Stop administrator login

This is a very lightweight module that will stop users from being able to login as user 1 and optionally block the entire "administrator" role. Site administrators will still be able to login as user 1 by using drush when needed. The idea behind this is to protect a site from the accidental loss of user 1's password. Also from a security perspective (not sharing passwords) and for auditing configuration/content changes it is much better if user 1 is not used.

This module is a great companion when you are using an IAM like OpenID Connect.

Warning

If you enable this module, and do not have access to the machine using drush— you will NOT, I repeat, NOT be able to log back in as user 1. This will be sad for you, but here is your warning.

Make sure you have a personal administrator account with sufficient rights before enabling this module. If you decide on blocking the "administrator" role as well (as set at /admin/people/role-settings), make sure the other roles in the website have sufficient permissions to manage the site.

You can read more about this and how to recover access in the documentation section here: https://www.drupal.org/docs/contributed-modules/stop-administrator-login