Underpants. They’re like masks. And they’re also like user accounts for your WordPress website. Here’s how to keep ’em (and I mean the user accounts here) clean and safe.
Assign user roles
You wouldn’t share your underpants or your mask, that would be plain revolting. Same applies to WordPress user accounts. If you have reached the point where multiple people need access to your WordPress site, it’s time to give each one their own user account. In general, WordPress sites have the following user roles:
- Administrator. This is the person with full access to the website.
- Editor. This role can publish and edit posts from every other user.
- Author. Can publish and manage only their own posts.
- Contributor. Contributors can write and submit posts for review, edit them, but not publish them.
- Subscriber. The lowest level of user who only gets access to their own profile.
Ecommerce sites add two extra: Shop Manager and Customer. This is particularly helpul to teams where members have various responsibilities, for example. You might not want to give each person full access to your website, especially anyone still learning WordPress, or unfamiliar with how the dashboard works, for instance. You don’t give the keys of your car to just anyone. You firstly need to know whoever drives your car has the ABILITY and secondly, that you can TRUST them not to drive off with your vehicle. Assigning a particular level of user account is helpful this way.
Who did what?
The more users on your site, the more activity there will be – and this can be a challenge to monitor. Install some kind of logging software to your site to keep tabs on who’s doing what.
Most folk have the most dreadful password habits. If you use software like WordFence on your site, all users are forced to create strong passwords.
Practise User Hygiene
If you have granted someone temporary access to your site – like a developer, for instance – once they have finished working on the site, either reduce their user role or delete the account you created for them completely.
Another useful tip is to ensure that, after a period of inactivity (keeping the dashboard open in a browser tab for a length of time), that a user automatically gets logged out from the site. There are plugins to manage this.
* Your email address is kept secure and not passed on to third parties.