Have a WordPress site? Good for you!
Is it only you, or do you have others on your site helping as well?
If it’s only you, or you started the site yourself – is your username “admin”?
Lucky guess on my part (not). 😉
Now all I need to hack your site would be to guess your password over at http://yoursite.com/wp-admin (that’s probably where your login is located too). Scary, eh? Truth is that those are just typical WordPress functions and locations. There’s are ways to move them or rename them but that’s another post.
Here’s the thing
You can create different users roles (even for yourself). Each level dictates what that person can see or do.
Real Life Scenario: Just days ago, I just completed rebuilding the REBarCamp Website from the ground up. The site isn’t my site or my voice, it’s the voice of the community. I started manually adding new voices. I have a few “admins” and I’ve started adding “editors”, we’ll have quite a few of them when we’re done. Once we get going, we’ll add “authors” and “contributors”.
For most sites there are 5 different levels of roles starting with Admin. These levels are set by the Admin. From the WordPress Codex, here’s a breakdown of each.
Summary of Roles
- Administrator – Somebody who has access to all the administration features
- Editor – Somebody who can publish and manage posts and pages as well as manage other users’ posts, etc.
- Author – Somebody who can publish and manage their own posts
- Contributor – Somebody who can write and manage their posts but not publish them
- Subscriber – Somebody who can only manage their profile
Note: There’s a higher level called Super Admins but they are only on Multisites or WPMU (chances are your site is NOT one)
You’ll see in my graphic I have two admins. There’s a reason for that. What would happen if I had an accident? Or what if there was a database error and my login was deleted? There wouldn’t be another way in to the dashboard.
You’ll also see that I’ve added 20 Editors. The reason? These people can edit any other page or post. That’s important for Pages like a FAQ.
Where would I use an Author? If I had someone I fully trusted to write posts without my having to worry about them. When they push the PUBLISH button, that post is LIVE on the site. Hence the full trust part.
A Contributor is like an Author except I want the ability to proofread, check links, and choose the time and date when the post will publish. When someone wants to guest post here, I make them a Contributor first. Later I may move them up to Author or even Editor. There’s only a few people I’ve made Admins – they are truly special.
As for the lowly subscriber, it’s used primarily when you require someone to have a profile on the site before leaving a comment. With all the great comment management systems out there, that seems like a great way to kill comments on your site. 🙁
Related articles
How to Stop Brute Force Attacks on WordPress
He's an avid hockey fan, rides a mountain bike, sometimes rides a road bike, has a few motorcycles (he had a really fast one, bought a cool orange one, rode a really slow one, and now,a perfect "BDR Weapon"). If that isn't enough, he makes cheese and sourdough bread, loves strong beer and good red wine, and poorly plays the Mandolin.
- Slack, Chat or Discord? - April 6, 2021
- Unsplash Bought by Getty Images - March 30, 2021
- Malware in Your Contact Form - March 23, 2021