Do you know why all of your pages and posts should be under your Author account? Because if someone gets ahold of the credentials for this account the damage will be minimal and certainly way less than using an admin account.
The best use to publish content on your site is by creating an author account and not using your administrator WordPress account. Keep reading to find out why.
My neighbor was a lovely lady who trusted everyone. And she passed out keys to her house like they were candy. All of the neighbors had a key “in case anything happened,” the gardener had a key so he could get into her garage, the delivery guy had a key so he could drop off packages, the dog walker too. So many people had access to her home that she lost track of who all had keys. While everyone took care of Sally and nothing bad happened, that isn’t always the case.
We tried to get her to install a keypad on her garage door to stop giving out keys and start giving out codes, and when they needed to be changed, she only had to change one thing, the keypad numbers.
Fortunately, Sally was never robbed or had any damage done to her home because who knows how many people had access to her house but things could have been very different if one person with ill intentions did.
The same goes for your WordPress site. Giving out Administrator accounts is the same as giving our keys to your home, while having a keypad that only allows you access to the garage is like handing out an Author account.
And by now you should know that using admin as your username is a no-no. Keeping your site safe from hacking is hard enough without handing over a generic master key to those trying to get in the door.
I like to take my security one step further and only use the administrative role for just that. Administration takes like changing a theme, adding a plugin, or tweaking some code. Instead, I use an author use account to publish my content.
But before we begin let’s talk roles of the WordPress ecosystem.
The Role of The Admin
The role of the admin is somebody who has access to all the administration features within a single site. That means that anyone with access as the admin can do a lot of damage to your website if they aren’t WordPress savvy or have your best interest at heart. Basically, the administrators hold the keys to the kingdom, including changing themes, modifying core files, add other users, and deleting items.
The role is generally reserved for site owners or those providing technical support. Before you hand out admin roles, you need to know why the person asking for it needs to have those capabilities. For example, someone such as myself who provides development and design support needs to have access as an administrator to keep things running smooth and make adjustments needed.
However, you need to keep your main admin role as the owner separate from others. This way you can never be locked out of your site due to a password change or be held hostage by someone else.
If you need to give admin access to another, check out this quick video to show you how to set that up.
Now before we move on, what do you do if you’re account is using username admin? Check out this video to show you how to easily change this information.
The Role Of the Author
The role of the author is somebody who can publish and manage their own posts. That means that anyone with an author account can publish, edit or delete their own posts but cannot access anything created by other users. And they cannot edit or delete pages.
This is the role that I suggest my clients use when publishing pages and posts. The main reason is that if someone gets a hold of your user account, they cannot do as much damage as the admin.
If you need to set up author access to publishing your pages and posts, check out this quick video to show you how to do that.
The reason to use the author account is to add an extra level of security, even if you’re a one-person show. So when your author archives do show to someone savvy enough to find those, it will be the account that can do the least amount of damage to your website or blog.
Also, you want as much control over your website as possible, and when you have outside help to create adding and publishing content for you, you don’t want them to wander into areas that can cripple your website.
The Other Roles
The WordPress roles are not limited to these two roles and you can find out more about them in the WordPress Codex.
What account to create for your team members
- A VA can log in using the author role to publish blog posts. This way, items can be published and optimized without having access to other vital parts of the website.
- A copywriter has author access to draft and schedule posts that they are creating for your site. This will allow them to get all posts published to the public without access to other parts of the website or additional copywriter accounts.
- An editor has an editor role, so they can manage all posts, create and edit pages, and has access to every other piece of content published on the blog, including categories and tag management.
- A backup developer has an editor role and access to my WordPress backend via FTP so that if they need to do any coding changes they can do so. I use this method instead of an admin account because it allows for access to the WordPress and theme files in a different manner so that if something breaks, they can easily fix it.
- Guests posters can have contributor access so they can draft their articles and add them to your WordPress site but can’t publish or delete. The contributor user account makes sense when you have lots of people who want to publish on your site with minimal access to keep your articles from getting removed.
The main goal of your website is to keep it safe and out of the hands of unsavory help and hackers. Many people post on their administrator account, not knowing the ease of information any hacker can get. But you can keep that from being a worry by following the simple guidelines outlined above.
If you have questions about which account to use for your team or your business, let me know. And if you’re not sure about the setup or security of your site, schedule your audit today so I can take a look at easy changes you can make right away.