majick777 · December 15, 2017 23:30
diff --git a/administrator-whilelist.php b/administrator-whilelist.php
 <?php

 /* === AutoDelete new Administrators ===  */
 /* (last line of defence against hackers) */

 /* Usage: 1. set the admin username list to existing real admin(s) */
 /* 2. place this file in your /wp-content/mu-plugins/ directory */
 /* 3. remember to update the username list if you add a new admin */
 /* 4. harden your security in other ways - do not rely on this */

 add_action('init', 'wp_security_administrator_whitelist', 0);
 function wp_security_administrator_whitelist() {
    
 	// !!! Modify Admin Username List Before Using !!!
  // !! Never use 'admin' as your admin username !!
 	$adminusernames = array('admin'); 
    
 	if (!is_user_logged_in()) {return;}
  $user = wp_get_current_user();
    	
 	if (in_array('administrator', (array)$user->roles)) {
 		if (!in_array($user->data->user_login, $adminusernames)) {
      
 			// delete the unwhitelisted account now
 			if (!function_exists('wp_delete_user')) {include(ABSPATH.WPINC.'/user.php');}
 			wp_delete_user($user->data->ID);
      // probably unnecessary but clear user cache too
      wp_cache_delete($user->data->ID, 'users');
      wp_cache_delete($user->data->user_login, 'user_logins');

 			// send alert to blog email about the removed account
      // (mostly so it can be seen when it was created)
 			$blogemail = get_bloginfo('admin_email');
 			$subject = "[Warning!] Unwhitelisted Administrator Found and Deleted!";
 			ob_start(); print_r($user); $userdata = ob_get_contents(); ob_end_clean();
 			$body = "An administrator account with username '".$user->data->user_login."'\n";
 			$body .= "was automatically deleted because it is not in your admin whitelist.\n\n";
 			$body .= "Deleted Admin User Data Object Dump:\n".$userdata."\n\n";
 			wp_mail($blogemail, $subject, $body);
      
      // exit with no warning to unrecognized admin
      wp_logout(); exit;
 		}
 	}
 }
	<?php

	/* === AutoDelete new Administrators === */
	/* (last line of defence against hackers) */

	/* Usage: 1. set the admin username list to existing real admin(s) */
	/* 2. place this file in your /wp-content/mu-plugins/ directory */
	/* 3. remember to update the username list if you add a new admin */
	/* 4. harden your security in other ways - do not rely on this */

	add_action('init', 'wp_security_administrator_whitelist', 0);
	function wp_security_administrator_whitelist() {

	// !!! Modify Admin Username List Before Using !!!
	// !! Never use 'admin' as your admin username !!
	$adminusernames = array('admin');

	if (!is_user_logged_in()) {return;}
	$user = wp_get_current_user();

	if (in_array('administrator', (array)$user->roles)) {
	if (!in_array($user->data->user_login, $adminusernames)) {

	// delete the unwhitelisted account now
	if (!function_exists('wp_delete_user')) {include(ABSPATH.WPINC.'/user.php');}
	wp_delete_user($user->data->ID);
	// probably unnecessary but clear user cache too
	wp_cache_delete($user->data->ID, 'users');
	wp_cache_delete($user->data->user_login, 'user_logins');

	// send alert to blog email about the removed account
	// (mostly so it can be seen when it was created)
	$blogemail = get_bloginfo('admin_email');
	$subject = "[Warning!] Unwhitelisted Administrator Found and Deleted!";
	ob_start(); print_r($user); $userdata = ob_get_contents(); ob_end_clean();
	$body = "An administrator account with username '".$user->data->user_login."'\n";
	$body .= "was automatically deleted because it is not in your admin whitelist.\n\n";
	$body .= "Deleted Admin User Data Object Dump:\n".$userdata."\n\n";
	wp_mail($blogemail, $subject, $body);

	// exit with no warning to unrecognized admin
	wp_logout(); exit;
	}
	}
	}