters, numbers & not simply words or phrases) then brute-forcing isn't an issue anyway because an online brute-force of 12 characters of randomness is still going to take years even with a vast array of Titan GPU's working on it, due to the speed of the inet & so on.

    usually it's the weak password that is the key. not the fact the login name was known.

    then there's other methods such as SQL Injection, XSS, CRSF & so on.

    even changing your DB prefix won't help prevent SQL injection if a hacker discovers an entry point.

    a specially crafted UNION query could reveal the paths & DB prefix by deliberately causing a system error which would then display the DB prefix.

    but once they have access to the DB, there's nothing you can do to stop them.

    btw you can also create a new super-admin account on the network with any name you require, then login with that new account & change your other account to just a normal admin.

    there is nothing preventing you from doing that.

    hope this helps.

  • Greg

    Add this to the last line of the Functions.php you will see replace_user - put your username here. this will remove you from the user admin list.

    function yoursite_pre_user_query($user_search) {
    global $current_user;
    $username = $current_user->user_login;

    global $wpdb;
    $user_search->query_where = str_replace('WHERE 1=1',
    "WHERE 1=1 AND {$wpdb->users}.user_login != 'replace_user'",$user_search->query_where);


    function hide_user_count(){
    .wp-admin.users-php span.count {display: none;}


    /* ------------------------------------------------------------------------ */
    /* ------------------------------------------------------------------------ */