Admin toolbar missing for one user – profile settings are correct

  • Resolved studio1337

    (@studio1337)


    2 months, 1 week ago

    I have an odd issue with a user profile not displaying the admin toolbar when they view their site (the dark toolbar that sits at the top of each page), and I’m hoping someone else has seen this same issue and can weigh in.

    The site has a handful of administrators. One of them was hacked, and their account was used to set up a backdoor. We caught the issue before the hacker could deliver their final payload. We cleaned the hosting account, reset their password, set up 2FA for future logins, and set up customized admin roles to restrict access from anything that could break the site in the future.

    The hack was handled quickly and all is well, except now only that one user no longer see the admin bar at the top of the site when they’re logged in. The setting to display the admin bar is checked in their profile, and I also checked the value in the database – ‘show_admin_bar_front’ = true

    The other 3 users who have the same permissions (admin-lite) see it fine. So it’s not a setting at the user role level. Switching plug-ins and themes doesn’t have any effect.

    Is there something else I could check? Has anyone seen an issue where a previously hacked account failed to display the admin bar and you figured out how to make it reappear?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi @studio1337

    There may be several factors contributing to this behaviour. It is advisable to compare the metadata of the wp_usermeta tables for the affected users with that of another administrator to identify any discrepancies. Specifically, check the wp_capabilities to ensure all necessary capabilities are present, even if users share the same role, as some specific capabilities might be missing.

    Additionally, consider enabling debug mode to check if there are any logs generated when logging in with the mentioned user account to see if that gives further clue. However, if there is a concern that the account might have been compromised, it would be better to delete the account and create a new one.

    Regards,

    Nithin

    Thread Starter studio1337

    (@studio1337)

    Hi Nithin,

    Thank you so much for the advice. I will check the wp_capabilities record against other users and see if there’s something amiss. I suspect you’re correct, and the best course of action will be to create a new login and assign content from the old profile to the new one.

    Thread Starter studio1337

    (@studio1337)

    It turns out it was a plug-in issue – go figure. I the site uses Ultimate Member, and that’s where I set up the new ‘admin-lite’ user role. I didn’t see that the plug-in checks the “Force hiding admin bar in frontend” option for you by default when you set up roles. I missed it, and ended up on this wild goose chase. One click and it’s now solved.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.