We’ve talked about using strong passwords, not using ‘admin’ or ‘administrator’ as usernames, updating plugins. What else can you do to secure your site?
Let’s talk about user management.
A user is anyone who has been assigned access to the back end of your site.
Out of the box when you install WordPress, there are five default user roles:
- Administrator – somebody who has access to all the administration features within a single site.
- Editor – somebody who can publish and manage posts including the posts of other users.
- Author – somebody who can publish and manage their own posts.
- Contributor – somebody who can write and manage their own posts but cannot publish them.
- Subscriber – somebody who can only manage their profile.
An administrator has total access to your site, so you need to trust that user… not how honest they are, but rather do they know ‘enough’ to not inadvertently make a mistake and change something that can’t be reversed? And what if someone leaves your company? Do you still want them to have access to your site?
Typically there should be no more than two administrators. perhaps you and your web designer. Everyone else can have varying roles, depending on what they need to do in or with the website.
Best practice is to give the lowest level of access that is reasonable for
Do you want to learn more about how to secure your site?
Get your FREE copy of WordPress Security Checklist below.
If this checklist overwhelms you, I can help you secure your site. Sign up at www.solowebsolutions.com/pom