WordPress is the most popular and ubiquitous website content management platform on the market, with a market share estimated by some to be over 60%. Website owners (or those responsible for maintaining their WordPress insurance sites) can and should control user access to tasks such as writing and editing, page creation. Category creation, comment moderation, plugin and theme management, user management, by assigning specific roles to all users.
WordPress predefined roles:
-
Super admin
-
Administrator
-
Editor
-
Author
-
Contributor
-
Subscriber
role definitions
-
Super Admin: Provides access to all administration and features throughout the site. This role should be severely limited, as it is the most powerful, and allows the user to make significant changes to the site.
-
Admin: Not as powerful as super admin, but still has access to all admin functions within one website.
-
Editor: Allows users to publish and manage posts, including posts from other users.
-
Author: Allows the user to publish and manage their own posts.
-
Contributor: Allows the author to write and manage their own posts, but does not allow them to publish the content.
-
Subscriber: Read-only access, allowing the user to view content and manage their profile.
By leveraging the power of user access, you ensure a more secure WordPress website. Let’s start by discussing roles and tasks. Each assigned user role allows it to perform a series of tasks called capabilities. There are many possibilities, a few examples are publishing posts, moderating comments and editing users. Default capabilities are pre-assigned to each role, but other capabilities can be assigned or removed, allowing the creation of custom user roles. Greater control and refinement of user roles will improve overall website security and limit user errors that can cause security breaches.
Website owners can also empower their WordPress sites using permission modes. For example, permissions can specify who and what can read, write, modify and open folders and files. This is important because WordPress may need access to write to files in your wp-content folder for the site to work properly.
FTP access is another area that needs to be addressed to improve website security. For example, if you need a third-party contractor to customize your site or customize a plugin, they may need FTP access. But you don’t have to give them full access to the root of your website. Restrict access to the specific area they are working on, such as the theme’s directory. Provide support logs as needed instead of granting FTP access to the logs on your site. And make sure the FTP access and password are time-limited and expire in a week or two (as short as possible).
By following these WordPress best practices, you can ensure a more secure insurance agency website, with greater user role restrictions and website access restrictions.
