By Princess Jones
Your small business website is often the work of a team of users. Fortunately, WordPress makes the process a little easier with comprehensive user settings. You can delegate tasks to other users based on your needs. But more WordPress users also means more potential security problems. Exerting some control of your author settings can prevent common problems before they even start.
For a long time, WordPress’s default option was to allow anyone to create a low level profile on your site. Even if you didn’t leave a meta login link on your website, WordPress sites all have the same URL structure of logins and registrations. So, you might have users signing up even if you don’t explicitly offer it.
Unless you’re using WordPress as a retail store or a type of membership site, you don’t need to allow random people to sign up as users to your website. You can disable it by going to Settings on the left menu in your website’s WordPress dashboard.
Scroll down to Membership and uncheck the box next to it that reads “Anyone can register.” If you ever need to allow people to self register on your site, you can go back and check it again.
When you’re creating users on your site, give them the least amount of access as possible. There are only five types of roles for single sites–admins, editor, author, contributor, and subscriber. Each has its own limitations in place for a reason. So, if you only need a user to be able to upload and publish content, stick to author rather than giving them admin privileges.
Speaking of admins, they have the most permissions of all of the common users. Not only can they make important changes to your WordPress installation, they can add or remove other users. So if you have allowed someone — say a website designer or a business partner — to be an admin on your website, they could possibly remove you as an admin and lock you out of the website.
To avoid this scenario, only allow admin access to those who truly need it. Also, remove them as soon as they no longer do. And if you get locked out of your website, you can add yourself back if you access to the backend of your site hosting and using MySQL. But it’s far less of a headache to just keep your admin list short and sweet.
Strong Password Policies
Password strength is an important security measure for your website. If someone has access to your backend, you want to make sure their account is secure. Otherwise, a malicious person could use that security hole to do some bad things to your site.
Start with requiring strong passwords — those with significant length, letters, numbers, and symbols. You can assign the password for each user when you add them to the site. WordPress will give you the option to generate the password and email it to them. This will take the guesswork out of the process.
Not only should you require strong passwords for your users, consider requiring that they change their passwords every so often without reusing old ones. This isn’t built into the WordPress installation organically, but plugins like Expire Passwords can help you add that functionality to your website.