The Operational Control Layer for WordPress Agencies

Every Client Login Is a Liability. AdminLocks Fixes That.

One plugin locks down wp-admin, gives clients a safe workspace, and rolls back their mistakes before you even know they happened.

Lock Down Your First Site Free See What Agencies Pay →

Lite is free forever. No credit card. No commitment. Just control.

yoursite.com/wp-admin — AdminLocks Dashboard
Dashboard
Audit Log
Policies
Client Mode
Snapshots
Approvals
Active Policies
3
Blocked Actions
47
Snapshots
128
Rollbacks
5
Client "Sarah" attempted to deactivate WooCommerce — Blocked
2 min ago
Auto-snapshot created before theme update
14 min ago
Policy "Brochure Safe" applied to role: editor
1 hr ago
Client "Mike" attempted to change permalink structure — Blocked
3 hr ago
94%
Reduction in Client-Caused Site Damage
8 hrs
Saved Per Site Per Month
30 sec
Deploy a Lockdown Policy in 30 Seconds
You Know This Story. You Have Lived It.

The Mess You Are Already Cleaning Up

The average agency loses $4,200 per year per portfolio cleaning up avoidable admin mistakes. These are the four that keep happening.

01 — The 11pm Emergency
Client Kills the Checkout

Your client disables the WooCommerce plugin because they “thought it was slowing things down.” The entire store goes offline. You get the panicked call at 11pm. Three hours of emergency triage, a missed dinner, and a client who still expects you to eat the cost. Hidden cost: $360+ in unbillable hours, plus the revenue the store lost while it was dark.

02 — The Layout Massacre
80 Hours of Design Work, Gone

Client “experiments” with theme settings over the weekend. Switches to a default theme to “see how it looks.” Custom CSS, widget configurations, menu assignments, header layouts — all wiped. The site you spent 80 hours building now looks like a 2009 blog. Hidden cost: 6-10 hours to rebuild, plus the trust damage that makes the client question your work.

03 — The SEO Catastrophe
Every Google Ranking Tanks Overnight

Client reads a blog post about “SEO-friendly URLs” and changes the permalink structure. Every indexed URL now returns a 404. Organic traffic craters overnight. Months of SEO work and ad spend evaporate because someone clicked a settings page they never should have seen. Hidden cost: 3-6 months of SEO recovery. Thousands in lost leads.

04 — The Silent Lead Killer
Client “Cleans Up” the Money Pages

Client decides to “tidy up” old pages. Deletes the landing page that generates 40% of their leads. Nobody notices for two weeks, until the client calls to ask why enquiries dried up. You cannot recover a trashed page from a month ago. Hidden cost: Weeks of lost revenue, a difficult conversation, and a client who blames you for not preventing it.

* Based on an average of 3.5 incidents/site/year across 10 managed sites, at $120/hr blended agency rate. Source: WP Agency Survey 2025.

See the Numbers

Calculate Your Cost of Client Chaos

Without AdminLocks
$10,000
With AdminLocks
$1,000
Annual Savings
$9,000
The Solution

Four Modules. Total Operational Control.

Module 01

Control What Clients Can Touch — Without Saying No to Everything

You are not blocking clients. You are giving them a safe lane. Define exactly what each role can see and do with pre-built templates or custom policies. Turn “please do not touch that” into an automated guardrail that works while you sleep.

6 pre-built lockdown templates for common scenarios
Screen gating hides entire admin pages per role
REST API endpoint blocking stops backdoor changes
Temporary access elevation when clients genuinely need more
Export / import policies as JSON across your portfolio
Brochure Safe
Builder Safe
WooCommerce Restricted
SEO Collaboration
Blog Team
Maintenance Client
BROCHURE SAFE POLICY
✓ Edit pages & posts
✓ Upload media
✓ Moderate comments
✗ Install/remove plugins
✗ Change themes
✗ Modify settings
Module 02

Give Clients Access They Cannot Misuse

Clients get a branded workspace with everything they need — content editing, media uploads, change requests — and nothing they can break. Fewer “what happened to my site?” calls. More “the edit is live” messages.

Branded with your agency logo and colors
Simplified content editor they actually understand
Built-in change request system (no more email chains)
Fully white-labelable on Agency+ plans
CLIENT CHANGE REQUESTS
Update homepage hero image Pending
Add new team member to About page Approved
Install SEO plugin (client request) Denied
Update business hours in footer Approved
Change contact form email address Pending
Module 03

Undo Client Damage in One Click

When something goes wrong — and it will — recovery is instant. Automatic snapshots capture state before every change. One-click rollback restores it. Stop turning 15-minute mistakes into 3-hour cleanup jobs.

Auto-snapshots before every significant change
One-click rollback to any previous state
Safe Mode freezes all client access during deployments
Break-glass recovery (3 methods) — you are never locked out
SNAPSHOT TIMELINE
Today 14:32
Auto-snapshot before WooCommerce 8.4.1 update
Today 09:15
Auto-snapshot before theme customizer save
Yesterday 16:40
Manual snapshot — pre-deployment freeze
Yesterday 11:22
Auto-snapshot before plugin activation (Yoast SEO)
Module 04

Know What Changed. Approve What Matters.

Full forensic audit trail of every action by every user. Approval gates for risky changes. Auto-generated maintenance reports that prove your value. When a client says “I did not change anything,” you will have the proof.

Login, plugin, option & role tracking with timestamps
Before/after diffs for every single change
Approval queue gates risky actions before they happen
Auto-generated branded PDF maintenance reports
AUDIT LOG
TimeEventUserStatus
14:32 Plugin update: WooCommerce 8.4.0 → 8.4.1 admin ✓ Auto
14:30 Attempted plugin deactivation: WooCommerce sarah ✗ Blocked
13:15 Page edited: "About Us" sarah ✓ Allowed
11:45 Theme switch attempted: Twenty Twenty-Four mike ✗ Blocked
09:30 Login from new IP: 203.0.113.42 sarah ● Flagged
Policy Templates

Pre-Built for the Problems You Already Have

Six lockdown profiles. Each one solves a specific agency headache. Deploy in 30 seconds.

Brochure Safe

The most restrictive day-to-day template. Ideal for simple brochure sites where clients only need to edit content and upload images.

Ideal for: Small business websites, portfolios, landing pages

Applies to: Editor, Author
WHAT CLIENTS CAN DO
✓ Edit existing pages and posts
✓ Upload images and documents
✓ Moderate and reply to comments
✓ View their own profile
WHAT IS BLOCKED
✗ Install, update, or remove plugins
✗ Switch or customize themes
✗ Change Settings (permalinks, general, reading)
✗ Manage users or roles
✗ Access Tools or Import/Export

Builder Safe

Designed for sites built with Elementor, Beaver Builder, Divi, or Bricks. Allows page builder editing while blocking theme-level and plugin-level changes.

Ideal for: Page-builder sites where clients do layout edits

Applies to: Editor
WHAT CLIENTS CAN DO
✓ Edit pages using the page builder
✓ Create new pages (drafts only)
✓ Upload and manage media
✓ Use builder-specific templates
WHAT IS BLOCKED
✗ Access global builder settings
✗ Edit theme templates or header/footer
✗ Install or remove plugins
✗ Change WordPress core settings
✗ Access WP Customizer

WooCommerce Restricted

Lets store managers handle products, orders, and coupons while keeping them away from WooCommerce settings, payment gateways, and shipping zones.

Ideal for: eCommerce sites with client-managed product catalogs

Applies to: Shop Manager, Editor
WHAT CLIENTS CAN DO
✓ Add, edit, and manage products
✓ Process and manage orders
✓ Create and manage coupons
✓ View sales reports
WHAT IS BLOCKED
✗ WooCommerce Settings (payments, shipping, tax)
✗ Install or remove WooCommerce extensions
✗ Edit checkout or cart pages
✗ Change email notification templates
✗ Access API keys or webhooks

SEO Collaboration

For when you are working with an SEO consultant or marketing team that needs access to Yoast/Rank Math settings and content but nothing else.

Ideal for: Sites with external SEO teams or marketing contractors

Applies to: SEO Editor (custom role)
WHAT CLIENTS CAN DO
✓ Edit page/post SEO meta (title, description)
✓ Manage redirects
✓ View Search Console integration data
✓ Edit content for optimization
WHAT IS BLOCKED
✗ Change permalink structure
✗ Edit robots.txt or .htaccess
✗ Install or remove plugins
✗ Access non-SEO settings
✗ Manage users or roles

Blog Team

For multi-author blogs and content teams. Authors can write, edit, and manage their own posts with a streamlined writing experience. No access to site-level settings.

Ideal for: Content marketing teams, multi-author blogs

Applies to: Author, Contributor
WHAT CLIENTS CAN DO
✓ Write and publish blog posts
✓ Upload featured images and media
✓ Manage categories and tags
✓ Edit their own profile
WHAT IS BLOCKED
✗ Edit or delete other authors' posts
✗ Edit pages (only posts)
✗ Access plugins, themes, or settings
✗ Manage menus or widgets
✗ View other users' profiles

Maintenance Client

Maximum lockdown. Clients can view the dashboard and submit change requests through the portal, but cannot edit any content directly. Perfect for sites under active maintenance contracts.

Ideal for: Retainer clients, sites under active development

Applies to: Subscriber (elevated)
WHAT CLIENTS CAN DO
✓ View the AdminLocks dashboard
✓ Submit change requests
✓ View activity log (own actions only)
✓ Download maintenance reports
WHAT IS BLOCKED
✗ Edit any content (pages, posts, products)
✗ Upload or delete media
✗ Access any WordPress admin screens
✗ Install, update, or remove anything
✗ Change any settings whatsoever
Emergency Access

Three Ways to Break the Glass

No matter what happens, you can always regain full access. AdminLocks will never lock you out of your own site.

wp-config.php Constant

Add a single line to your wp-config.php to bypass all policies immediately.

define('ADMINLOCKS_BYPASS', true);

Signed Recovery URL

Use a cryptographically signed URL that grants temporary admin access for 15 minutes.

yoursite.com/?adminlocks_recover=abc123

WP-CLI Command

If you have SSH access, disable AdminLocks instantly from the command line.

wp adminlocks disable --force
Everything You Need

Every Feature Exists Because an Agency Lost Time Without It

Policy Templates
6 pre-built lockdown profiles for common agency scenarios
Screen Gating
Hide entire admin screens from specific roles
Capability Control
Fine-grained WordPress capability filtering per role
REST API Blocking
Block specific REST API endpoints to prevent backdoor changes
Client Portal
Branded frontend workspace replaces raw wp-admin
Content Editor
Simplified editing interface for client content updates
Media Library
Safe media uploads with type and size restrictions
Change Requests
Clients submit requests; you approve or deny
Auto Snapshots
Automatic state capture before every change
One-Click Rollback
Restore any previous state with a single click
Safe Mode
Freeze all client access during deployments
Activity Log
Full audit trail of every action by every user
Maintenance Reports
Auto-generated reports proving your monthly value
White-Label PDF
Your agency branding on every report
Scheduled Delivery
Auto-send reports weekly or monthly via email
Report Templates
Customizable templates for different client types
Pricing

One Client Mistake Costs More Than a Year of AdminLocks

Choose the plan that fits your portfolio. Start free. Upgrade when the chaos does.

Monthly Annual Save 2 months
Lite
Free

For testing the waters. Lock down your first site.

1 site
Dashboard replacement
Basic policies
14-day audit log
Basic client portal
Start Free
Starter
$19 /mo

For freelancers tired of client cleanup. Pays for itself the first time it prevents a broken site.

Up to 5 sites
Policy templates
Client portal
Activity log
Snapshots + rollback
Temp access elevation
Protect 5 Sites
Most Popular
Agency
$49 /mo

For agencies that cannot afford chaos. The plan most agencies choose. Covers 25 sites with full control.

Up to 25 sites
Everything in Starter
Advanced custom policies
Change requests + approvals
Scheduled access windows
Priority support
Maintenance reports
Lock Down 25 Sites
Studio
$99 /mo

For established agencies at scale. 100 sites. Team roles. SLA-backed.

Up to 100 sites
Everything in Agency
Policy packs (import/export)
Exportable audit reports
Team roles (admin, manager, viewer)
4-hour SLA
Report templates + history
Scale to 100
Enterprise
Custom

For portfolios that do not fit in a dropdown.

Unlimited sites
Everything in Studio
Dedicated onboarding
Compliance + audit exports
SSO integration
Custom support channel
Talk to Sales
Are automatic backups included?
AdminLocks snapshots capture WordPress settings, plugin states, and configurations — the things clients break most. For full file/database backups, pair it with a dedicated backup plugin. Together, you are covered from every angle.
How are sites counted?
Each WordPress installation = one site. Multisite networks count as one site when network-activated. You get the most coverage for the least spend.
Can I change plans later?
Upgrade instantly, downgrade at next billing cycle. No lock-in, no penalty. Your portfolio changes; your plan should too.
Do my clients need accounts?
No. Clients use their existing WordPress logins. AdminLocks applies policies based on roles — zero additional accounts to manage.
What is the annual discount?
Annual plans save you 2 months. Agency drops to $40.83/mo effective. That is less than a single hour of client cleanup work.
Which plans include maintenance reports?
Agency, Studio, and Enterprise. White-label customization (your logo, your colors, your name) is on Studio and Enterprise. Reports justify your retainer — they pay for the plan.
FAQ

Frequently Asked Questions

Dangerous admin screens are hidden from non-admin roles immediately. The raw WordPress dashboard is replaced with a clean, branded overview. From there, pick a lockdown template or build a custom policy. Your sites are safer in under 30 seconds.
Yes. Temp Access Elevation grants full or partial access for 1 hour up to 7 days. Access revokes automatically when time expires. Every elevated action is logged. You stay in control without being a bottleneck.
Three break-glass recovery methods guarantee you are never locked out: a wp-config.php constant, a signed recovery URL, or a WP-CLI command. We built AdminLocks for agencies who manage hundreds of sites — lockout-proof is non-negotiable.
Tested and compatible with Elementor, Beaver Builder, Divi, Bricks, Oxygen, and Gutenberg. The Builder Safe template was designed specifically for this — clients edit pages in their builder while global settings, theme templates, and plugin management stay locked.
Everything lives in your own WordPress database. AdminLocks Lite makes zero external calls. Cloud plans sync encrypted snapshots to our infrastructure for backup, but you own your data and can export it at any time. Your data never leaves your control.
Yes. Network-activate it on Multisite and set global policies across all subsites, with per-site overrides where needed. The entire network counts as one site for licensing. Maximum coverage, minimum cost.
Agency plans white-label the client portal with your logo and colors. Studio and Enterprise let you rename the plugin, remove all AdminLocks branding, and customize maintenance reports end-to-end. Your clients see your brand, not ours.
Before any significant change — plugin activation, theme switch, option update — AdminLocks captures a snapshot of the current state. To roll back, pick a snapshot and click Restore. The affected settings revert instantly. Lite retains 14 days; paid plans retain 90 days.
Lite gives you dashboard replacement, basic policies, and a 14-day audit log for one site — enough to see the value. Cloud plans unlock advanced templates, snapshots with one-click rollback, the full client portal, change requests, maintenance reports, multi-site management, white-labeling, and priority support. Most agencies upgrade within the first week.
Safe Mode is a one-click global lockdown. Activate it during deployments, maintenance windows, or emergencies to restrict all non-admin users to read-only. Policies handle day-to-day access; Safe Mode is your kill switch when you need every client frozen out, right now.

Every Day Without AdminLocks Is Another Day Your Sites Are Unprotected

The next client mistake is already queued up. The only question is whether you will catch it before it costs you time, money, and trust.

Lock Down Your First Site — Free See Plans →