If you do one thing today, make it this…

Check who has access to the back end of your WordPress website.

It is important that you know and trust the people who can get behind the scenes of your website. Anyone who doesn’t fall into that category has the potential to cause havoc!

My advice is to give administrator access to yourself and your trusted website designer/developer. This means you retain control and allow access to a professional for troubleshooting and support.

Fortunately, it’s easy to find out who has access.

  • Log in to the back end of your website.
  • From the left-hand menu, select Users > All Users.
  • A list will appear showing everyone who has a user account on your site.
The Users screen in the WordPress Dashboard
  • Hover over their username and click delete.
  • You will be asked what to do with any content owned by this user. I would recommend assigning it to your user account. You can then click the blue “Confirm Deletion” button.
Screenshot of the Delete Users options in WordPress

Different levels of access

WordPress has five user roles with different levels of permission. The important one to control to protect your website from vulnerabilities is the administrator. Administrators have full access to all the features of a WordPress site.

The other roles are:

Editor – has full control over site content, including being able to edit, publish and delete pages, blog posts and comments. They don’t have access to site settings, nor can they install plugins or themes.

Author – can write, edit, and publish blog posts. Like the editor, they don’t have access to site settings, plugins, or themes.

Contributor – can add and edit blog posts but can’t publish them. They are also unable to upload media files, making adding images to posts impossible.

Subscriber – they can only log in to WordPress and update their user account. This is useful for membership sites and online stores, where users need to register and log in.

If you would like some help understanding user roles or tidying up your WordPress website, check out my Website Health Check service. Alternatively, drop me an email at hello@wisegenius.co.uk.