How secure a website is often depends on small choices site owners make — for example, choosing simple passwords can make it a lot easier for hackers to gain access.
Another important consideration is the permissions we grant to users of the site. When you’re adding a new user, it’s important to consider what level of access they require, and to give them the minimum level of access possible that will still allow them to do the work they need to do!
There are a lot of different permission levels, but let’s just look at the key ones you’re likely to use:
We always recommend you limit the number of “administrator” users, preferably to just two; you and Performance Foundry. We need admin-level access to be able to effectively manage your site!
Make sure your admin users are not called “admin” and choose a particularly secure password for these logins.
If you have an external SEO manager or Virtual Assistant, “editor” may be the correct role for this person. Editors can publish posts written by other users, but can’t make technical changes such as removing or adding plugins.
Authors can publish and manage their own posts, so this is a great role for trusted contributors to the site.
If you prefer to manage the publishing of posts yourself (or if you leave that to an editor) site contributors should be given “contributor” status. This allows them to log in and create posts within WordPress, but they can’t publish them.
Be aware that contributors can't upload images, so if you need your writers to do that, you'll need to make them "authors".
Subscribers can’t manage any aspect of the site except their own profile.
What about Super Admin?
Super Admin is an administrator role for multisites. If you have a single WordPress install, administrator is effectively the same as super admin, even if it doesn’t sound as cool.
We recommend you look through your site periodically and remove or downgrade inactive users. If you choose to remove a user, be careful to attribute their work to another user, or you may find that large swathes of your website is deleted or stops working. See this article for instructions for deleting users.
You can also read more about user roles in the WordPress Codex.
Creating new users
One important thing to note when creating new users is that some names are off-limits. For example, you can't use any of the titles above as usernames (editor, author, contributor etc.). You also can't include spaces or special characters in a name. So "examplename" would be an acceptable username but "example name" or "example.name" wouldn't.
If you're having problems creating a new user, check that you aren't using a restricted name or special character, as this might be the reason the system is rejecting your request.