Built for WordPress Agencies

Stop Clients From Breaking Their Own Websites

AgencyLocks gives you total control over what clients can do in wp-admin. Pre-built policies, a branded client portal, automatic snapshots, and one-click rollback — so you never lose billable hours to client mistakes.

Get AgencyLocks

Works with WordPress 6.0+ · PHP 8.0+ · Single site & Multisite

AgencyLocks Dashboard
47
Actions Logged
3
Active Policies
12
Snapshots
0
Incidents
Recent Activity
Plugin deactivation attempt Blocked client@acme.com 2 min ago
Post updated: "About Us" Allowed client@acme.com 14 min ago
Auto-snapshot: pre-update Snapshot system 14 min ago
Theme switch attempt Blocked client@acme.com 1 hr ago
The Real Cost of Client Access
The $4,200 Problem

Agencies lose an average of $4,200 per year fixing issues caused by clients with too much access. Sound familiar?

Plugin Roulette

Client deactivates WooCommerce. Store goes offline. You get the call at 11pm. Three hours of unbillable emergency work later, it is back up.

Theme Switcheroo

Client switches themes to "see how it looks." Custom CSS, widgets, menus, page builder layouts — all gone. No backup. You rebuild from scratch.

Settings Safari

Client changes the permalink structure because a blog post told them to. Every indexed URL now returns a 404. SEO rankings crater overnight.

The Accidental Delete

Client "cleans up" old pages. Including the one with the contact form that generates 40% of their leads. No revision history. No backup.

The Solution

Three Modules. Total Control.

AgencyLocks combines policy enforcement, a client-facing portal, and automatic safety nets into one lightweight plugin.

Module 1

Policy Engine

Define exactly what clients can — and cannot — do. Choose from 6 pre-built templates or build a custom policy from scratch. Screen gating, capability filtering, and REST API route blocking all in one place.

6 pre-built templates — deploy in 30 seconds
Screen gating hides entire admin pages
REST API route blocking prevents headless exploits
Temporary access elevation with auto-expiry
Brochure Safe
Builder Safe
WooCommerce Restricted
SEO Collaboration
Blog Team
Maintenance Client
Module 2

Client Portal

Give clients a simplified, branded frontend workspace instead of raw wp-admin. They get what they need — a content editor, media library, and change request tickets — with none of the dangerous controls.

Branded with your agency logo and colors
Built-in content editor and media library
Change request tickets with status tracking
Fully white-labelable — no hardcoded branding
Content
Media
Tickets
About Us
Last edited 2 hours ago
Published
New Blog Post: Spring Sale
Draft saved 30 min ago
Draft
Request: Update hero image
Submitted yesterday
Pending
Module 3

Safety Net

Automatic snapshots before every change. One-click rollback to any point. Safe Mode to temporarily lock clients out during deployments. A full activity log of everything that happened, exportable to CSV.

Auto-snapshots before every client change
One-click rollback with safety snapshot
Safe Mode locks clients out during deployments
Break-glass recovery: wp-config, signed URL, WP-CLI
Pre-update snapshot: options table
Today, 2:34 PM — auto
Pre-update snapshot: navigation menus
Today, 11:02 AM — auto
Pre-update snapshot: active plugins
Yesterday, 4:18 PM — auto
Manual snapshot: pre-deployment
Feb 24, 9:00 AM — manual
How It Works

Up and Running in 60 Seconds

No complex configuration. No reading docs for an hour. The setup wizard walks you through everything.

1

Install & Activate

Upload the plugin and activate it. The setup wizard launches automatically and guides you through initial configuration in under 60 seconds.

2

Choose a Policy

Pick from 6 pre-built policy templates designed for common agency scenarios — or build a completely custom policy with granular controls.

3

Sleep Easy

Clients get a clean, branded portal. You get automatic snapshots, activity logs, and one-click rollback. No more 11pm emergency calls.

Everything You Need

Built for How Agencies Actually Work

Every feature is designed around real problems agencies face every day managing client WordPress sites.

Policy Templates

6 pre-built templates for common scenarios. Deploy a complete lockdown in 30 seconds.

Screen Gating

Hide entire wp-admin pages from clients. Plugins, Themes, Users, Settings — gone.

Capability Control

Surgically remove dangerous permissions while keeping the ones clients actually need.

REST API Blocking

Block specific REST API routes to prevent unauthorized changes through headless requests.

Client Portal

A clean, branded frontend workspace. Clients never need to see raw wp-admin.

Content Editor

Clients can edit posts and pages through a simplified interface without dangerous controls.

Media Library

Upload and manage images in a sandboxed media library. No access to the full WordPress media manager.

Change Requests

Clients submit change requests as tickets instead of trying to make dangerous edits themselves.

Auto Snapshots

Automatic snapshots before every change — options, menus, plugins, posts. Nothing is ever lost.

One-Click Rollback

Restore to any snapshot with a single click. A safety snapshot is created before every rollback.

Safe Mode

Lock all clients out during deployments with one toggle. Unlock when you are done.

Activity Log

Full audit trail of every client action. Filter, search, and export to CSV for your records.

Pricing

Simple, Transparent Pricing

Choose the plan that fits your agency. Every plan includes the full plugin with all three modules.

Pricing Coming Soon
Starter
For freelancers
$ --
Price TBD
  • All 3 modules included
  • 6 policy templates
  • Client Portal
  • Auto snapshots & rollback
  • Single site license
Most Popular
Agency
For growing agencies
$ --
Price TBD
  • Everything in Starter
  • Multi-site license
  • White-label client portal
  • Custom policy builder
  • REST API & WP-CLI access
  • Priority support
Enterprise
For large operations
$ --
Price TBD
  • Everything in Agency
  • Unlimited sites
  • Multisite network support
  • Advanced activity log & CSV export
  • Break-glass recovery tools
  • Dedicated onboarding
FAQ

Frequently Asked Questions

Nothing changes for clients until you apply a policy. Once activated, the plugin sits silently in the background. When you assign a policy to a user role or specific user, those restrictions take effect immediately. Clients will see the Client Portal if you enable it, or a filtered version of wp-admin based on your policy rules. There is zero disruption during setup.

Yes. Temporary Access Elevation lets you grant a specific client access to a blocked screen or capability for a set duration — 1 hour, 24 hours, 7 days, or a custom window. When the timer expires, access is automatically revoked. No need to remember to manually remove it. The elevation is logged in the activity log with start and end timestamps.

AgencyLocks has three break-glass recovery methods. First, you can add a constant to wp-config.php that disables all policies instantly. Second, a signed URL generated during setup bypasses all restrictions when accessed. Third, WP-CLI commands let you disable policies from the command line. You will never be permanently locked out of your own site.

Yes. The "Builder Safe" policy template is specifically designed for sites using Elementor, Divi, Beaver Builder, and other page builders. It allows clients to edit content within the builder while blocking access to theme settings, global widgets, template management, and other areas that could break the design. You can also create custom policies with granular builder-specific rules.

AgencyLocks runs entirely on your WordPress installation. No data is sent to external servers. All policies, snapshots, activity logs, and portal content are stored in your WordPress database. The plugin does not phone home, does not require an external API connection to function, and does not collect telemetry. Your client data stays on your server.

Yes. AgencyLocks supports both single-site and multisite WordPress installations. On multisite, you can network-activate the plugin and manage policies centrally from the network admin, or activate it on individual subsites for per-site control. Policies can be applied network-wide or scoped to specific subsites.

Absolutely. The Client Portal has no hardcoded AgencyLocks branding. You can set your agency logo, brand colors, and custom welcome text. Clients will see your brand, not ours. This applies to the portal interface, email notifications, and any client-facing elements of the plugin.

Before any client-initiated change — options update, menu edit, plugin activation, post edit — AgencyLocks automatically creates a snapshot of the affected data. Each snapshot is timestamped and labeled with what triggered it. To rollback, click the "Rollback" button next to any snapshot. Before executing the rollback, a pre-rollback safety snapshot is created so you can always undo the undo. Snapshots cover options tables, navigation menus, active plugin lists, and post content.

Policies are permanent rules that define what clients can and cannot do on an ongoing basis. Safe Mode is a temporary, total lockout designed for deployments and maintenance windows. When you enable Safe Mode, all client users are immediately locked out of wp-admin and see a branded "maintenance" message. When you disable it, their normal policy-based access resumes. Think of policies as guardrails and Safe Mode as a full stop.

For most agencies, no. The setup wizard configures your first policy, enables the Safety Net with default settings, and optionally activates the Client Portal. You can start using AgencyLocks immediately after the wizard completes. Advanced configuration like custom policies, REST API blocking, and WP-CLI integration is available when you need it, but it is not required to get started.

Ready to Stop Fixing Client Mistakes?

AgencyLocks gives you the control you need and gives clients the access they want. No more emergency calls. No more lost work. No more billable hours spent cleaning up messes.

Get AgencyLocks

Join hundreds of agencies who sleep better at night.