How to Add a Super Admin User Role in WordPress Multisite

Below are the most reliable methods, starting with the official UI flow. Use the first method whenever possible.

Method 1: Grant Super Admin via Network Admin (Recommended)

This is the safest and most auditable approach because it uses built-in multisite controls.

Open the Network Dashboard
- From any site dashboard, go to the top admin bar:
  My Sites → Network Admin → Dashboard
Go to the network user list
- Navigate to: Users → All Users
Edit the target user
- Find the person you want to promote.
- Click Edit under their username.
Grant Super Admin privileges
- On the user edit screen, look for a checkbox labeled something like:
  - “Super Admin” or “Grant this user super admin privileges for the Network.”
- Check the box.
Save changes
- Click Update User

What should happen immediately

Once granted, the user should see Network Admin options (depending on your UI/menu configuration), including:

Network settings
Themes and plugins (network-level)
Site management (create/edit sites)
Updates (network-wide)

Governance tip: Promote, validate access, then document why the user has this level of privilege and for how long.

Method 2: Grant Super Admin Using WP-CLI (Fast + Scriptable)

WP-CLI is ideal for agencies, dev teams, and infrastructure automation. It’s also a clean way to manage permissions when you have many networks or need repeatable processes.

Run this from your WordPress root directory:

wp super-admin add username

Examples:

wp super-admin add jsmith

wp super-admin list

wp super-admin remove jsmith

When WP-CLI is the best choice

You manage multisite in containers, CI/CD, or hosting environments with shell access.
You need a repeatable workflow for onboarding/offboarding.
You want to avoid UI mistakes and keep operational logs.

Operational best practice
Pair the command with a ticket reference or internal change log entry so you can trace who elevated access and why.

Method 3: Emergency Recovery via Database (Last Resort)

Use this only if you’re locked out of Network Admin and cannot restore access through normal admin or WP-CLI. Database changes are powerful—and risky—so treat them like production surgery.

In multisite, Super Admins are stored in the site_admins entry within the sitemeta table (table prefix may vary). The value is typically a serialized array of usernames.

High-level recovery approach

Locate the multisite meta table (commonly wp_sitemeta).
Find the row where meta_key = ‘site_admins’.
Add the target username to the serialized list carefully.

Important cautions

A malformed serialized value can break admin access or cause unexpected behavior.
Always back up the database first.
If you’re not comfortable editing serialized data, use WP-CLI or a qualified DBA/dev.

If you can regain shell access, WP-CLI is usually safer than manual serialization edits.

Method 4: Optional Hardening — Restrict Super Admin Actions

Many organizations want Super Admins to exist, but with guardrails. While WordPress core doesn’t natively provide “partial super admin,” you can reduce risk by controlling the blast radius:

Disable file editing in admin (recommended):
define(‘DISALLOW_FILE_EDIT’, true);

Disable plugin/theme installation in admin (more strict):
define(‘DISALLOW_FILE_MODS’, true);

Use a security plugin to enforce:
- MFA
- login throttling
- admin change alerts
- audit logs

These aren’t replacements for least privilege, but they do reduce the likelihood that a compromised Super Admin account becomes a network-wide incident.

Verify the User Actually Has Super Admin Access

After promotion, validate access immediately. This avoids confusion where a user thinks they’re elevated but still can’t do the task (often due to caching, wrong account, or misunderstanding network vs site dashboards).

Verification checklist

Log in as the user (or ask for a screen share).
Confirm they can access: My Sites → Network Admin
In Network Admin, confirm visibility of:
- Sites (create/edit sites)
- Users (network user management)
- Themes and Plugins (network-level)
- Settings (network settings)
Confirm they can perform the specific task you intended (e.g., network-activate a plugin).

Common gotcha
A user might be an Administrator on a specific site but still not have Network Admin visibility. Super Admin is not “Administrator++” inside a site—it’s a different permission scope.

Security and Governance Best Practices for Super Admins

Because Super Admin can impact every site, treat it as privileged access and design a policy around it.

Recommended governance model

Minimum necessary Super Admins
- Keep the count low. Many networks operate safely with 1–3 Super Admins.
Time-bound elevation (when possible)
- If someone only needs temporary access, promote them, complete the change, then remove privileges.
Strong auth requirements
- Mandatory MFA
- Password manager use
- SSO where feasible
Audit logging
- Log user changes, plugin installs, theme changes, and site creation/deletion.
Change management
- Tie privilege grants to tickets, approvals, or internal controls.
Incident readiness
- Document how to remove a Super Admin quickly (UI + WP-CLI + DB fallback).
- Maintain backups and tested restore procedures.

Practical risk framing

If a normal Administrator account is compromised, you likely lose one site. If a Super Admin account is compromised, you may lose the entire network. Your controls should reflect that risk differential.

Troubleshooting: When the Option Doesn’t Appear

If you can’t see the Super Admin checkbox or the network menus, the issue is usually one of these:

You’re not in Network Admin
- Fix: Go to My Sites → Network Admin. The checkbox won’t reliably appear in single-site admin contexts.
Multisite isn’t properly enabled
- Confirm multisite is active in wp-config.php (commonly includes define(‘MULTISITE’, true); and related constants).
- If multisite is partially configured, network UI elements can be inconsistent.
Caching or role UI confusion
- Some admin UI changes may appear delayed due to caching layers.
- Fix: Log out/in, clear server cache, and clear any object cache if configured.
You’re editing the wrong user record
- In multisite, a user can be added to a site but not fully managed at the network level in the way you expect.
- Fix: Manage users from Network Admin → Users.
Hosting environment restrictions
- Some managed hosts restrict certain actions via config (file mods disabled).
- This won’t usually hide Super Admin status, but it can limit what Super Admins can do afterward.

Conclusion

Knowing how to add a super admin user role in WordPress multisite is less about clicking a role dropdown and more about applying a network-level permission responsibly. Use Network Admin → Users for the cleanest workflow, rely on WP-CLI for speed and repeatability, and reserve database edits for true emergencies. Most importantly, treat Super Admin access like privileged infrastructure access: grant it intentionally, verify it immediately, and review it regularly.

FAQs

Can I make someone a Super Admin without giving them access to every site?

Not in core WordPress multisite. Super Admin is inherently network-scoped and can affect all sites. If you need limited control, keep them as a site Administrator and delegate tasks via network-activated plugins, restricted settings, or operational workflows.

Why don’t I see the “Super Admin” checkbox when editing a user?

You’re likely editing the user from a single site dashboard instead of Network Admin, or you’re not properly in multisite network mode. Go to My Sites → Network Admin → Users and edit the user there.

Is WP-CLI the safest way to add and remove Super Admins?

WP-CLI is very safe when used correctly, especially for teams that want repeatable, logged changes. For most non-technical admins, the Network Admin UI is safer than manual database edits. WP-CLI is often safer than database updates.

Key Takeaways

What “Super Admin” Means in WordPress Multisite

Prerequisites Before You Promote Someone