Run a Facebook page with other admins? You need to read this

Last year, we showed that it was easier than you might expect to hijack a Facebook page and lock out the original admin.

Here’s a video I made at the time, where I showed just how page hijacking could occur.

Facebook page hijacking is an important issue, because so many companies and celebrities treat their Facebook page as a critical part of their marketing activity, with some brands having millions of fans.

Sign up to our free newsletter.
Security news, advice, and tips.

Don’t forget – a Facebook page which has been hijacked could be used to spread malicious links, spam or scams.. all in your brand’s name!

The good news is that Facebook has now improved protection for Facebook page administrators. Rather than hand over the keys to the entire Facebook page (and effectively give them as much power as you, the original administrator) you can assign your fellow admin lower rights – which can prevent them removing you as an admin.

Facebook admin iconUnder the newly introduced system, page admins can be assigned specific roles: The most powerful role remains “Manager”, but there is also “Content Creator”, “Moderator”, “Advertiser” and – at the bottom rank – “Insight Analyst”.

Facebook page managers have the power to send messages, view insights and create posts and adverts. Crucially, they are also the only role which can access admin roles, and remove other administrators.

In the past, staff who simply wanted to access a Facebook page’s admin panel to view statistics on how users were engaging with it, or running advertising campaigns, needed full admin rights – something which could be a disaster waiting to happen.

Facebook’s Help Center describes the different roles for page administrators.

Admin roles on Facebook

It’s great to see Facebook maturing its system in this way. If you’re in charge of a Facebook page, and sharing access to the page with other people, you would be wise to check the roles used by your co-admins now – and adjust them as required.

Here’s how you check who is an admin on a Facebook page that you administrate:

  • Open your Page’s admin panel
  • Click Edit Page
  • From the left column menu, click Admin Roles
  • Type the names of other people you’d like to add in the open field
  • Click Manager below the name to choose what kind of admin you want to add
  • Click Save Changes

Giving a co-admin too much power may bite you in the bottom later, if their account is compromised or if they become mutinous and try to hijack control of the page from you.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.