Readministrator adds a “Read Only Administrator” role. Assign it to a user and they can browse the entire wp-admin like an administrator — Settings, Users, Plugins, Themes, content, comments and more — but they cannot change anything. Every write is blocked at the capability layer.

What read-only administrators can do:

View every admin screen an administrator can see.
Browse Settings, Tools, Users, Plugins, Themes and content lists.
Run a read-only export.

What they cannot do:

Save any Settings page (core or plugin Settings API).
Create, edit, publish, trash or delete posts, pages or media.
Add, edit, delete or promote users (including editing their own profile).
Activate, deactivate, install, update, delete or edit plugins.
Switch, install, update, delete or edit themes.
Edit menus, widgets or the Customizer.
Moderate or edit comments.
Make changes through the REST API (the block editor included).

Known limitations

Enforcement covers core write paths plus the REST API. A small residual surface remains: some third-party plugins that perform writes through their own custom admin-ajax/admin-post handlers, and Network Admin (multisite) screens, are not yet covered. These are on the roadmap.

Readministrator (Read Only Administrator)

Known limitations