dknauss

dknauss / wp-sudo

Public

Sudo for WordPress! 🥪 Risky actions — activating plugins, deleting users, changing key settings — are gated by a required reauthentication step, regardless of user role. Time-bounded sessions, 2FA support, rate limiting, and configurable policies for REST, WP-CLI, Cron, WPGraphQL, & XML-RPC. No role escalation, no new permissions — just a gate. ⛩️

github.comdknausswp-sudo access-control principle-of-least-privilege sudo wordpress-admin-backend wordpress-admin-panel
34
2
100% credibility
Found Feb 17, 2026 at 21 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
PHP
AI Summary

WP Sudo adds a reauthentication step requiring password confirmation for dangerous WordPress admin actions like activating plugins or deleting users, regardless of user role.

How It Works

1
🔍 Discover extra safety for your site

You're running a WordPress site and want to stop accidents or sneaky changes, so you find WP Sudo, a helpful guard that double-checks big moves.

2
⬇️ Add the safety guard

Download and turn on WP Sudo from your site's add-ons area, just like any other helpful tool.

3
⚙️ Choose your guard settings

Pick how long your special access pass lasts after checking in, and lock down automatic tools if you want.

4
🛡️ Try a big change and get challenged

When you go to switch designs, add tools, or delete users, a friendly screen pops up asking you to prove it's really you by entering your password.

5
🔑 Confirm with your password

Type your password – and an extra code from your phone if you have that setup – to unlock your special access.

Safely make changes with a timer

A green countdown clock appears at the top, letting you do your important work securely until time's up, keeping your site safe from mistakes or intruders.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 21 to 34 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is wp-sudo?

wp-sudo is a PHP WordPress plugin that gates dangerous admin actions—like activating plugins, deleting users, or tweaking site URLs—behind a reauthentication step with password and optional 2FA, no matter your role. It enforces zero-trust by stashing requests, replaying them post-challenge, and using time-bound sessions across admin UI, AJAX, REST, WP-CLI, Cron, and XML-RPC. Like the github sudo project ported to WP, it blocks ops on compromised sessions without role hacks.

Why is it gaining traction?

Zero-trust reauth hits every surface with granular policies (disable CLI entirely or just gate risky calls), plus admin bar timers, Cmd+Shift+S shortcuts, and audit hooks for logging plugins. Stands out from basic auth plugins by binding sessions to browsers, supporting Two Factor TOTP/email codes, and self-protecting its own settings. Devs dig the MU-plugin for early loading and seamless github sudo actions in CI.

Who should use this?

Multisite super admins hardening network ops, agencies with shared logins fighting insider risks, or WP-CLI heavy teams (sudo github termux, sudo github actions) needing policy-locked installs. Perfect for sudo apt install wordpress workflows where even admins need gates before sudo mv wordpress /* or plugin nukes.

Verdict

Test on staging—19 stars, 1.0% credibility score, and "exploratory, not production-ready" warning mean it's feature-packed (300+ tests, WCAG AA UX) but unproven at scale. Solid docs make it low-risk to eval for sudo nano wp config php paranoia.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.