Disable the Sitecore admin user

A basic Sitecore 1-0-1 security check is to see if the admin account still uses the standard password.

It is commonly seen that sites go into production with the admin / b still working.

A way to ensure this does not occur is simply to disable the admin account when building to release or other public facing configurations.

Disable Sitecore admin user

We first create a setting for toggling if the admin user should be disabled.

We then create a processor in the initialize pipeline as follows:

And patch it into the end of the initialize pipeline.

This processor reads the setting and enables/disables the admin user accordingly.

Next thing to do is to switch the setting value depending on build configuration. This is dependent on your build environment so this post cannot help you with this.

Note that this code will simply make the admin user not being able to log in when the setting is set to false. So if the admin user is used by anyone then this is not the code you are looking for.

That was it.


Anders Laub

Anders Laub Christoffersen

Anders has been working with Sitecore for over a decade and has in this time been the lead developer and architect on several large scale enterprise solutions all around the world. Anders has been nominated a Sitecore Technical MVP three years in a row for 2014, 2015 and 2016. Anders is now working as a Sr. Solutions Architect at Sitecore in Copenhagen.

2 thoughts on “Disable the Sitecore admin user

Leave a Reply

Your email address will not be published. Required fields are marked *