説明
このプラグインを利用すると、ボタンをクリックするだけで WordPress のアカウントを切り替えられるようになります。クリックすると直ちに目的のユーザーアカウントでログインし直します。異なるアカウントでログイン・ログアウトするテスト環境や、複数のアカウントを使い分ける必要がある管理者に便利なプラグインです。
機能
- スイッチユーザー: ユーザー画面で他のユーザーに瞬時に切り替えます。
- スイッチバック: 元のアカウントに瞬時に戻ります。
- スイッチオフ: ログアウトしますが、瞬時にログインし直せる状態にしておきます。
- Switching between users is secure (see the セキュリティー section below).
- Compatible with WordPress, WordPress Multisite, WooCommerce, BuddyPress, bbPress, and most two-factor authentication plugins.
セキュリティー
- Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.
- パスワードは表示されません (表示できません)。
- アカウントを切り替えたり戻ったりする際、WordPress の Cookie 認証システムを使用します。
- WordPress の nonce セキュリティ システムを実装しているので、切り替えようとしているユーザー以外の第三者が切り替え可能になることはありません。
- Full support for user session validation where appropriate.
- 管理画面での SSL 通信をフルサポート (SSL が有効な場合)
使い方
- WordPress の ユーザーメニューを開くと、各ユーザー名の下のアクションリストの中に切り替えるというリンクがあることがわかります。
- このリンクをクリックすると、直ちにそのユーザーアカウントに切り替わります。
- ダッシュボード画面や WordPress ツールバーのプロフィールメニューの○○に戻すリンクをクリックすれば、元のアカウントに戻ることができます。
スイッチオフ機能については、よくある質問 を参照してください。
Other Plugins
I maintain several other plugins for developers. Check them out:
- Query Monitor is the developer tools panel for WordPress
- WP Crontrol lets you view and control what’s happening in the WP-Cron system
Privacy Statement
User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, therefore their values contain the user’s user_login
field in plain text which should be treated as potentially personally identifiable information. The names of the cookies are:
wordpress_user_sw_{COOKIEHASH}
wordpress_user_sw_secure_{COOKIEHASH}
wordpress_user_sw_olduser_{COOKIEHASH}
User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.
See also the FAQ for some questions relating to privacy and safety when switching between users.
Ethical Open Source
User Switching is considered Ethical Open Source because it meets all of the criteria of The Ethical Source Definition (ESD):
- It benefits the commons.
- It is created in the open.
- Its community is welcoming and just.
- It puts accessibility first.
- It prioritizes user safety.
- It protects user privacy.
- It encourages fair compensation.
FAQ
-
Does this plugin work with PHP 8?
-
Yes.
-
「スイッチオフ」とはどういう意味ですか。
-
スイッチオフすると、現在のアカウントからログアウトしますが、ユーザー ID を認証 cookie に保存するので、手動でログインし直さなくてもログイン状態に戻れます。ユーザーを切り替えずに元のユーザーに戻るような動作です。
The Switch Off link can be found in your profile menu in the WordPress toolbar. Once you’ve switched off you’ll see a Switch back link on the Log In screen and in the footer of your site.
-
このプラグインは WordPress マルチサイトでも動作しますか。
-
はい。ネットワーク管理者のユーザー画面でユーザーを切り替えることもできます。
-
BuddyPress と一緒に使えますか ?
-
はい。メンバープロフィール画面やメンバーリスト画面でユーザーを切り替えることもできます。
-
bbPress と一緒に使えますか ?
-
はい。メンバープロフィール画面でユーザーを切り替えることもできます。
-
Does this plugin work with WooCommerce?
-
Yes. For maximum compatibility you should use WooCommerce version 3.6 or later.
-
2段階認証プラグインを使用しているサイトでも動作しますか?
-
はい、ほとんど動作します。
わかっている例外の一つは Duo Security です。このプラグインを使っている場合は、User Switching for Duo Security アドオンをインストールする必要があります。このアドオンは、ユーザー切り替えの際に2段階認証プロンプトが表示されるのを抑止します。
-
アカウントを切り替えるのに必要な権限は何ですか?
-
ユーザーアカウントを切り替えるには、
edit_users
権限が必要です。デフォルトでは、この権限があるのは管理者だけです。マルチサイトを有効化したサイトでは、特権管理者だけがこの権限を持ちます。 -
Can the ability to switch accounts be granted to other users or roles?
-
Yes. The
switch_users
meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have theedit_users
capability. For practical purposes, the user or role will also need thelist_users
capability so they can access the Users menu in the WordPress admin area. -
Can the ability to switch accounts be denied from users?
-
Yes. User capabilities in WordPress can be set to
false
to deny them from a user. Denying theswitch_users
capability prevents the user from switching users, even if they have theedit_users
capability.add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) { if ( 'switch_to_user' === $args[0] ) { if ( my_condition() ) { $allcaps['switch_users'] = false; } } return $allcaps; }, 9, 4 );
Note that this needs to happen before User Switching’s own capability filtering, hence the priority of
9
. -
Can I add a custom “Switch To” link to my own plugin or theme?
-
Yes. Use the
user_switching::maybe_switch_url()
method for this. It takes care of authentication and returns a nonce-protected URL for the current user to switch into the provided user account.if ( method_exists( 'user_switching', 'maybe_switch_url' ) ) { $url = user_switching::maybe_switch_url( $target_user ); if ( $url ) { printf( '<a href="%1$s">Switch to %2$s</a>', esc_url( $url ), esc_html( $target_user->display_name ) ); } }
This link also works for switching back to the original user, but if you want an explicit link for this you can use the following code:
if ( method_exists( 'user_switching', 'get_old_user' ) ) { $old_user = user_switching::get_old_user(); if ( $old_user ) { printf( '<a href="%1$s">Switch back to %2$s</a>', esc_url( user_switching::switch_back_url( $old_user ) ), esc_html( $old_user->display_name ) ); } }
-
Can I determine whether the current user switched into their account?
-
Yes. Use the
current_user_switched()
function for this.if ( function_exists( 'current_user_switched' ) ) { $switched_user = current_user_switched(); if ( $switched_user ) { // User is logged in and has switched into their account. // $switched_user is the WP_User object for their originating user. } }
-
Does this plugin allow a user to frame another user for an action?
-
Potentially yes, but User Switching includes some safety protections for this and there are further precautions you can take as a site administrator:
- User Switching stores the ID of the originating user in the new session for the user they switch to. Although this session does not persist by default when they subsequently switch back, there will be a record of this ID if your MySQL server has query logging enabled.
- User Switching stores the login name of the originating user in an authentication cookie (see the Privacy Statement for more information). If your server access logs store cookie data, there will be a record of this login name (along with the IP address) for each access request.
- You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.
- User Switching triggers an action when a user switches account, switches off, or switches back (see below). You can use these actions to perform additional logging for safety purposes depending on your requirements.
One or more of the above should allow you to correlate an action with the originating user when a user switches account, should you need to.
Bear in mind that even without the User Switching plugin in use, any user who has the ability to edit another user can still frame another user for an action by, for example, changing their password and manually logging into that account. If you are concerned about users abusing others, you should take great care when granting users administrative rights.
-
Can regular admins on Multisite installations switch accounts?
-
いいえ。User Switching for Regular Admins プラグインをインストールすれば可能になります。
-
Can I switch users directly from the admin toolbar?
-
Yes, there’s a third party add-on plugin for this: Admin Bar User Switching.
-
ユーザーがアカウントを切り替えるときに呼び出されるアクションはありますか?
-
Yes. When a user switches to another account, the
switch_to_user
hook is called:/** * Fires when a user switches to another user account. * * @since 0.6.0 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added. * * @param int $user_id The ID of the user being switched to. * @param int $old_user_id The ID of the user being switched from. * @param string $new_token The token of the session of the user being switched to. Can be an empty string * or a token for a session that may or may not still be valid. * @param string $old_token The token of the session of the user being switched from. */ do_action( 'switch_to_user', $user_id, $old_user_id, $new_token, $old_token );
When a user switches back to their originating account, the
switch_back_user
hook is called:/** * Fires when a user switches back to their originating account. * * @since 0.6.0 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added. * * @param int $user_id The ID of the user being switched back to. * @param int|false $old_user_id The ID of the user being switched from, or false if the user is switching back * after having been switched off. * @param string $new_token The token of the session of the user being switched to. Can be an empty string * or a token for a session that may or may not still be valid. * @param string $old_token The token of the session of the user being switched from. */ do_action( 'switch_back_user', $user_id, $old_user_id, $new_token, $old_token );
When a user switches off, the
switch_off_user
hook is called:/** * Fires when a user switches off. * * @since 0.6.0 * @since 1.4.0 The `$old_token` parameter was added. * * @param int $old_user_id The ID of the user switching off. * @param string $old_token The token of the session of the user switching off. */ do_action( 'switch_off_user', $old_user_id, $old_token );
In addition, User Switching respects the following filters from WordPress core when appropriate:
login_redirect
when switching to another user.logout_redirect
when switching off.
-
Do you accept donations?
-
I am accepting sponsorships via the GitHub Sponsors program and any support you can give will help me maintain this plugin and keep it free for everyone.
評価
貢献者と開発者
変更履歴
1.5.8
- Avoid a fatal if the
interim-login
query parameter is present on a page other than wp-login.php.
1.5.7
- Fix some issues that could lead to PHP errors given a malformed cookie.
- Fix documentation.
1.5.6
- Add a class to the table row on the user edit screen.
- Updated docs.
1.5.5
- Added the
user_switching_in_footer
filter to disable output in footer on front end. - Documentation additions and improvements.
1.5.4
- Fix a cookie issue caused by Jetpack 8.1.1 which prevented switching back to the original user.
1.5.3
- Remove usage of a method that’s been deprecated in WordPress 5.3
1.5.2
- Set the correct
lang
attribute on User Switching’s admin notice. - Move the WooCommerce session forgetting to an action callback so it can be unhooked if necessary.
1.5.1
- Add appropriate HTTP response codes to the error states.
- Display User Switching’s messages in the original user’s locale.
- Increase the priority of the hook that sets up the cookie constants. See #40.
- Don’t attempt to output the ‘Switch To’ link on author archives when the queried object isn’t a user. See #39.
1.5.0
- Add support for forgetting WooCommerce sessions when switching between users. Requires WooCommerce 3.6+.
1.4.2
- Don’t attempt to add the
Switch To
link to the admin toolbar when viewing an author archive in the admin area. This prevents a fatal error occurring when filtering custom post type listing screens by authors in the admin area.
1.4.1
- Add a
Switch To
link to the Edit User admin toolbar menu when viewing an author archive. - Add a
Switch back
link to the Edit User admin toolbar menu when viewing an author archive and you’re already switched.
1.4.0
- Add support for user session retention, reuse, and destruction when switching to and back from other user accounts.
- Add support for the
switch_users
meta capability for fine grained control over the ability to switch user accounts. - More code and documentation quality improvements.
1.3.1
- Add support for the
X-Redirect-By
header in WordPress 5.0. - Allow User Switching’s admin notices to be dismissed.
- Introduce a privacy statement.
1.3.0
- Update the BuddyPress compatibility.
- Various code and inline docs improvements.
1.2.0
- Improve the Switch Back functionality when the interim login window is shown.
- Always show the
Switch Back
link in the Meta widget if it’s present.
1.1.0
- Introduce a
user_switching_switched_message
filter to allow customisation of the message displayed to switched users in the admin area. - Switch to safe redirects for extra paranoid hardening.
- Docblock improvements.
- Coding standards improvements.
0.5.2
- Amin Ab によるペルシア語翻訳。
- Display switch back links in Network Admin and login screen.
- Avoid a BuddyPress bug preventing Switch To buttons from appearing.
0.5.1
- WordPress ツールバー 3.3 の調整。
0.5.1.1
- Sparanoidによる中国語翻訳。
0.5.1.2
- German translation by Ralph Stenzel.
0.5
- New “Switch off” function: Log out and log instantly back in again when needed (see the FAQ).
0.4.1
- Support for upcoming changes to the admin bar in WordPress 3.3.
0.4
- BuddyPress 向け拡張サポートを追加。
- マルチサイト向け拡張サポートを追加。
- Fix a permissions problem for users with no privileges.
- Fix a PHP warning when used as a mu-plugin (thanks Scribu).
0.3.2
- Fix the ‘Switch back to’ menu item in the WordPress admin bar (WordPress 3.1+).
- Fix a formatting issue on the user profile page.
0.3.1
- Prevent admins switching to multisite super admin accounts.
0.3
- Adds an admin bar menu item (WordPress 3.1+) for switching back to the user you switched from.
0.2.2
- Respect the current ‘Remember me’ setting when switching users.
- Redirect to home page instead of admin screen if the user you’re switching to has no privileges.
0.2.1
- Edge case bugfix to prevent ‘Switch back to…’ message appearing when it shouldn’t.
0.2
- Functionality for switching back to user you switched from.
0.1
- 最初のリリース。