User Security

In this tutorial, we look at ways to improve user security as part of your overall web security plan.

WordPress Security TutorialsThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at ways to improve user security as part of your overall web security plan.

***

User Security

While malicious software from unknown hackers living in some remote, distant location is often responsible for causing widespread damage to computers and websites around the world, it’s important to remember that sometimes, it’s the people closest to you that can pose even more significant security threats.

Attacks on your computer system, network and website can come from people that you have given login access to. It’s important, therefore, to learn how to take basic security precautions when other users have access to your assets.

Keeping Your WordPress Site Safe From Guests & Employees

(Note: some of the information below also applies to keeping your computer safe!)

You may have specific reasons for letting other people log into your website. For example, you may want to allow guest bloggers, reviewers, or columnists to post content under their own user accounts. To do this, they may need to be given login access with their own username and password so they can add and edit their own posts, saving you the time and work of publishing content.

Develop and implement a user security plan for your business

(Develop and implement a user security plan for your business)

Many businesses not only assign website or blog management tasks to staff members or employees, but it’s also becoming more common nowadays to outsource tasks like keeping your site or blog updated, performing SEO or social media work, or publishing/editing content to virtual assistants and administrators, service providers, online marketing agencies, and freelancers. All of this exposes your computer and/or website to a number of potential security threats.

Here are a few simple and basic rules for keeping your WordPress website safe in these situations:

NEVER Give Out Your Administration Access Details

You should always keep your admin access protected – only the business/website/blog owner should have Admin access. The reason for this is not necessarily that your guests or employees might do anything malicious with the admin access (although this has been known to happen), but that you may be opening up a security risk in that they could have their passwords broken or hacked, which could then allow someone else to get into your site through their account.

The more ways there are to access your account, the greater the likelihood that a hacker could find a way to get in.

If you have to give someone temporary admin access to your computer or your site (e.g. a web developer or software support technician), create a temporary admin account, and delete the account immediately after the work on your computer or site is completed.

If, for any reason, someone has to login to your computer or website using your admin account, at least change the password before giving them access.

After the work is done, change your password again (and also change your WordPress security keys).

help To learn more about WordPress Security Keys, see the tutorial below:

redarrow WordPress Security Keys

Grant The Lowest Access Level Required To Users

Always grant users the lowest level of access they need to perform a task or complete a job (e.g. contributor, author, editor, etc …).

Under no circumstances should you make someone else an administrator of your site unless it is absolutely essential to do this.

help To learn how to create and manage user accounts and how to assign user roles and responsibilities, see the tutorial below:

redarrow Managing WordPress Users

Change Passwords When Users Leave

When someone leaves your organization, whether they were employed or outsourced, make sure that you immediately change all passwords associated with their account, or simply delete their user account altogether.

Change Admin Passwords From Time To Time

Change all admin-level passwords from time to time, especially if you outsource your WordPress maintenance or administration to different people who need an admin account to login.

Delete Unused User Accounts

If you have any user accounts on your WordPress installation that are no longer required, delete them from your site.

Tip

This suggestion also applies to WordPress sites with registration forms (e.g. directory sites, free membership sites, etc …), if you notice spammers registering with fake user accounts …

User Security

Create A Security Plan For Your Business

In addition to the basic security precautions described above, make sure to develop and implement/review security plans to prevent malicious or unauthorised users from accessing other entry points to your business. This includes:

redarrow Password Security

redarrow Web Hosting Security

redarrow Computer Security

redarrow Software Security

redarrow Email Security

redarrow Browser Security

***

"Wow! I never knew there's so much to learn about WordPress! I bought one of the WordPress for Dummies three years ago, such authors need to be on this course!" - Rich Law, Create A Blog Now

Disclaimer: This site has no association with WordPress, Automattic, or any of the products discussed on this website. We may receive financial benefits or affiliate commissions from the sale of third-party products advertised, promoted or linked from our site. All images and information sourced from product websites remain the copyright of their respective owners and are used only for training or illustrative purposes.

***

Did you find this article useful? If so, please take a moment to use the social buttons below and share this tutorial with anyone thinking of starting or growing a business online.

Author: Martin Aranovitch

Martin Aranovitch is the founder of WPCompendium.org and has authored hundreds of FREE WordPress tutorials for non-techies and beginners. WPCompendium.org provides detailed step-by-step tutorials that will teach you how to use WordPress with no coding skills required and grow your business online at minimal cost!

Originally published as User Security.