Who should have access to your website?

Your website is critical to your business, and you should be careful who you allow to access the administrative back end of your site.

You may have employees or outside vendors who contribute articles, make updates or maintain your site’s themes and plugins. One of the benefits of WordPress is that you can easily set up new users and give them the specific access they need (and nothing more).

The basics of WordPress security and access rights

Don’t share your login with others.

Create a new account for anyone who will access the admin dashboard.

But, you don’t have to give everyone the same access and privileges.

A typical WordPress website may have pages, a blog, forms, and an array of plugins all doing different functions. Now think of your editors, authors, contributors, and admins. Each user needs access to the WordPress dashboard, but access levels should vary. 

We recommend that you follow the Principle of Least Privilege.

What is the Principle of Least Privilege?

The principle of least privilege (PoLP)  was formulated by Jerome Saltzer, who stated, “Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.”

More simply: don’t give users access beyond what they need. Only the minimum necessary rights should be assigned. It is a cybersecurity best practice and a significant step in protecting your website.

This can apply to more than your websites, such as company files, physical assets, and more. Just as you probably wouldn’t give a new employee the keys to the CEO’s desk, you may not want to provide them with a password that grants complete access to your website.

How does the Principle of Least Privilege apply to WordPress?

Laziness often works against the principle of least privilege. It’s sometimes easiest to assign everyone the same role. No research, no back and no forth requesting more access, easy peasy, right?

Let’s get into why we shouldn’t access more than needed. 

The Admin access to WordPress has a lot of potentially dangerous power, including adding or deleting other users or deleting a site entirely. As you can imagine, giving this ability to someone who has mischievous or ill intentions could cause some severe harm to your site.

Sometimes intentions aren’t malicious. A well-intentioned but inexperienced user with admin privileges could change a theme without understanding the consequences or remove a plugin because they didn’t know it was performing an essential function on the site.  

Best Practices for setting up WordPress Users

Use WordPress roles to implement PoLP

Become familiar with what the capabilities and roles are for WordPress users. Understand what different users need to access and assign them a role that matches only up to that need, no more. 

Some plugins will allow you to assign specific privileges based on a particular user role. There are also several plugins that you can use to create new and custom WordPress roles if you aren’t finding a perfectly matched role for your needs. Conducting some research to determine privileges needed and testing can take some time to assess and discern, but it’s well worth it.

Allow for the shortest duration necessary 

Remember to scale back or remove privileges when they are no longer necessary or appropriate. Sometimes users may be granted additional access, say to complete a particular update, but it’s important to remember to revert once the work is complete. 

As an example, when troubleshooting a theme or plugin, the author may request temporary access to your site for troubleshooting. These temporary users should be removed as soon as access is no longer needed. 

Reassess frequently

If you are performing regular maintenance on your site (you should be), that may be an excellent time to review your users and determine if there are any that should be removed or have their roles adjusted.

Frequent reviews will help identify updates that need to be made. You may have an employee who was bumped up to an Editor role to post while the regular editor was out. Or check for employees who have changed jobs and should no longer have access at all.