FAIR

Federated and Independent Repositories

Login as User or Customer — User Switching

Plugin Banner

Login as User or Customer — User Switching

by wp-buy

Download
Description

Login as User or Customer is a powerful user switching plugin that lets admins and support staff instantly switch into any user account — without knowing their password. It’s the fastest way to see exactly what your customer sees, troubleshoot issues, and provide hands-on support directly from your WordPress dashboard.

WooCommerce store owners: This plugin is purpose-built for you. Switch to a customer from the Orders screen, manage their cart, and create orders on their behalf — ideal for phone orders and assisted sales. WooCommerce features require the Pro version.

Who is this for?

  • WooCommerce stores — assist customers with orders, cart issues, and account problems without asking for their password
  • Membership sites — verify what members see after logging in
  • Agencies & developers — test roles and permissions across any user account instantly
  • Support teams — reproduce customer-reported bugs in one click

Free Features

  • One-click user switching — switch to any non-admin account from the Users screen
  • Switch from user profile — Login As button on the Edit User screen
  • Go Back in one click — a persistent bar on the front end returns you to your original account instantly
  • No password needed — access any account without exposing credentials
  • Role-based access control — choose which roles are allowed to use the switch feature
  • 2FA compatible — works alongside most two-factor authentication plugins
  • Multisite compatible — works on WordPress network installations
  • Nonce-protected — every switch action is verified with a WordPress nonce
  • Secure session storage — switch state stored server-side using WordPress transients, not exposed cookies

Pro Features

  • WooCommerce Orders page — Login As button next to every order
  • WooCommerce Order detail — switch to the customer from the single order screen
  • Cart management — add, remove, and edit products in the customer’s cart
  • Create orders on behalf of customers — perfect for phone and assisted sales
  • Advanced role management — granular control over who can switch to whom
  • Custom redirect URL — choose where you land after switching
  • Activity log — track every switch action for auditing purposes
  • Shortcode support — place Login As buttons anywhere on your site

Upgrade to Pro

How It Works

  1. Go to Users in your WordPress admin
  2. Click Login as this user next to any non-admin account
  3. You are instantly switched into that account — no password required
  4. Browse the site as that user
  5. Click Go back in the bar at the bottom of the screen to return to your admin account

Security

Security is the foundation of this plugin. Every action is protected by multiple layers:

  • Nonce verification on every switch and return action
  • Capability checks — only users with edit_users, manage_options, or manage_woocommerce can switch
  • Admin account protection — switching into administrator accounts is blocked
  • Server-side session storage — switch state stored in WordPress transients with a 1-hour TTL that refreshes on every page load
  • HttpOnly + SameSite=Lax cookies — session tokens protected against XSS and CSRF
  • No data sharing — no data is sent to any external service

Security vulnerabilities are managed through the Patchstack Vulnerability Disclosure Program. All reported issues are reviewed, patched, and disclosed responsibly.

Privacy

This plugin does not send data to any third party, does not include any third-party resources, and never will.

The plugin uses a single browser cookie (loginas_session_token) to identify the current switch session. The cookie stores only a random 64-character token — no user data. The actual session data (user IDs) is stored server-side in WordPress transients.

Compatibility

  • WordPress 5.0+
  • WordPress Multisite
  • WooCommerce (Pro)
  • PHP 7.4, 8.0, 8.1, 8.2, 8.3
  • Compatible with most 2FA and security plugins

Security

This plugin is enrolled in the Patchstack Vulnerability Disclosure Program.

To report a security vulnerability, please use the Patchstack mVDP link above. Do not report security issues through the WordPress support forum.

From the WordPress dashboard:

  1. Go to Plugins Add New
  2. Search for Login as User or Customer
  3. Click Install Now then Activate
  4. Visit Login AS in the admin menu to configure settings

Manual installation:

  1. Download login-as-customer-or-user.zip
  2. Go to Plugins Add New Upload Plugin
  3. Upload the zip and click Activate Plugin
  1. Users page — Login As button next to each user

    Users page — Login As button next to each user

  2. WooCommerce orders page — Login As column (Pro)

    WooCommerce orders page — Login As column (Pro)

  3. Front-end notice bar — shown while switched into another account

    Front-end notice bar — shown while switched into another account

Who can switch user accounts?

Only users with the edit_users, manage_options, or manage_woocommerce capability. You can further restrict this to specific roles in the plugin settings under Login AS Settings.

Can I switch into an administrator account?

No. Switching into any account with administrator-level capabilities (edit_users or manage_options) is blocked for security reasons.

How do I switch back to my original account?

A bar appears at the bottom of the page while you are switched in. Click Go back to return to your original admin account instantly.

Does this work with WooCommerce?

Yes — WooCommerce features are available in the Pro version. This includes a Login As button on the orders list, a meta box on the single order screen, cart management, and the ability to create orders on behalf of customers.

Does this work with two-factor authentication (2FA)?

Yes. The plugin is compatible with most 2FA solutions. The 2FA prompt is bypassed when switching because you authenticate as the admin, not the target user.

Does this work on WordPress Multisite?

Yes. The plugin works on Multisite installations.

What happens if I close my browser while switched in?

The switch session is stored as a WordPress transient with a 1-hour TTL that refreshes on every page load. If the transient expires or is evicted from the cache, the session ends and you will be returned to a normal logged-out state. Simply log back into your admin account.

Does the plugin send any data externally?

No. The plugin does not send data to any third party, does not include any third-party resources, and does not use external APIs.

How can I report security bugs?

You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team help validate, triage and handle any security vulnerabilities. Report a security vulnerability.

waste of time and energy

By anjoid on November 17, 2023

would be nice if you include anything in the free version, scam.

Not Free

By churongcon on June 19, 2022

It's not free, limit first page, but easily to null and remove limited

Misleading

By zavakz on May 8, 2022

Plugin states "The ability to access any user account without having the user password (Just click the button Login as in the user’s list)" I wanted to use this to test out permissions for certain groups.. Well that turned out to be a big waste of time. Gotta upgrade to the "Pro" version to do the very thing this plugin is claiming to do.

no use of without paid version

By worldwidewebsolution.com on April 28, 2022

after intalling pluing, you will have to purchase inoder to do any thing. so its no of use as free, I uninstalled it within 2 minutes.

Not useful and misleading information

By miata2 on March 3, 2022

No, not this way, this is not a plugin, this is begging for money.

Its not free and also only allow to check 10 users

By Arul Prasad J (arulprasadj) on June 3, 2021

The description does not contain anything regarding paid version that needs to view all users or its free versions limitations.

Not free, not open source

By stieranka on April 7, 2021

For only max 10 users, it is joke!!!

Great Plugin

By srhog on March 30, 2021

Wanted to test it out with a customer who is having problems with his account but when I tried to use it it just said upgrade to pro. UPDATE: The trial lets you test the plugin with your last 10 customers. If you buy the Pro version it should be a very useful tool.

Only for 10 members

By whateverfree2 on February 4, 2021

This plugin display "Login as user" only for first 10 members in your site, more members require PRO version. In fact, it's not free They just do the trick to list it on the repository for free. It should get removed from here OR must tell us free for only 10 members in the plugin description. Too bad. If I can, will vote zero star instead of 1. Waste of my time to install and have clean the database too. I feel cheated DON'T WASTE YOUR TIME WITH THIS BAD PLUGIN

Really Good.

By kundan1489 on December 18, 2020

Thanks for your idea. I was searching for this type of plugin for 1 month and I have also tried to develop it by myself but unable to do so.

v 4.1.0

  • New: Redesigned settings page with modern UI
  • New: “Enable Plugin In” section — control where the Login As button appears (Users Page / User Profile Page)
  • New: User Profile Page now shows a Login As button directly on the Edit User screen

v 4.0.0

  • Fixed: “Go back” button failed for editors and non-admin roles — the capability check was incorrectly applied to the switched-in user instead of the original admin
  • Improved: Session TTL refreshes on every page load — session stays alive while user is active
  • Improved: Cookie domain now respects WordPress COOKIE_DOMAIN constant
  • Improved: Pro upgrade notice in WooCommerce uses a clear badge instead of a broken link
  • Improved: Review notice waits 7 days after activation before appearing

v 3.9.1

  • Security hardening for the user switching workflow
  • Removed insecure cookie/session-based account switching
  • Added nonce and capability checks for all switch and return actions
  • Restricted switching to non-privileged target accounts only
  • Implemented secure server-side session storage using WordPress transients
  • Added proper session cleanup on logout and switch-back

v 3.7

  • Removing unwanted images
  • Fixed return to admin function – hot fix 3

v 3.6

  • Fixed return to admin issue – hot fix 2

v 3.5

  • Fixed return to admin issue – hot fix
  • New responsive interface

v 3.3

  • Security bug fixes

v 3.2

  • Bug fixes and styling improvements

v 3.1

  • Updated tested up to

v 2.9

  • Bug fixing in users and orders page

v 2.8

  • Bug fixing in user switching with 2FA

v 2.7

  • Bug fixing in users page and WooCommerce orders page

v 2.6

  • Bug fixing in users page (remove limitation)
  • Adding new option — Go Back button position

v 2.5

  • Bug fixing in button position

v 2.4

  • Adding Spanish (Argentina) translation by Mr. gnukleo

v 2.3

  • Bug fixing in the WooCommerce cart

v 2.2

  • Enable plugin for Admin by default

v 2.1

  • Code fixes

v 1.9

  • Bug fixing in permissions — editor can no longer switch to admin
  • Bug fixing in plugin options Roles section

v 1.8

  • Bug fixing in the AJAX request

v 1.7

  • Change logout box location from top to left
  • Redirect admin to the correct page after logout

v 1.6

  • Adding wp-buy control panel page

v 1.5

  • Bug fixing in the orders page and users page

v 1.4

  • Bug fixing in CSS z-index issue

v 1.3

  • Adding Vote message

v 1.2

  • Bug fixes in the Login as user message

v 1.1

  • First beta release
Back to top