General information

The Stop administrator module is a very lightweight and simple module that will stop users from being able to login as user 1 through the Drupal Front-End. Administrators will still be able to login as user 1 using Drush if this would be necessary. Optionally it is also possible to block the entire "administrator" role.

By preventing users from logging in as user 1 you will:

• Be able to protect a site from the accidental loss of user 1's password;
• Be more secure since developers won't be sharing the passwords with each other. Everyone will have his own account.
• Be able to audit user actions (Administrators) in much more detail since now ever administrator is linked to a real name.
• Be able to make off-boarding team members much more easier since you don't need to worry about updating the User 1 password. Just revoke his current administrator account of the specific user and revoke server access.
• ...

Block Administrator Role

Stop administrator login also has the ability to block any user that has the "administrator" role from logging in (as opposed to just user 1).

To do this:

• Navigate to the settings (/admin/config/people/stop_admin)
• Check the box "Block administrator role"
• Click "Save configuration"

If you decide on blocking the "administrator" role as well (as set at /admin/people/role-settings), make sure the other roles in the website have sufficient permissions to manage the site.

Accessing user 1

To access the administrator account using Drush we will be using the "user:login" command. Simply invoke:

drush user-login

Or the alias:

drush uli

To generate a one-time-login link for user 1. The actual command might differ depending on your setup of aliases, if you've configured Drush aliases you can invoke the command from your local machine instead of SSH'ing into the actual server where your site is hosted.