majick777/administrator-whilelist.php

## administrator-whilelist.php
<?php

/* === AutoDelete new Administrators ===  */
/* (last line of defence against hackers) */

/* Usage: 1. set the admin username list to existing real admin(s) */
/* 2. place this file in your /wp-content/mu-plugins/ directory */
/* 3. remember to update the username list if you add a new admin */
/* 4. harden your security in other ways - do not rely on this */

add_action('init', 'wp_security_administrator_whitelist', 0);
function wp_security_administrator_whitelist() {

	// !!! Modify Admin Username List Before Using !!!
  // !! Never use 'admin' as your admin username !!
	$adminusernames = array('admin');

	if (!is_user_logged_in()) {return;}
  $user = wp_get_current_user();

	if (in_array('administrator', (array)$user->roles)) {
		if (!in_array($user->data->user_login, $adminusernames)) {

			// delete the unwhitelisted account now
			if (!function_exists('wp_delete_user')) {include(ABSPATH.WPINC.'/user.php');}
			wp_delete_user($user->data->ID);
      // probably unnecessary but clear user cache too
      wp_cache_delete($user->data->ID, 'users');
      wp_cache_delete($user->data->user_login, 'user_logins');

			// send alert to blog email about the removed account
      // (mostly so it can be seen when it was created)
			$blogemail = get_bloginfo('admin_email');
			$subject = "[Warning!] Unwhitelisted Administrator Found and Deleted!";
			ob_start(); print_r($user); $userdata = ob_get_contents(); ob_end_clean();
			$body = "An administrator account with username '".$user->data->user_login."'\n";
			$body .= "was automatically deleted because it is not in your admin whitelist.\n\n";
			$body .= "Deleted Admin User Data Object Dump:\n".$userdata."\n\n";
			wp_mail($blogemail, $subject, $body);

      // exit with no warning to unrecognized admin
      wp_logout(); exit;
		}
	}
}
	<?php

	/* === AutoDelete new Administrators === */
	/* (last line of defence against hackers) */

	/* Usage: 1. set the admin username list to existing real admin(s) */
	/* 2. place this file in your /wp-content/mu-plugins/ directory */
	/* 3. remember to update the username list if you add a new admin */
	/* 4. harden your security in other ways - do not rely on this */

	add_action('init', 'wp_security_administrator_whitelist', 0);
	function wp_security_administrator_whitelist() {

	// !!! Modify Admin Username List Before Using !!!
	// !! Never use 'admin' as your admin username !!
	$adminusernames = array('admin');

	if (!is_user_logged_in()) {return;}
	$user = wp_get_current_user();

	if (in_array('administrator', (array)$user->roles)) {
	if (!in_array($user->data->user_login, $adminusernames)) {

	// delete the unwhitelisted account now
	if (!function_exists('wp_delete_user')) {include(ABSPATH.WPINC.'/user.php');}
	wp_delete_user($user->data->ID);
	// probably unnecessary but clear user cache too
	wp_cache_delete($user->data->ID, 'users');
	wp_cache_delete($user->data->user_login, 'user_logins');

	// send alert to blog email about the removed account
	// (mostly so it can be seen when it was created)
	$blogemail = get_bloginfo('admin_email');
	$subject = "[Warning!] Unwhitelisted Administrator Found and Deleted!";
	ob_start(); print_r($user); $userdata = ob_get_contents(); ob_end_clean();
	$body = "An administrator account with username '".$user->data->user_login."'\n";
	$body .= "was automatically deleted because it is not in your admin whitelist.\n\n";
	$body .= "Deleted Admin User Data Object Dump:\n".$userdata."\n\n";
	wp_mail($blogemail, $subject, $body);

	// exit with no warning to unrecognized admin
	wp_logout(); exit;
	}
	}
	}