User Roles in WordPress Keep Your Site Safe

Written By PhilG

Bradford Marketing Hub contains articles and information that help small and medium service businesses.

A WordPress website has two main types of content, web pages and blog posts. Pages and posts have many differences, but the differences that matter to us are.

  • The WordPress user roles needed to write pages and posts.
  • And, WordPress automatically organises posts and lists them in categories, it doesn’t do that with pages.
User roles in WordPress.
User roles in WordPress.

By giving users the right user role, you can reduce the chance they’ll break things when they’re logged in. For instance, only someone with the user role of administrator can apply security updates to your website. And someone with the user role of author can write and publish their own blog posts, but they cannot edit or delete anyone else’s pages or posts.

So by carefully choosing which user role you assign to each person on your website team, you make your website safer.

User roles make life easier for the WordPress user, too. That’s because a person given the WordPress user role of author has a limited job to do. They write posts. So, when an author logs in to your website, they don’t see the full WordPress dashboard. They only see the options they need to write posts.

This is how I organise WordPress user roles for a website.

  • Don’t let novice or untrusted users have the WordPress user role of administrator or editor.
  • Only have one administrator and one editor for your website.
  • Only use pages for long term static content, such as the home, about, services and contact pages. You should make most of your website content from blog posts, not pages.
  • Authors can only write and edit their own posts, so it’s safe to give one trusted person in each department the role of author. Then each department can add their own posts to your website.

WordPress uses archive pages to list posts as each department writes them. WordPress does this by automatically listing new posts on the archive pages that correspond to the category and tags you assigned to that post. This means that as soon as you publish a post, your website readers can see and read that post.

Regularly add content to your website.

As a website owner, it’s your job to write new content regularly. If you carefully plan that content, it will be useful to your customers and help you rank higher in Google.

To write content you must be trustworthy and assigned the user role of author.

WordPress has several levels of user role, from subscribers who have little power, to administrators who have the power to delete your website if they wish.

Restrict each user’s role to the minimum required to carry out their task.

  • Administrator carries out maintenance and security updates.
  • Editor can edit all pages and all posts; this is an advanced task.
  • Author writes, publishes, and edits their own posts.
  • Contributor writes but cannot publish their own posts. They must ask an editor to publish the posts they write.
  • Subscriber can log in to a membership site and read content but cannot publish anything.

Have one administrator, one editor, and, if necessary, multiple authors and contributors on your website.

The screen shots below show the WordPress dashboard as different user roles see it.

Administrator user role.

WordPress dashboard as seen by the site administrator.

Site editor user role dashboard.

WordPress dashboard as seen by a site editor.

Author user rloe in WordPress.

WordPress dashboard as seen by a site author.

Assign content creators the user role of author.

By carefully choosing each person’s user role there’s less chance someone will break your website. For instance, authors only write blog posts. They don’t have access to advanced settings such as installing plugins.

Because an author can only write posts, they don’t see the full WordPress dashboard. This makes the author’s job easier to learn, safer, and helps them focus on writing, which is what an author does.

Contributors can write but cannot publish.

If you want a member of staff to write content, but not publish that content until you’ve checked their work, you can assign them the user role of contributor, or ask them to email a word document to an author who can publish the post for them.

Editors can write web pages and blog posts.

In WordPress, you use pages for things like your home, about, services and contact us pages. Most content on a WordPress website looks like pages but is in fact blog posts. You don’t want to mess up the main web pages, such as your home or services page, so only assign editor user role to people with a good understanding of WordPress. Author user role cannot edit pages, authors can only edit posts.

When an author writes posts, they only see the settings they need. For instance, if you have the WordPress user role of author, you cannot create a new post category, or change theme settings such as sidebar, footer, and page width options.

However, blog posts are mainly text and contain lots of information. So, it’s good to have fewer design options when writing posts. It forces you to focus on writing good content and stops you from getting side-tracked with design options.

Keep it simple when writing blog posts.

WordPress will allow you to build fancy, multi column layouts in blog posts. But most blog posts are so narrow that a multi column layout looks silly. I advise having a maximum of two columns for any section or row of a blog post. Web page sections are OK with three or four columns if the layout is wide enough. Blog posts are usually too narrow to hold a four-column grid.

Is it readable on a phone or tablet?

Web designers like to make fancy home and service pages that look good when they present the site to their clients. But many of your customers will never view your website on a laptop or desktop screen, they’ll only view your site on their phone or maybe a tablet computer. So make sure you check any pages and posts you write using a typical modern phone. Fancy designs that look great on large desktop monitors can make it difficult to read on a small phone screen. I recommend you find a suitable compromise between fancy design and a functional website, whatever the screen size it’s viewed on.

Read more useful articles like this in my blog...