{"id":333636,"date":"2026-07-02T07:57:28","date_gmt":"2026-07-02T07:57:28","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/watrix-user-switching\/"},"modified":"2026-07-02T07:56:59","modified_gmt":"2026-07-02T07:56:59","slug":"watrix-login-as-user","status":"publish","type":"plugin","link":"https:\/\/pirate.wordpress.org\/plugins\/watrix-login-as-user\/","author":13819045,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.3","stable_tag":"1.0.3","tested":"7.0","requires":"6.0","requires_php":"7.4","requires_plugins":null,"header_name":"Watrix Login as User","header_author":"WATRIX\u5408\u540c\u4f1a\u793e","header_description":"\u7ba1\u7406\u8005\u304c\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u3078\u5b89\u5168\u306b\u5207\u308a\u66ff\u3048\uff08\u4ee3\u7406\u30ed\u30b0\u30a4\u30f3\uff09\u3057\u3001\u5143\u30a2\u30ab\u30a6\u30f3\u30c8\u3078\u30ef\u30f3\u30af\u30ea\u30c3\u30af\u3067\u623b\u308b\u305f\u3081\u306e WordPress \u30d7\u30e9\u30b0\u30a4\u30f3\u3002\u7f72\u540d\u4ed8\u304d Cookie\u30fbnonce\u30fb\u6a29\u9650\u30c1\u30a7\u30c3\u30af\u30fb\u76e3\u67fb\u30ed\u30b0\u306b\u3088\u308b\u591a\u5c64\u9632\u5fa1\u3092\u5b9f\u88c5\u3002","assets_banners_color":"e3a171","last_updated":"2026-07-02 07:56:59","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/watrix.co.jp\/","header_author_uri":"https:\/\/watrix.co.jp","rating":0,"author_block_rating":0,"active_installs":0,"downloads":30,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.3":{"tag":"1.0.3","author":"watrix","date":"2026-07-02 07:56:59"}},"upgrade_notice":{"1.0.3":"<p>Plugin renamed from &quot;Watrix User Switching&quot; to &quot;Watrix Login as User&quot; (slug changed to <code>watrix-login-as-user<\/code>) to avoid confusion with the existing User Switching plugin. Functionality is unchanged.<\/p>","1.0.2":"<p>Maintenance release for WordPress.org Plugin Check compliance. No behaviour changes.<\/p>","1.0.1":"<p>Security hardening release: i18n support and fail-closed handling for the signing secret. Update recommended.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3593558,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3593558,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3593558,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3593558,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.3"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3593558,"resolution":"1","location":"assets","locale":"","width":1325,"height":797},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3593558,"resolution":"2","location":"assets","locale":"","width":1325,"height":799}},"screenshots":{"1":"The red impersonation warning bar.","2":"The \"Switch to\" row action on the Users screen."}},"plugin_section":[],"plugin_tags":[83,2679,269811,1104,3749],"plugin_category":[59],"plugin_contributors":[268210],"plugin_business_model":[],"class_list":["post-333636","plugin","type-plugin","status-publish","hentry","plugin_tags-admin","plugin_tags-debugging","plugin_tags-impersonation","plugin_tags-support","plugin_tags-user-switching","plugin_category-utilities-and-tools","plugin_contributors-watrix","plugin_committers-watrix"],"banners":{"banner":"https:\/\/ps.w.org\/watrix-login-as-user\/assets\/banner-772x250.png?rev=3593558","banner_2x":"https:\/\/ps.w.org\/watrix-login-as-user\/assets\/banner-1544x500.png?rev=3593558","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/watrix-login-as-user\/assets\/icon-128x128.png?rev=3593558","icon_2x":"https:\/\/ps.w.org\/watrix-login-as-user\/assets\/icon-256x256.png?rev=3593558","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/watrix-login-as-user\/assets\/screenshot-1.png?rev=3593558","caption":"The red impersonation warning bar."},{"src":"https:\/\/ps.w.org\/watrix-login-as-user\/assets\/screenshot-2.png?rev=3593558","caption":"The \"Switch to\" row action on the Users screen."}],"raw_content":"<!--section=description-->\n<p>Watrix Login as User lets administrators sign in as any other user (impersonation) and return to their own account with a single click. It is useful for support requests, reproducing user-reported issues, debugging role and capability problems, and verifying the experience of subscribers, customers or editors without sharing passwords.<\/p>\n\n<p>Key features:<\/p>\n\n<ul>\n<li>Adds a \"Switch to\" row action on the Users screen (localised as \"\u5207\u308a\u66ff\u3048\" in Japanese).<\/li>\n<li>Adds a \"Switch to %s\" button on the user profile edit screen.<\/li>\n<li>Displays a persistent red warning bar in both the admin and the front-end while an impersonation session is active.<\/li>\n<li>The warning bar contains a one-click link back to the original administrator account.<\/li>\n<li>Switching and switching-back are protected by nonces and a signed cookie (HMAC-SHA256, AUTH_KEY-derived) so the original user id cannot be forged.<\/li>\n<li>A bounded audit log (latest 200 entries) is stored in a single options row.<\/li>\n<\/ul>\n\n<p>Security model:<\/p>\n\n<ul>\n<li>Only users who are administrators AND hold the manage_options capability can switch (manage_network_users on multisite).<\/li>\n<li>The original (acting) user id is stored in a signed, Secure \/ HttpOnly \/ SameSite=Lax cookie.<\/li>\n<li>Nonce verification, self-switch prevention and clean-up on user deletion are implemented.<\/li>\n<li>If the AUTH_KEY salts required for signing are missing, the plugin fails closed and the feature is disabled.<\/li>\n<\/ul>\n\n<h3>\u65e5\u672c\u8a9e<\/h3>\n\n<h4>\u6982\u8981<\/h4>\n\n<p>Watrix Login as User \u306f\u3001\u7ba1\u7406\u8005\u304c\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306b\u306a\u308a\u3059\u307e\u3057\u3066 WordPress \u3092\u64cd\u4f5c\u3059\u308b\u300c\u4ee3\u7406\u30ed\u30b0\u30a4\u30f3\u300d\u6a5f\u80fd\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002\u30b5\u30dd\u30fc\u30c8\u5bfe\u5fdc\u30fb\u52d5\u4f5c\u78ba\u8a8d\u30fb\u6a29\u9650\u30c7\u30d0\u30c3\u30b0\u306a\u3069\u306b\u6709\u7528\u3067\u3059\u3002<\/p>\n\n<h4>\u4e3b\u306a\u6a5f\u80fd<\/h4>\n\n<ul>\n<li>\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7\u306e\u5404\u884c\u306b\u300c\u5207\u308a\u66ff\u3048\u300d\u30ea\u30f3\u30af\u3092\u8ffd\u52a0\uff08\u82f1\u8a9e\u30ed\u30b1\u30fc\u30eb\u3067\u306f \"Switch to\"\uff09<\/li>\n<li>\u30e6\u30fc\u30b6\u30fc\u7de8\u96c6\u753b\u9762\u306b\u3082\u300c%s \u306b\u5207\u308a\u66ff\u3048\u300d\u30dc\u30bf\u30f3\u3092\u8ffd\u52a0<\/li>\n<li>\u4ee3\u7406\u30ed\u30b0\u30a4\u30f3\u4e2d\u306f\u7ba1\u7406\u753b\u9762\u30fb\u30d5\u30ed\u30f3\u30c8\u753b\u9762\u306e\u4e0a\u90e8\u306b\u8d64\u3044\u8b66\u544a\u30d0\u30fc\u3092\u5e38\u6642\u8868\u793a<\/li>\n<li>\u30d0\u30fc\u5185\u306e\u30ea\u30f3\u30af\u3067\u5143\u306e\u7ba1\u7406\u8005\u30a2\u30ab\u30a6\u30f3\u30c8\u3078\u5373\u6642\u5fa9\u5e30<\/li>\n<li>\u5207\u66ff\u30fb\u5fa9\u5e30\u306f nonce + \u7f72\u540d\u4ed8\u304d Cookie (HMAC-SHA256) \u3067\u4fdd\u8b77<\/li>\n<li>\u76e3\u67fb\u30ed\u30b0\u3092\u30aa\u30d7\u30b7\u30e7\u30f3\u30c6\u30fc\u30d6\u30eb\u306b\u6700\u5c0f\u9650\u4fdd\u5b58\uff08\u6700\u65b0 200 \u4ef6\uff09<\/li>\n<\/ul>\n\n<h4>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3<\/h4>\n\n<ul>\n<li>\u5207\u66ff\u3092\u8a31\u53ef\u3059\u308b\u306e\u306f administrator \u304b\u3064 manage_options \u4fdd\u6709\u8005\u306e\u307f\uff08\u30de\u30eb\u30c1\u30b5\u30a4\u30c8\u6642\u306f manage_network_users\uff09<\/li>\n<li>\u5143\u30e6\u30fc\u30b6\u30fc ID \u306f AUTH_KEY \u3067\u7f72\u540d\u3055\u308c\u305f Secure \/ HttpOnly \/ SameSite=Lax Cookie \u306b\u4fdd\u5b58<\/li>\n<li>nonce \u691c\u8a3c\u30fb\u81ea\u8eab\u3078\u306e\u5207\u66ff\u9632\u6b62\u30fb\u30e6\u30fc\u30b6\u30fc\u524a\u9664\u6642\u306e\u30af\u30ea\u30fc\u30f3\u30a2\u30c3\u30d7\u3092\u5b9f\u88c5<\/li>\n<li>AUTH_KEY \u7cfb SALT \u304c\u672a\u8a2d\u5b9a\u306a\u3089 fail-closed \u3067\u6a5f\u80fd\u3092\u7121\u52b9\u5316<\/li>\n<\/ul>\n\n<h4>\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h4>\n\n<ol>\n<li>\u30d7\u30e9\u30b0\u30a4\u30f3\u3092 <code>wp-content\/plugins\/watrix-login-as-user\/<\/code> \u306b\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9<\/li>\n<li>WordPress \u7ba1\u7406\u753b\u9762\u306e\u300c\u30d7\u30e9\u30b0\u30a4\u30f3\u300d\u304b\u3089\u6709\u52b9\u5316<\/li>\n<li>\u300c\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7\u300d\u307e\u305f\u306f\u500b\u5225\u306e\u30e6\u30fc\u30b6\u30fc\u7de8\u96c6\u753b\u9762\u3067\u300c\u5207\u308a\u66ff\u3048\u300d\u3092\u5b9f\u884c<\/li>\n<li>\u4ee3\u7406\u30ed\u30b0\u30a4\u30f3\u4e2d\u306f\u753b\u9762\u4e0a\u90e8\u306e\u8d64\u3044\u30d0\u30fc\u304b\u3089\u5143\u306e\u30a2\u30ab\u30a6\u30f3\u30c8\u306b\u623b\u308c\u307e\u3059<\/li>\n<\/ol>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin to <code>wp-content\/plugins\/watrix-login-as-user\/<\/code> or install it from the WordPress plugin directory.<\/li>\n<li>Activate the plugin from the Plugins screen.<\/li>\n<li>Go to Users and use the \"Switch to\" row action, or open a user's profile and use the \"Switch to %s\" button.<\/li>\n<li>While impersonating, use the red warning bar at the top of the screen to return to your original account.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"who%20can%20switch%20users%3F\"><h3>Who can switch users?<\/h3><\/dt>\n<dd><p>Only users who are administrators AND have the manage_options capability (manage_network_users on multisite). The capability is re-checked on every switch and on every restore.<\/p><\/dd>\n<dt id=\"is%20my%20password%20ever%20sent%20to%20the%20impersonated%20session%3F\"><h3>Is my password ever sent to the impersonated session?<\/h3><\/dt>\n<dd><p>No. Switching uses WordPress' own authentication cookies (wp_set_auth_cookie). No password is ever read, written or transmitted by this plugin.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20i%20deactivate%20the%20plugin%20while%20impersonating%3F\"><h3>What happens if I deactivate the plugin while impersonating?<\/h3><\/dt>\n<dd><p>The impersonation cookie is cleared on deactivation, so the next request will not sit on a stale impersonation state.<\/p><\/dd>\n<dt id=\"where%20is%20the%20audit%20log%20stored%3F\"><h3>Where is the audit log stored?<\/h3><\/dt>\n<dd><p>In a single wp_options row (<code>watrix_lau_audit_log<\/code>), capped at the most recent 200 entries. Uninstalling the plugin removes this option completely.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Rename: plugin renamed from \"Watrix User Switching\" to \"Watrix Login as User\"; slug \/ text domain changed from <code>watrix-user-switching<\/code> to <code>watrix-login-as-user<\/code> to avoid confusion with the existing User Switching plugin.<\/li>\n<li>Internals: constant, function, class, option, cookie, nonce and query-parameter prefixes updated accordingly (<code>WATRIX_LOGIN_AS_USER_*<\/code>, <code>WATRIX_LAU_*<\/code>, <code>watrix_login_as_user_*<\/code>, <code>watrix_lau_*<\/code>, <code>WatrixLoginAsUser\\<\/code>, <code>watrix_lau_original<\/code>, <code>watrix_lau_audit_log<\/code>, <code>?watrix_lau=...<\/code>).<\/li>\n<li>i18n: translation catalogue renamed to <code>watrix-login-as-user-ja.po\/.mo<\/code>.<\/li>\n<li>No functional or behavioural changes.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Compliance: pass WordPress.org Plugin Check 2.0.0 with zero errors and zero warnings.<\/li>\n<li>readme.txt: rewritten in English; \"Tested up to\" bumped to 7.0; Japanese description retained below.<\/li>\n<li>i18n: removed redundant <code>load_plugin_textdomain()<\/code> call (WP 4.6+ auto-loads translations for WP.org-hosted plugins).<\/li>\n<li>uninstall.php: prefixed local variables (<code>$watrix_lau_option_name<\/code>, <code>$watrix_lau_site_ids<\/code>, <code>$watrix_lau_site_id<\/code>).<\/li>\n<li>i18n: moved <code>\/* translators: *\/<\/code> comments to be immediately adjacent to the <code>__()<\/code> call.<\/li>\n<li>nonce warnings: annotated the <code>admin_init<\/code> and admin-notice dispatchers (read-only status checks; the actual state-changing actions still verify nonces).<\/li>\n<li>Packaging: added <code>.distignore<\/code> so <code>.git<\/code>, <code>.gitignore<\/code>, <code>README.md<\/code> and <code>.DS_Store<\/code> are excluded from the distribution ZIP.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>i18n: switched UI strings to English source + translation catalogues. Japanese locale displays \"\u5207\u308a\u66ff\u3048\" \/ \"%s \u306b\u5207\u308a\u66ff\u3048\"; other locales show \"Switch to\" \/ \"Switch to %s\".<\/li>\n<li>Security (H-1): removed the fallback signing secret. The plugin now fails closed when AUTH_KEY salts are not configured.<\/li>\n<li>Public failure codes coarsened; detailed reasons now live only in the audit log (S-4).<\/li>\n<li>Added <code>uninstall.php<\/code> to fully remove the audit-log option on plugin deletion (S-6).<\/li>\n<li>Deactivation hook clears any in-flight impersonation cookie (S-6).<\/li>\n<li>Reworked the user-edit screen UI to use a single dedicated form-table instead of a stray <code>&lt;tr&gt;<\/code> injection (L-4).<\/li>\n<li>Standardised on output-time escaping (S-1).<\/li>\n<li>Fixed mismatched <code>\/* translators: *\/<\/code> placeholders (L-1).<\/li>\n<li>Bundled a compiled Japanese .mo file.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Securely impersonate any user account as an administrator and switch back to your original account with one click.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/333636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=333636"}],"author":[{"embeddable":true,"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/watrix"}],"wp:attachment":[{"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=333636"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=333636"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=333636"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=333636"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=333636"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pirate.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=333636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}