User Switching

Beschreibung

This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You’ll be instantly logged out and logged in as your desired user. This is handy for for helping customers on WooCommerce sites, membership sites, testing environments, or for any site where administrators need to switch between multiple accounts.

Funktionen

  • Benutzerwechsel: Wechsle sofort zu einem beliebigen Benutzerkonto unter Benutzer.
  • Zurückwechseln: wechsle sofort wieder zu deinem ursprünglichen Benutzerkonto zurück.
  • Abmeldung simulieren: Melde dich von deinem Benutzerkonto ab, aber erhalte dir die Möglichkeit, dich sofort wieder anzumelden.
  • Kompatibel mit Multisite, WooCommerce, BuddyPress und bbPress.
  • Compatible with most membership and user management plugins.
  • Compatible with most two-factor authentication solutions (see the FAQ for more info).
  • Approved for use on enterprise-grade WordPress platforms such as Altis and WordPress VIP.

Note: User Switching supports versions of WordPress up to three years old, and PHP version 7.4 or higher.

Sicherheit

  • Nur Benutzer mit der Berechtigung, andere Benutzer zu ändern, können zwischen den Accounts wechseln. Standardmäßig sind dies nur Administratoren in Einzelinstallationen und Superadmins in Netzwerkinstallationen.
  • Passworte werden nicht (und können nicht) angezeigt werden.
  • Benutzt die Cookie-Authentifizierung in WordPress während es sich die Benutzerkonten / das Benutzerkonto merkt, zu dem zu gewechselt hast wenn du zurück wechselst.
  • Implementiert das Nonce-Sicherheitssystem in WordPress, das bedeutet, dass nur die die es ausdrücklich vorhaben zu einem anderen Benutzerkonto zu wechseln das auch tun.
  • Full support for user session validation where appropriate.
  • Volle Unterstützung für HTTPS.
  • Backed by the Patchstack Vulnerability Disclosure Program

Nutzung

  1. Gehe zum Benutzer Menü in WordPress und du wirst einen Wechsel zu Link in der Liste der Aktionslinks für jeden Benutzer finden.
  2. Klick hier und du wirst sofort zu diesem Benutzerkonto wechseln.
  3. Du kannst zu deinem ursprünglichen Benutzerkonto zurückwechseln über den Zurückwechseln Link auf jeder Dashboardansicht oder unter Dein Profil in der WordPress Werkzeugleiste.

Unter häufig gestellte Fragen findest du mehr Infos über die Funktion Abmeldung simulieren.

Andere Plugins

Ich pflege mehrere andere Plugins für Entwickler. Probiere sie aus:

  • Query Monitor is the developer tools panel for WordPress
  • WP Crontrol lets you view and control what’s happening in the WP-Cron system

Datenschutzerklärung

User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, which means their values contain the user’s user_login field in plain text which should be treated as potentially personally identifiable information (PII) for privacy and regulatory reasons (GDPR, CCPA, etc). The names of the cookies are:

  • wordpress_user_sw_{COOKIEHASH}
  • wordpress_user_sw_secure_{COOKIEHASH}
  • wordpress_user_sw_olduser_{COOKIEHASH}

User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.

See also the FAQ for some questions relating to privacy and safety when switching between users.

Erklärung zur Barrierefreiheit

User Switching aims to be fully accessible to all of its users. It implements best practices for web accessibility, outputs semantic and structured markup, adheres to the default styles and accessibility guidelines of WordPress, uses the accessibility APIs provided by WordPress and web browsers where appropriate, and is fully accessible via keyboard.

User Switching should adhere to Web Content Accessibility Guidelines (WCAG) 2.0 at level AA when used with a recent version of WordPress where its admin area itself adheres to these guidelines. If you’ve experienced or identified an accessibility issue in User Switching, please open a thread in the User Switching plugin support forum and I’ll address it swiftly.

Screenshots

  • Der Link für den Benutzerwechsel in der Benutzerliste
  • Der Link für den Benutzerwechsel innerhalb des Benutzerprofils

FAQ

Funktioniert dieses Plugin mit PHP 8?

Yes, it’s actively tested and working up to PHP 8.4.

Was bedeutet „Abmeldung simulieren“?

„Abmeldung simulieren“ meldet dich von WordPress ab, aber behält deine Benutzer-ID in einem Authentifizierungs-Cookie damit du auf Knopfdruck wieder zurückwechseln kannst, ohne dich richtig einloggen zu müssen. Es simuliert eine Abmeldung zum Status „nicht angemeldet“, kann aber rückgängig gemacht werden.

The Switch Off link can be found in your profile menu in the WordPress toolbar. Once you’ve switched off you’ll see a Switch back link in a few places:

  • In the footer of your site
  • On the Log In screen
  • In the „Meta“ widget

Funktioniert dieses Plugin mit WordPress Multisite?

Ja, und du wirst auch aus der Benutzer-Übersicht in der Netzwerkverwaltung zu Benutzern wechseln können.

Funktioniert dieses Plugin mit WooCommerce?

Yes, and you’ll also be able to switch users from various WooCommerce administration screens while logged in as a Shop Manager or an administrative user.

Funktioniert dieses Plugin zusammen mit BuddyPress?

Ja, und du kannst Benutzer auch von der Ansicht des Benutzerprofils und der Mitgliederauflistung wechseln.

Funktioniert dieses Plugin zusammen mit bbPress?

Ja, und du kannst auch Benutzer vom Mitgliederprofil-Bereich wechseln.

Funktioniert dieses Plugin, wenn meine Webseite eine Zwei-Faktor-Authentifizierung benutzt?

Ja, meistens.

Eine Ausnahme die mir bekannst ist, ist Duo Security. Wenn du das Plugin benutzt, solltest du das User Switching für Duo Security Add-on Plugin installieren, welches den Dialog der Zwei-Faktoren-Authentifizierung verhindert, wenn du zwischen Benutzern wechselst.

Welche Berechtigungen braucht ein Benutzer um Nutzerkonten wechseln zu können?

Ein Benutzer benötigt die edit_users Fähigkeit um Benutzerkonten zu wechseln. Standardmäßig haben nur Administratoren diese Fähigkeit, und mit Multisite aktiviert haben nur Super Admins diese Fähigkeit.

Specifically, a user needs the ability to edit the target user in order to switch to them. This means if you have custom user capability mapping in place which uses the edit_users or edit_user capabilities to affect ability of users to edit others, then User Switching should respect that.

Können normale Administratoren Nutzerkonten in einer Multisite-Umgebung wechseln?

Nein. Allerdings kann dies durch Installation des Plugins User Switching for Regular Admins ermöglicht werden.

Kann die Berechtigung für einen Benutzerwechsel auch anderen Benutzern oder Rollen zugewiesen werden?

Yes. The switch_users meta capability can be explicitly granted to a user or a role to allow them to switch users regardless of whether or not they have the edit_users capability. For practical purposes, the user or role will also need the list_users capability so they can access the Users menu in the WordPress admin area.

add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) {
    if ( 'switch_to_user' === $args[0] ) {
        if ( my_condition( $user ) ) {
            $allcaps['switch_users'] = true;
        }
    }
    return $allcaps;
}, 9, 4 );

Note that this needs to happen before User Switching’s own capability filtering, hence the priority of 9.

Can the ability to switch accounts be denied from users?

Yes. User capabilities in WordPress can be set to false to deny them from a user. Denying the switch_users capability prevents the user from switching users, even if they have the edit_users capability.

add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $user ) {
    if ( 'switch_to_user' === $args[0] ) {
        if ( my_condition( $user ) ) {
            $allcaps['switch_users'] = false;
        }
    }
    return $allcaps;
}, 9, 4 );

Hinweise:

  • This needs to happen before User Switching’s own capability filtering, hence the priority of 9.
  • The ID of the target user can be found in $args[2].

Can I add a custom „Switch To“ link to my own plugin or theme?

Ja. Verwende dazu die Methode user_switching::maybe_switch_url(). Diese kümmert sich um die Authentifizierung und gibt eine nonce-geschützte URL zurück, mit der der aktuelle Benutzer in das angegebene Benutzerkonto wechseln kann.

if ( method_exists( 'user_switching', 'maybe_switch_url' ) ) {
    $url = user_switching::maybe_switch_url( $target_user );
    if ( $url ) {
        printf(
            '<a href="%1$s">Switch to %2$s</a>',
            esc_url( $url ),
            esc_html( $target_user->display_name )
        );
    }
}

If you want to specify the URL that the user gets redirected to after switching, add a redirect_to parameter to the URL like so:

if ( method_exists( 'user_switching', 'maybe_switch_url' ) ) {
    $url = user_switching::maybe_switch_url( $target_user );
    if ( $url ) {
        // Redirect to the home page after switching:
        $redirect_to = home_url();
        printf(
            '<a href="%1$s">Switch to %2$s</a>',
            esc_url( add_query_arg(
                'redirect_to',
                rawurlencode( $redirect_to ),
                $url
            ) ),
            esc_html( $target_user->display_name )
        );
    }
}

The above code also works for displaying a link to switch back to the original user, but if you want an explicit link for this you can use the following code:

if ( method_exists( 'user_switching', 'get_old_user' ) ) {
    $old_user = user_switching::get_old_user();
    if ( $old_user ) {
        printf(
            '<a href="%1$s">Switch back to %2$s</a>',
            esc_url( user_switching::switch_back_url( $old_user ) ),
            esc_html( $old_user->display_name )
        );
    }
}

Can I determine whether the current user switched into their account?

Yes. Use the current_user_switched() function for this. If the current user switched into their account from another then it returns a WP_User object for their originating user, otherwise it returns false.

if ( function_exists( 'current_user_switched' ) ) {
    $switched_user = current_user_switched();
    if ( $switched_user ) {
        // User is logged in and has switched into their account.
        // $switched_user is the WP_User object for their originating user.
    }
}

Can I log each time a user switches to another account?

You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.

Does this plugin allow a user to frame another user for an action?

Potentially yes, but User Switching includes some safety protections for this and there are further precautions you can take as a site administrator:

  • You can install an audit trail plugin such as Simple History, WP Activity Log, or Stream, all of which have built-in support for User Switching and all of which log an entry when a user switches into another account.
  • User Switching stores the ID of the originating user in the new WordPress user session for the user they switch to. Although this session does not persist by default when they subsequently switch back, there will be a record of this ID if your database server has query logging enabled.
  • User Switching stores the login name of the originating user in an authentication cookie (see the Privacy Statement for more information). If your server access logs store cookie data, there will be a record of this login name (along with the IP address) for each access request.
  • User Switching triggers an action when a user switches account, switches off, or switches back (see below). You can use these actions to perform additional logging for safety purposes depending on your requirements.

One or more of the above should allow you to correlate an action with the originating user when a user switches account, should you need to.

Bear in mind that even without the User Switching plugin in use, any user who has the ability to edit another user can still frame another user for an action by, for example, changing their password and manually logging into that account. If you are concerned about users abusing others, you should take great care when granting users administrative rights.

Does this plugin warn me if I attempt to switch into an account which somebody else is already switched into?

Yes. When this happens you’ll be shown a prompt asking you to confirm that you would like to continue switching to the affected account.

This feature is useful if you have multiple users on your site who may be switching into other user accounts at the same time, for example a team of support agents.

Kann ich direkt aus der Adminleiste zu anderen Benutzern wechseln?

Ja, dafür gibt es ein Plugin eines Drittanbieters Admin Bar User Switching.

Werden beim Wechsel von Nutzerkonten irgendwelche Plugin-Aktionen aufgerufen?

Ja. Sobald jemand zu einem anderen Account wechselt, wird der Hook switch_to_user aufgerufen:

/**
 * Fires when a user switches to another user account.
 *
 * @since 0.6.0
 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added.
 *
 * @param int    $user_id     The ID of the user being switched to.
 * @param int    $old_user_id The ID of the user being switched from.
 * @param string $new_token   The token of the session of the user being switched to. Can be an empty string
 *                            or a token for a session that may or may not still be valid.
 * @param string $old_token   The token of the session of the user being switched from.
 */
do_action( 'switch_to_user', $user_id, $old_user_id, $new_token, $old_token );

Wenn jemand zum ursprünglichen Account zurückwechselt, wird der Hook switch_back_user aufgerufen:

/**
 * Fires when a user switches back to their originating account.
 *
 * @since 0.6.0
 * @since 1.4.0 The `$new_token` and `$old_token` parameters were added.
 *
 * @param int       $user_id     The ID of the user being switched back to.
 * @param int|false $old_user_id The ID of the user being switched from, or false if the user is switching back
 *                               after having been switched off.
 * @param string    $new_token   The token of the session of the user being switched to. Can be an empty string
 *                               or a token for a session that may or may not still be valid.
 * @param string    $old_token   The token of the session of the user being switched from.
 */
do_action( 'switch_back_user', $user_id, $old_user_id, $new_token, $old_token );

Wenn ein Benutzer die Abmeldung simuliert, wird der Hook switch_off_user aufgerufen:

/**
 * Fires when a user switches off.
 *
 * @since 0.6.0
 * @since 1.4.0 The `$old_token` parameter was added.
 *
 * @param int    $old_user_id The ID of the user switching off.
 * @param string $old_token   The token of the session of the user switching off.
 */
do_action( 'switch_off_user', $old_user_id, $old_token );

When a user switches to another account, switches off, or switches back, the user_switching_redirect_to filter is applied to the location that they get redirected to:

/**
 * Filters the redirect location after a user switches to another account or switches off.
 *
 * @since 1.7.0
 *
 * @param string       $redirect_to   The target redirect location, or an empty string if none is specified.
 * @param string|null  $redirect_type The redirect type, see the `user_switching::REDIRECT_*` constants.
 * @param WP_User|null $new_user      The user being switched to, or null if there is none.
 * @param WP_User|null $old_user      The user being switched from, or null if there is none.
 */
return apply_filters( 'user_switching_redirect_to', $redirect_to, $redirect_type, $new_user, $old_user );

In addition, User Switching respects the following filters from WordPress core when appropriate:

  • login_redirect beim Wechsel zu einem anderen Benutzer.
  • logout_redirect beim Simulieren der Abmeldung.

How can I report a security bug?

You can report security bugs through the official User Switching Vulnerability Disclosure Program on Patchstack. The Patchstack team helps validate, triage, and handle any security vulnerabilities.

Akzeptierst du Spenden?

I am accepting sponsorships via the GitHub Sponsors program and any support you can give will help me maintain this plugin and keep it free for everyone.

Rezensionen

6. Dezember 2024
I integrate this plugin with BuddyBoss, WooCommerce, and some of my custom dashboards. It’s a very handy plugin and has saved me a lot of time by providing features that I would otherwise have to develop from scratch.
10. November 2024
Very happy with this plugin! It’s simple to use and works flawlessly, making my tasks easier and more efficient.
10. November 2024
I’m very pleased with how this plugin works! It’s easy to set up, runs smoothly, and delivers exactly what it promises. The functionality has been reliable, with no issues or glitches so far. It’s become an essential part of my workflow – highly recommended!
21. Oktober 2024
An excellent plugin which is very easy to use and a must for sites with multiple types of users when you need to test things. Well written too and good for developers to work with if needed. Highly recommended.
19. September 2024
I can’t praise this plugin enough. It’s an invaluable tool for admins, used for everything from troubleshooting to placing orders in a customer’s name. Huge thanks to the plugin author for creating such a useful tool for the community. NOTE: I have not used this plugin with Cloudflare. Some users report ‚bad gateway‘ error.
Alle 235 Rezensionen lesen

Mitwirkende & Entwickler

„User Switching“ ist Open-Source-Software. Folgende Menschen haben an diesem Plugin mitgewirkt:

Mitwirkende

„User Switching“ wurde in 48 Sprachen übersetzt. Danke an die Übersetzerinnen und Übersetzer für ihre Mitwirkung.

Übersetze „User Switching“ in deine Sprache.

Interessiert an der Entwicklung?

Durchstöbere den Code, sieh dir das SVN Repository an oder abonniere das Entwicklungsprotokoll per RSS.

Änderungsprotokoll

1.9.1 (5 December 2024)

  • Fixes the wp_login and wp_logout parameter usage which could cause a fatal error when passed an unexpected value.

1.9.0 (21 November 2024)

  • Introduces a confirmation message when a user attempts to switch into an account which somebody else is already switched into. Helpful for teams of support engineers who switch into customer accounts.
  • Confirms support for WordPress 6.7.
  • Confirms support for PHP 8.4.
  • Various code quality improvements.

1.8.0 (22 July 2024)

  • Adds a ‚Switch back‘ link to some access denied messages within the admin area.
  • Confirms support for WordPress 6.6.

1.7.3 (21 February 2024)

  • Confirms support for PHP 8.3
  • Fixes compatibility with BuddyPress version 12
  • Adds configuration for the Live Preview feature on wordpress.org

1.7.2 (16 November 2023)

  • Confirm support for WordPress 6.4
  • Reinstate the missing plugin readme file

1.7.1 (16 November 2023)

  • Fix the redirect type parameter passed to the user_switching_redirect_to filter
  • Increase the minimum supported version of PHP to 7.4

1.7.0 (30 July 2022)

  • Redirect to the current post, term, user, or comment being edited when switching off
  • Clean up some user-facing messages
  • Apply basic styling to the Switch Back link that appears in the footer
  • Use a better placement for the Switch To menu on bbPress profiles
  • Use a more appropriate HTTP response code if switching off fails
  • Exclude .editorconfig from dist ZIP

1.6.0 (24 June 2022)

  • Add a ‚Switch To‘ link to the order screen in WooCommerce
  • Add a ‚Switch back‘ link to the My Account screen and the login screen in WooCommerce

1.5.8 (2 October 2021)

  • Avoid a fatal if the interim-login query parameter is present on a page other than wp-login.php.

1.5.7 (12 May 2021)

  • Fix some issues that could lead to PHP errors given a malformed cookie.
  • Fix documentation.

Earlier versions

For the changelog of earlier versions, please refer to the releases page on GitHub.