https://adminlocks.com/

# AdminLocks

> AdminLocks is a WordPress plugin that gives agencies total control over what clients can do in wp-admin. It combines policy enforcement, a branded client portal, automatic snapshots, one-click rollback, and audit logging into one lightweight plugin.

## Who it is for

AdminLocks is built for WordPress agencies and freelancers who manage client sites and need to prevent accidental or unauthorized changes to plugins, themes, settings, and WooCommerce stores.

## Core pages

- [Homepage](https://adminlocks.com/) - Product overview, key stats, and FAQ
- [Features](https://adminlocks.com/features/) - Four modules: Policy Engine, Client Portal, Safety Net, Audit + Approvals
- [Pricing](https://adminlocks.com/pricing/) - Lite (free), Starter ($19/mo), Agency ($49/mo), Studio ($99/mo), Enterprise (custom)
- [Install](https://adminlocks.com/install/) - Step-by-step installation via WordPress.org or manual upload
- [Security](https://adminlocks.com/security/) - Zero trust architecture, data handling, encryption, responsible disclosure
- [Docs](https://adminlocks.com/docs/) - Full documentation: installation, configuration, API reference, troubleshooting
- [Changelog](https://adminlocks.com/changelog/) - Release history starting v1.0.0 (March 2026)

## Key capabilities

- Policy Engine: 6 pre-built lockdown templates deployable in 30 seconds; custom policies via screen gating, capability filtering, and REST API route blocking
- Client Portal: Branded workspace replacing wp-admin for clients; change request system; temporary access elevation with auto-expiry
- Safety Net: Automatic snapshots before any change; one-click rollback of plugins, themes, widgets, and settings
- Audit + Approvals: Forensic audit log; approval gates for risky operations; webhook notifications for policy violations
- Multisite support: Network-activate with global policies and per-site overrides
- White-labeling: Available on Agency plans and above

## Pricing summary

- Lite: Free forever, 1 site, basic policies, 14-day audit log
- Starter: $19/mo, up to 5 sites, full policy engine, snapshots, rollback, 90-day audit trail
- Agency: $49/mo, up to 25 sites, white-labeling, advanced policies
- Studio: $99/mo, up to 100 sites, full white-labeling including plugin name
- Enterprise: Custom pricing, 100+ sites

## System requirements

WordPress 6.0+, PHP 7.4+ (8.0+ recommended), MySQL 5.7+ or MariaDB 10.3+, 64 MB PHP memory minimum

# AdminLocks - Full Content Reference

## What is AdminLocks?

AdminLocks is a WordPress plugin designed for agencies and freelancers who manage client WordPress sites. It prevents clients from accidentally or intentionally breaking sites by restricting what they can access and do inside wp-admin. It combines four modules: a Policy Engine, a Client Portal, a Safety Net (snapshots and rollback), and an Audit + Approvals system.

AdminLocks is available as a free Lite plugin on WordPress.org and as paid Cloud plans starting at $19/month.

## The problem it solves

WordPress agencies routinely lose billable hours to client-caused site damage. Common incidents include: a client deactivating WooCommerce during peak hours, a theme experiment wiping custom CSS, a permalink change tanking SEO rankings, or a cleanup attempt deleting a lead generation page. AdminLocks blocks these actions before they happen and provides one-click recovery when they do.

## Module 1: Policy Engine

The Policy Engine defines exactly what clients can and cannot do in wp-admin. It uses three enforcement mechanisms: screen gating (hides entire admin pages from non-admin roles), capability filtering (removes dangerous WordPress capabilities from roles), and REST API route blocking (prevents headless exploits via the WordPress REST API).

Six pre-built policy templates are included and can be deployed in 30 seconds:

- Brochure Safe: Pages and media only. No plugins, no settings.
- Builder Safe: Full page builder access with locked backend.
- WooCommerce Restricted: Products and orders only. No store settings.
- SEO Collaboration: Content plus Yoast/RankMath. No code access.
- Blog Team: Posts, categories, and media. Nothing else.
- Maintenance Client: Read-only dashboard. Change requests only.

Custom policies can be built from scratch and exported or imported as JSON. Temporary access elevation lets agencies grant full or partial access for 1 hour to 7 days, with automatic revocation when the window expires.

## Module 2: Client Portal

The Client Portal replaces the default wp-admin dashboard with a clean, policy-aware workspace designed for clients. Clients see only what they are allowed to touch. A change request system lets clients submit requests for actions outside their policy, which the agency can approve or deny. The portal is white-labeled on Agency plans and above.

## Module 3: Safety Net

The Safety Net module takes automatic snapshots of key WordPress state before any change: active plugins, theme assignments, widget configurations, and core settings. If a client or update causes damage, one-click rollback restores the previous state instantly. Cloud plans sync encrypted snapshots to AdminLocks servers for off-site backup.

## Module 4: Audit + Approvals

The Audit + Approvals module maintains a forensic log of every action taken in wp-admin. The Lite plan retains 14 days of logs. Cloud plans retain unlimited history. Approval gates require agency sign-off before risky operations execute. Webhook notifications alert the agency in real time when a policy violation is attempted.

## Security architecture

AdminLocks is built on four security principles: zero trust (deny by default, allow explicitly), data minimization (no telemetry, no phone-home, retention in agency hands), defense in depth (input validation, capability checks, encryption, and audit logging working together), and transparency (open-source Lite plugin, public changelog, responsible disclosure program).

## Pricing

- Lite: Free forever. 1 site. Dashboard replacement, basic policies (2 templates), 14-day audit log, basic client portal.
- Starter: $19/month. Up to 5 sites. Full policy engine, all templates, snapshots, rollback, 90-day audit trail.
- Agency: $49/month. Up to 25 sites. White-labeling for client portal, advanced policies, priority support.
- Studio: $99/month. Up to 100 sites. Full white-labeling including plugin name, branding, and maintenance reports.
- Enterprise: Custom pricing. 100+ sites. Custom SLA, dedicated support, custom integrations.

Annual billing saves the equivalent of 2 months.

## Compatibility

AdminLocks is tested with Elementor, Beaver Builder, Divi, Bricks, Oxygen, and Gutenberg. It supports WordPress Multisite with network activation, global policies, and per-site overrides. Compatible with WordPress 6.0+ and PHP 7.4+.

## Frequently asked questions

Q: What happens when AdminLocks is activated?
A: AdminLocks immediately applies a default safe policy that hides dangerous admin screens from non-administrator roles. You can then customize policies per role or use one of the 6 pre-built templates.

Q: Can I grant temporary access to a client?
A: Yes. The Temp Access Elevation feature lets you grant full or partial access for a set duration (1 hour to 7 days). Access is automatically revoked when the window expires.

Q: What if I get locked out?
A: AdminLocks provides three break-glass recovery methods: a wp-config.php constant, a signed recovery URL, and a WP-CLI command. You can never be permanently locked out.

Q: Does AdminLocks work with page builders?
A: Yes. AdminLocks is tested with Elementor, Beaver Builder, Divi, Bricks, Oxygen, and Gutenberg. The Builder Safe template is specifically designed for page-builder workflows.

Q: Is client data safe?
A: AdminLocks stores all policy and audit data in your own WordPress database. Cloud plans sync encrypted snapshots to AdminLocks servers for backup purposes only. You own your data.

Q: Does AdminLocks support WordPress Multisite?
A: Yes. AdminLocks can be network-activated on Multisite installations. Network admins can set global policies while allowing per-site overrides.

Q: Can I white-label AdminLocks?
A: Agency plans and above include white-labeling for the client portal. Studio and Enterprise plans allow full white-labeling including plugin name, branding, and maintenance reports.

Q: How does the rollback system work?
A: AdminLocks takes automatic snapshots of key WordPress settings, active plugins, theme assignments, and widget configurations before any change. One-click rollback restores the previous state instantly.

Q: What is the difference between AdminLocks Lite and Cloud plans?
A: AdminLocks Lite is a free WordPress plugin providing basic dashboard replacement, simple policies, and a 14-day audit log for a single site. Cloud plans add advanced policies, snapshots, rollback, maintenance reports, multi-site management, white-labeling, and priority support.

## Release history

- v1.0.0 (March 4, 2026): Full launch. Dashboard replacement, policy engine, audit log, client portal, approval gates, snapshot and rollback, cloud connector.
- v0.9.0-beta (February 15, 2026): First-run wizard, policy template system.
- v0.8.0-beta (January 28, 2026): REST API for audit log, webhook notifications, 40% footprint reduction.
- v0.7.0-alpha (January 10, 2026): Initial audit log, basic policy controls, dashboard replacement prototype.

User-agent: GPTBot
Allow: /

User-agent: ChatGPT-User
Allow: /

User-agent: PerplexityBot
Allow: /

User-agent: ClaudeBot
Allow: /

User-agent: anthropic-ai
Allow: /

User-agent: Google-Extended
Allow: /

User-agent: Bingbot
Allow: /

User-agent: CCBot
Disallow: /

User-agent: *
Allow: /

Sitemap: https://adminlocks.com/sitemap.xml

{
  "/": {
    "url": "https://adminlocks.com",
    "name": "AdminLocks",
    "@type": "Organization",
    "@context": "https://schema.org",
    "description": "AdminLocks gives WordPress agencies total control over what clients can do in wp-admin. Pre-built lockdown policies, branded client portal, automatic snapshots, one-click rollback, and maintenance reports.",
    "foundingDate": "2026"
  },
  "/docs/": {
    "url": "https://adminlocks.com/docs/",
    "name": "AdminLocks Documentation",
    "@type": "TechArticle",
    "@context": "https://schema.org",
    "isPartOf": {
      "url": "https://adminlocks.com/",
      "name": "AdminLocks",
      "@type": "WebSite"
    },
    "breadcrumb": {
      "@type": "BreadcrumbList",
      "itemListElement": [
        {
          "item": "https://adminlocks.com/",
          "name": "Home",
          "@type": "ListItem",
          "position": 1
        },
        {
          "item": "https://adminlocks.com/docs/",
          "name": "Documentation",
          "@type": "ListItem",
          "position": 2
        }
      ]
    },
    "description": "Complete documentation for AdminLocks: installation, configuration, policy setup, cloud connection, API reference, and troubleshooting.",
    "dateModified": "2026-04-01"
  },
  "/install/": {
    "url": "https://adminlocks.com/install/",
    "name": "How to Install AdminLocks",
    "step": [
      {
        "name": "Go to Plugins > Add New",
        "text": "Log in to your WordPress admin dashboard and navigate to Plugins, then Add New.",
        "@type": "HowToStep",
        "position": 1
      },
      {
        "name": "Search for AdminLocks",
        "text": "Type AdminLocks in the plugin search bar and press Enter.",
        "@type": "HowToStep",
        "position": 2
      },
      {
        "name": "Install and activate",
        "text": "Click Install Now next to the AdminLocks plugin, wait for installation to complete, then click Activate.",
        "@type": "HowToStep",
        "position": 3
      },
      {
        "name": "Complete the first-run wizard",
        "text": "Follow the first-run configuration wizard to choose policies, set client mode, configure notifications, and optionally connect to AdminLocks Cloud.",
        "@type": "HowToStep",
        "position": 4
      }
    ],
    "@type": "HowTo",
    "hasPart": {
      "@type": "FAQPage",
      "mainEntity": [
        {
          "name": "What are the system requirements for AdminLocks?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "AdminLocks requires WordPress 6.0 or higher, PHP 7.4+ (8.0+ recommended), MySQL 5.7+ or MariaDB 10.3+, and a minimum of 64 MB PHP memory. HTTPS is recommended.",
            "@type": "Answer"
          }
        },
        {
          "name": "How do I install AdminLocks with WP-CLI?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "Run: wp plugin install adminlocks --activate. The first-run wizard will launch automatically on your next wp-admin visit.",
            "@type": "Answer"
          }
        },
        {
          "name": "How do I install AdminLocks on a Multisite network?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "Upload the plugin to /wp-content/plugins/ and network-activate it from the Network Admin > Plugins screen. Network admins can then set global policies with optional per-site overrides.",
            "@type": "Answer"
          }
        }
      ]
    },
    "@context": "https://schema.org",
    "totalTime": "PT1M",
    "description": "Install the AdminLocks WordPress plugin in 30 seconds via WordPress.org or manual upload."
  },
  "/pricing/": {
    "url": "https://adminlocks.com/pricing/",
    "name": "AdminLocks",
    "@type": "SoftwareApplication",
    "offers": [
      {
        "name": "Lite",
        "@type": "Offer",
        "price": "0",
        "description": "Free forever. 1 site. Basic policies, 14-day audit log, basic client portal.",
        "priceCurrency": "USD"
      },
      {
        "name": "Starter",
        "@type": "Offer",
        "price": "19",
        "description": "Up to 5 sites. Full policy engine, snapshots, rollback, 90-day audit trail.",
        "priceCurrency": "USD"
      },
      {
        "name": "Agency",
        "@type": "Offer",
        "price": "49",
        "description": "Up to 25 sites. White-labeling, advanced policies, priority support.",
        "priceCurrency": "USD"
      },
      {
        "name": "Studio",
        "@type": "Offer",
        "price": "99",
        "description": "Up to 100 sites. Full white-labeling including plugin name and maintenance reports.",
        "priceCurrency": "USD"
      },
      {
        "name": "Enterprise",
        "@type": "Offer",
        "description": "Custom pricing. 100+ sites."
      }
    ],
    "hasPart": {
      "@type": "FAQPage",
      "mainEntity": [
        {
          "name": "Is AdminLocks free?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "Yes. AdminLocks Lite is free forever with no credit card required. It covers one site with basic policies, a 14-day audit log, and a basic client portal. Paid Cloud plans start at $19/month for up to 5 sites.",
            "@type": "Answer"
          }
        },
        {
          "name": "How much does AdminLocks cost?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "AdminLocks Cloud plans start at $19/month (Starter, up to 5 sites), $49/month (Agency, up to 25 sites), $99/month (Studio, up to 100 sites), and custom pricing for Enterprise (100+ sites). Annual billing saves the equivalent of 2 months.",
            "@type": "Answer"
          }
        },
        {
          "name": "What is included in the free AdminLocks plan?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "The free Lite plan includes dashboard replacement, basic policy controls with 2 templates, a 14-day audit log, and a basic client portal for one site. No credit card is required and the plan never expires.",
            "@type": "Answer"
          }
        }
      ]
    },
    "@context": "https://schema.org",
    "operatingSystem": "WordPress",
    "applicationCategory": "WebApplication"
  },
  "/features/": {
    "url": "https://adminlocks.com/features/",
    "name": "AdminLocks Features - Policy Engine, Client Portal, Safety Net, Audit + Approvals",
    "@type": "WebPage",
    "hasPart": {
      "@type": "FAQPage",
      "mainEntity": [
        {
          "name": "What is the AdminLocks Policy Engine?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "The AdminLocks Policy Engine controls client access to WordPress admin using three mechanisms: screen gating (hides entire admin pages from non-admin roles), capability filtering (removes dangerous WordPress capabilities from user roles), and REST API route blocking (prevents unauthorized access via the WordPress REST API). Six pre-built templates can be deployed in 30 seconds.",
            "@type": "Answer"
          }
        },
        {
          "name": "What page builders does AdminLocks support?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "AdminLocks is tested with Elementor, Beaver Builder, Divi, Bricks, Oxygen, and Gutenberg. The Builder Safe template is specifically designed for page-builder workflows.",
            "@type": "Answer"
          }
        },
        {
          "name": "What is the difference between Safe Mode and policies?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "Policies control what clients can access day-to-day. Safe Mode is a temporary lockdown you activate during deployments or maintenance windows that restricts all non-admin access to a read-only state.",
            "@type": "Answer"
          }
        },
        {
          "name": "Does AdminLocks support WordPress Multisite?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "Yes. AdminLocks can be network-activated on Multisite installations. Network admins can set global policies while allowing per-site overrides.",
            "@type": "Answer"
          }
        }
      ]
    },
    "@context": "https://schema.org",
    "description": "Four powerful modules for WordPress agencies: Policy Engine, Client Portal, Safety Net, and Audit + Approvals.",
    "dateModified": "2026-04-01"
  },
  "/security/": {
    "url": "https://adminlocks.com/security/",
    "name": "AdminLocks Security Architecture",
    "@type": "WebPage",
    "hasPart": {
      "@type": "FAQPage",
      "mainEntity": [
        {
          "name": "Is AdminLocks open source?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "AdminLocks Lite is open source and available on WordPress.org. You can audit the code that runs on your server. The Cloud infrastructure is proprietary but AdminLocks maintains a public changelog and responsible disclosure program.",
            "@type": "Answer"
          }
        },
        {
          "name": "Where is AdminLocks data stored?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "All policy and audit data is stored in your own WordPress database. Cloud plans sync encrypted snapshots to AdminLocks servers for backup purposes only. You own your data and control retention policies.",
            "@type": "Answer"
          }
        },
        {
          "name": "Does AdminLocks collect telemetry?",
          "@type": "Question",
          "acceptedAnswer": {
            "text": "No. AdminLocks does not harvest telemetry or phone home. Data minimization is a core architectural principle - only what is needed is collected, and retention policies are in the agency's hands.",
            "@type": "Answer"
          }
        }
      ]
    },
    "@context": "https://schema.org",
    "description": "AdminLocks security practices including zero trust architecture, data minimization, defense in depth, cloud encryption, and responsible disclosure.",
    "dateModified": "2026-04-01"
  },
  "/changelog/": {
    "url": "https://adminlocks.com/changelog/",
    "name": "AdminLocks Changelog",
    "@type": "WebPage",
    "@context": "https://schema.org",
    "isPartOf": {
      "url": "https://adminlocks.com/",
      "name": "AdminLocks",
      "@type": "WebSite"
    },
    "description": "Every update, improvement, and fix to AdminLocks - documented. Track new features, security patches, and improvements across every release.",
    "dateModified": "2026-03-04",
    "datePublished": "2026-03-04"
  }
}