If a suspicious Facebook Page admin appears, act quickly: verify access, remove the account if possible, and secure every connected role.
This guide explains the safest way to do that without losing control of your Page.
What a suspicious Facebook Page admin usually means
A suspicious admin is any account with Page access that you do not recognize, do not trust, or do not believe should have management permissions.
On Facebook, Page access can include admins, editors, moderators, advertisers, analysts, and content creators, depending on whether the Page uses classic Page roles or the newer Meta Business Suite access model.
The risk is not just unwanted posts.
An unauthorized admin can change the Page name, remove legitimate admins, run ads, edit business information, and lock you out of Meta Business Manager or the Page itself.
Check what kind of access the account has
Before you try to remove anyone, identify whether the suspicious person has Page access, task access, or full business ownership inside Meta Business Manager.
The removal steps depend on where the permission lives.
- Classic Page roles: Admin, Editor, Moderator, Advertiser, or Analyst permissions assigned directly on the Page.
- New Page access: Facebook Page access managed through Facebook settings with task-based permissions.
- Meta Business Manager access: Business assets, people, partners, and system users connected to the Page.
If the suspicious account is only a Page editor or advertiser, removal is usually straightforward.
If it is a business admin in Meta Business Manager, you may need additional verification and ownership checks.
How to remove a suspicious Facebook Page admin
If you still have legitimate admin access, remove the suspicious account from the Page settings as soon as you confirm it should not be there.
The exact labels may differ slightly depending on whether your Page uses the new Pages experience or the older interface.
From a desktop browser
- Open the Facebook Page.
- Go to Settings or Page Settings.
- Select Page access, New Pages Experience, or Page roles.
- Find the suspicious user name, account, or business account.
- Select Remove or Delete access.
- Confirm the action with your password or two-factor authentication if prompted.
From Meta Business Suite
- Open Meta Business Suite or Business Settings.
- Choose the correct business account and Page asset.
- Review People, Partners, and System Users.
- Remove the suspicious person from the business or revoke access to the Page asset.
- Check whether the account has additional asset permissions, such as ad accounts or Instagram accounts.
After removal, refresh the Page access list and confirm the account no longer appears.
If multiple suspicious users exist, remove all unauthorized access in the same session.
What if you cannot remove the admin?
Sometimes the suspicious account is the only admin, or a fraudulent user has already removed the legitimate owners.
In that case, recovery usually requires proving ownership to Facebook or Meta and regaining access through official support paths.
- Use account recovery: Try to regain access to the Facebook profile that originally owned the Page.
- Check email and phone security: Reset passwords and secure the email account tied to the Page.
- Review Meta Business Manager: Look for hidden partners, assets, or system users you did not authorize.
- Contact Meta support: Use business support, help center forms, or in-product support if available.
For business-critical Pages, prepare documentation such as government ID, business registration details, domain verification records, and screenshots that show your relationship to the Page.
These materials can help Meta review your claim.
Signs your Page may be compromised
Suspicious admin access is often part of a larger compromise.
Watch for changes that suggest a bad actor has been active before you noticed the account.
- Unexpected Page name, category, or username changes
- New ad campaigns you did not create
- Changed contact email, phone number, or website
- Removed Page admins or business managers
- Posts deleted, unpublished, or scheduled without approval
- Unfamiliar login alerts or security warnings from Facebook
If you see several of these signs, assume more than one area may be exposed and move into full incident-response mode rather than a simple access cleanup.
How to secure the Page after removal
Removing the suspicious Facebook Page admin is only the first step.
Strengthen the Page immediately so the same problem does not happen again.
Lock down every connected account
- Change the password on all trusted Facebook profiles with Page access.
- Enable two-factor authentication on each profile and in Meta Business Manager.
- Remove unknown devices and active sessions from Facebook security settings.
- Update recovery email addresses and phone numbers.
Audit roles and permissions
- Limit full admin access to only a small number of trusted people.
- Use task-based access where possible instead of broad ownership rights.
- Review partners, agencies, contractors, and system users in Business Settings.
- Remove obsolete ad account and asset permissions.
Verify business assets
If your Page is tied to a real business, verify the business in Meta Business Manager, confirm the domain, and document the official owners.
Verified business assets are easier to manage and usually easier to recover after a dispute or breach.
Best practices to prevent future unauthorized admins
Prevention matters because Page access often expands over time as teams, agencies, and contractors come and go.
A short review process can stop a future security issue before it starts.
- Assign access only to named individuals, not shared logins.
- Review Page roles monthly or after any staffing change.
- Use a password manager for shared team credentials, if any are unavoidable.
- Avoid granting admin access to freelancers when editor or advertiser access is enough.
- Keep a written record of who has access and why.
For agencies managing client Pages, require formal offboarding when contracts end.
That should include removing the person from Meta Business Manager, revoking Page access, and confirming the client remains the sole owner of the asset.
When to report the issue to Facebook
If you believe the suspicious admin is part of hacking, impersonation, or business identity theft, report it through Facebook’s support and security channels.
This is especially important if the attacker changed payment methods, ran ads, or attempted to extort you for access.
Use reporting tools when:
- The admin cannot be removed because they control ownership.
- The Page has been repurposed for spam, scams, or policy violations.
- Your personal Facebook account was also compromised.
- You need help restoring business asset ownership.
Provide clear evidence, explain the timeline, and include what changes were made without authorization.
The more specific your report, the easier it is for support teams to evaluate it.
Checklist for quick action
- Confirm whether the account is truly unauthorized
- Remove the suspicious Facebook Page admin from Page access or Business Settings
- Review all other people, partners, and system users
- Change passwords and enable two-factor authentication
- Check for changes to Page details, ads, and business assets
- Document the incident and save screenshots
- Report the issue to Meta if removal is blocked or ownership is disputed
For any Page that supports a brand, nonprofit, or local business, speed and documentation are the key factors that make recovery easier and reduce the chance of repeat compromise.