Title: Complete Frappe Security Guide: Block Administrator Installation & Configuration Author: Immanuel Raj Published: July 30, 2025 --- ![Logo for Frappe Administrator Block featuring a blue hexagon with a white padlock icon on the left, and the text 'FRAPPE Administrator Block' in bold and regular navy blue font on the right, set against a white background.](https://cdn.immanuelraj. dev/immanuelraj.dev/wordpress/images/Featured-Images/FI-complete-frappe-security- guide-block-administrator-installation-configuration.png) # Complete Frappe Security Guide: Block Administrator Installation & Configuration [July 30, 2025](https://immanuelraj.dev/secure-frappe-admin-block-administrator-guide/) — by [Immanuel Raj](https://immanuelraj.dev/author/iamimmanuelraj/) in [ERPNext](https://immanuelraj.dev/category/erpnext/), [Frappe](https://immanuelraj.dev/category/frappe/) Read Time 7–11 minutes Secure your Frappe Framework installation from unauthorized access and brute-force attacks with Block Administrator, a professional-grade security enhancement app. This comprehensive guide provides detailed installation instructions, configuration steps, and best practices for implementing enterprise-level administrator account protection in your ERPNext environment. ## Prerequisites for Frappe Administrator Security Before implementing Block Administrator in your production environment, ensure your system meets these essential requirements for optimal security performance: * **Frappe Framework Version 15+:** Fully tested and compatible with the latest Frappe releases * **Bench CLI Access (Not necessary if on Frappe Cloud):** Administrative command- line access to your Frappe bench environment * **System Administrator Privileges:** Access for app installation and configuration * **Alternative Administrator Account:** Create dedicated user accounts with System Manager role before blocking administrator #### ⚠️ Important Security Notice **Block Administrator does not block by default.** After installation, you must manually enable the security feature in System Settings to activate administrator login protection. **Best Practice:** Create dedicated user accounts with appropriate roles and permissions instead of using the default Administrator account for daily operations. ## Complete Block Administrator Installation Guide Follow this detailed step-by-step process to implement Block Administrator security in your Frappe environment. Each step includes validation methods to ensure proper installation. ### Step 1: Download Block Administrator from Official Repository Navigate to your Frappe bench directory and download Block Administrator from the official GitHub repository. This ensures you’re getting the authentic, GPLv3-licensed security app with the latest security patches and compatibility updates. ```wp-block-code # Navigate to your bench directory cd /path/to/your/frappe-bench # Download Block Administrator from official repository bench get-app https://github.com/iamimmanuelraj/block_administrator # Verify download ls -la apps/ | grep block_administrator ``` ### Step 2: Install App on Your Frappe Site Install Block Administrator on your specific Frappe site. This process integrates the security hooks into your site’s authentication system, but the protection remains disabled until manually activated. ```wp-block-code # Install app on your site (replace 'your-site-name' with actual site) bench --site your-site-name install-app block_administrator # Verify installation bench --site your-site-name list-apps | grep block_administrator ``` ### Step 3: Create Alternative Administrative Accounts **Critical Step:** Before enabling administrator blocking, create dedicated user accounts with System Manager role to ensure continued administrative access. ```wp-block-code # Create a new administrative user bench --site your-site-name add-user admin.user admin@yourcompany.com # Assign System Manager role (has nearly all administrator privileges) bench --site your-site-name set-user-role admin.user "System Manager" # Set a secure password bench --site your-site-name set-password admin.user secure-password-here # Verify user creation bench --site your-site-name list-users ``` #### 💡 Administrative Account Best Practices **Why avoid the Administrator account?** * **Security Risk:** “Administrator” is a well-known target for attackers * **Audit Trail:** Individual accounts provide better accountability * **Role-Based Access:** System Manager role provides necessary privileges without full administrative access * **Granular Permissions:** Assign specific roles (Accounts Manager, HR Manager, etc.) based on actual needs ### Step 4: Enable Administrator Blocking in System Settings After installation, manually enable the blocking feature through the System Settings interface. This step is required to activate the security protection. 1. Log in to your Frappe site with administrator credentials 2. Navigate to **Settings → System Settings** 3. Click on the **Login** tab 4. Find the **“Block Administrator Login”** option 5. Enable the checkbox to activate administrator blocking 6. Click **Save** to apply the changes ### Step 5: Restart Services and Validate Security Restart your bench services to ensure the security settings are properly loaded, then test the implementation. ```wp-block-code # Restart all bench services bench restart # For production environments sudo supervisorctl restart all # Test administrator login blocking # Try logging in as Administrator - should be blocked # Try logging in with your System Manager account - should work ``` ## How Block Administrator Works: Technical Architecture Block Administrator implements targeted security by specifically blocking only the default “Administrator” account from login access while preserving all system functionality and alternative authentication methods. ### Selective Login Protection #### 🔒 What Block Administrator Actually Does **Blocks ONLY:** Login attempts using the “Administrator” account via email/password authentication **Does NOT affect:** * Internal system processes and background operations * Cron jobs and scheduled tasks * API calls and integrations * Database operations and migrations * Other user accounts or authentication methods The app uses Frappe’s authentication hooks to intercept login requests specifically for the Administrator user, preventing unauthorized access while maintaining full system functionality. | Account Type | Login | System Access | Best Practice | | 👑 Administrator | 🚫 Blocked | ✅ Full Access | ❌ Not for daily use | | 🛠️ System Manager | ✅ Allowed | ✅ Full Access | ✅ Admin tasks only | | 👤 Regular User | ✅ Allowed | ✅ Full Access | ✅ Everyday use | ## Security Benefits and Risk Mitigation Implementing Block Administrator provides comprehensive protection against administrator- targeted attacks while maintaining complete system functionality. ### Brute Force Attack Prevention * **Eliminates High-Value Targets:** Removes the most privileged account from direct attack surface * **Reduces Attack Success Rate:** Forces attackers to target less obvious accounts * **Prevents Credential Stuffing:** Blocks automated login attempts using common passwords * **Maintains System Integrity:** All background operations continue normally #### 🛡️ Why This Approach Works Attackers typically target the “Administrator” account because: * It’s a known default account name across Frappe installations * It has the highest privilege level * Users often keep default passwords or use weak passwords * It’s the most valuable target for system compromise **Block Administrator stops these attacks at the login level while preserving all functionality.** ### Recommended Account Management Strategy Instead of using the Administrator account, create dedicated accounts with appropriate roles: * **System Manager Role:** Nearly all administrator privileges for technical operations * **Accounts Manager Role:** Financial and accounting operations * **HR Manager Role:** Human resources and employee management * **Custom Roles:** Specific combinations of permissions for specialized users ## Troubleshooting and Common Issues Comprehensive troubleshooting guide for common issues and configuration problems in enterprise environments. ### Installation and Configuration Issues * **App Installed but Not Blocking:** Check System Settings → Login tab to ensure the feature is enabled * **Cannot Find Login Settings:** Ensure you’re logged in with administrator privileges before installation * **Permission Errors:** Verify bench user has appropriate permissions for app installation * **System Operations Failing:** Block Administrator only affects login; check other system components if operations fail ### Emergency Access Procedures If you need to regain Administrator account access: ```wp-block-code # Method 1: Disable blocking via System Settings # Log in with System Manager account and disable the feature # Method 2: Temporarily uninstall Block Administrator bench --site your-site-name uninstall-app block_administrator # Method 3: Create emergency System Manager account bench --site your-site-name add-user emergency.admin emergency@yourcompany.com bench --site your-site-name set-user-role emergency.admin "System Manager" bench --site your-site-name set-password emergency.admin secure-password ``` ### Official Documentation and Resources * [Block Administrator GitHub Repository](https://github.com/iamimmanuelraj/block_administrator)– Complete source code, technical documentation, and development roadmap * [Frappe Cloud Marketplace](https://cloud.frappe.io/marketplace/apps/block_administrator)– Official app listing with community reviews and ratings * [Comprehensive User Documentation](https://immanuelraj.dev/user-documentation-block-administrator/)– Detailed installation guides, configuration examples, and troubleshooting procedures * [Professional Support Services](https://immanuelraj.dev/block-administrator-support/)– Technical support, consultation, and enterprise deployment assistance ### Community and Development * [Frappe Framework Documentation](https://frappe.io/framework) – Essential reading for understanding the underlying architecture * [Frappe Community Forum](https://discuss.frappe.io/) – Active community discussions and Block Administrator support threads * **Response Times:** GitHub issues typically reviewed within 1-7 days, critical security issues receive priority attention * **Contributing:** Open source contributions welcome following GPLv3 license terms and contribution guidelines ## Conclusion: Implementing Smart Administrator Security Block Administrator provides a targeted security enhancement that specifically protects the most vulnerable account in your Frappe installation. By blocking only the Administrator account from login while preserving all system functionality, it offers an ideal balance of security and operational continuity. The key to successful implementation is understanding that this tool encourages best practices: using dedicated accounts with appropriate roles instead of relying on the default Administrator account. This approach not only improves security but also provides better audit trails and accountability. #### 🚀 Ready to Implement? **Follow this checklist:** * ✅ Install Block Administrator * ✅ Create dedicated System Manager accounts * ✅ Enable blocking in System Settings → Login tab * ✅ Test alternative account access * ✅ Document the new security procedures for your team Ready to secure your Frappe installation with smart administrator protection? [Download Block Administrator today](https://immanuelraj.dev/block-administrator/) and implement enterprise-grade security that actually works with your workflow. [administrator-security](https://immanuelraj.dev/tags/administrator-security/) [authentication](https://immanuelraj.dev/tags/authentication/) [block-administrator](https://immanuelraj.dev/tags/block-administrator/) [Frappe](https://immanuelraj.dev/tags/frappe/) [frappe-framework](https://immanuelraj.dev/tags/frappe-framework/) [security](https://immanuelraj.dev/tags/security/) --- [Previous: Customize Frappe Reset Password Email Template](https://immanuelraj.dev/customize-frappe-reset-password-template/) [Next: How to Add Floating IP to Ubuntu and Debian Servers with Netplan](https://immanuelraj.dev/netplan-floating-ip-configuration/)