Pro Web Marketing designs websites on a WordPress platform using a custom Theme. WordPress comes with a user role management system that determines the level of access to a user. Understanding user roles and permissions is essential for anyone with a WordPress website.
When development begins an administrator must be created and we set it up for our use. We use this access during development to design and create your website. Once your site is taken live and hosted with us, we require that we maintain administrator status. We use that access to update files, plugins, themes, etc.
Most hosting companies and/or webmasters will set you up in an administrator role if requested. Most hosting companies/webmaster also have a policy that if you should “break” anything on your website there will be a charge to fix it. Be incredibly careful when accessing areas of your site you may not be familiar with.
If we are the designer/developer of a website, we offer training on using the dashboard (backend) of your website. We will show you areas you should stay away from, and which areas are safe for you to make changes.
Administrator
This is the most powerful user role it is the master key to your website. Because this role is so powerful you should only give it to the people who need it. You should assign as few administrators as possible, ideally, only one. You need to be very careful who you assign an administrator user role to.
An Administrator has complete access to manage every aspect of your website. When WordPress is installed, the first user that gets created has Administrator access. Because this role is so powerful, you should assign as few Administrators as possible (ideally, only one).
This role should be reserved for the Webmaster (website developer/designer) and in some cases the owner may be assigned as an administrator.
A WordPress Administrator can do anything the other roles can do plus the following capabilities:
• Update WordPress core – This update should be done with care and always have backed up the site before doing a major core update. This is best left for your Webmaster to do.
• Complete control over themes & plugins – They would have control for both the design & functionality of your site. They will have access to all part of your website and the website code.
• Complete control over user management – They can add and delete users and their passwords. They can change information about an existing user or change their role.
• Manage all of your site’s settings – They will have access to all part of your website and the website code. They could accidentally change the look and function of your website or even delete your website.
• Full access to content – This would include posts, pages, media, images, and any other custom post types.
Editor
An Editor has complete access to manage your site’s content. They cannot access your settings, themes, plugins, or users, which means they cannot change the design of your site or break important functionality.
This role is great for a site owner or an employee to oversee content.
A WordPress Editor has the following capabilities:
• Full access to content – This would include posts, pages, media, and images – They can create new pages or posts. Edit content on existing pages.
• Approve content – The ability to approve another lower role user’s content that is pending review.
• Moderate blog comments – Comments left by visitors to blogs or reviews to products.
Author
An Author has the ability to manage only their own content, but no one else’s. This means an Author cannot approve, edit, or delete another user’s content. They also cannot edit their own blog posts, nor can they moderate comments.
This role is ideal for an employee or contractor that you have hired to write regular blog posts for your website.
A WordPress Author has the following capabilities:
• Add, publish, edit, and delete their own blog posts (but not pages)
• Upload & edit their own images and other media files
• Can view comments but cannot moderate, approve, or delete any comments.
Contributor
Contributor can write new posts but cannot publish them. They are also denied the ability to upload media files.
This role is for anyone you have writing blog posts for your website, but you do not want their posts being published until you have had a chance to review and approve.
A WordPress Contributor has the following capabilities:
• Add their own blog posts.
Subscriber
A Subscriber cannot manage any aspect of your site. By default, once logged in, a Subscriber can only access his or her profile in order to change their password and basic information.
This role is created when a visitor signs up on your website. Typically, this is for newsletters, coupons, etc.
Yoast SEO Roles
SEO Manager
A SEO Manager has all SEO capabilities including full access to the Yoast SEO settings and features.
This role is for a third-party SEO company to provide SEO optimization to your website.
SEO Editor
A SEO Editor can manage basic Yoast SEO settings on content, but not global settings or advanced content settings. They can manage all your SEO settings your meta and alt tags and keyword/phrases without being able to change the content on a page.
WooCommerce Roles
Shop Manager
A Shop Manager allows the user to run your WooCommerce store without access to back-end functionality.
A Shop Manager has the same access as an Editor plus the following capabilities:
WooCommerce Settings – Manage all setting within WooCommerce. This would include shipping, emails, payment processing, customers, etc.
Product Management – Ability to create and edit products including pricing, inventory, and images.
WooCommerce Reports – Access to all reports in WooCommerce. This would include revenue, customer, orders, etc. reports.
This role is for an employee that is managing your online store.
Customer
When someone creates an account on your website, they are automatically assigned the role of customer. This is similar to a subscriber, but they can edit their own account information and view past or current orders.
BEST PRACTICES
When assigning user roles to staff or third parties it is best to start with roles that have less access. If you find the need to upgrade their role you may do so later.
Assign administrator roles to essential personnel only. Only give it to people who need it. Many vendors may request this role, but few actually need this level of access.
Remove access to your website if someone leaves your company.
Require all users, regardless of role level to have strong passwords. You are giving them keys to your house and you do not want their weak password providing backdoor access. A strong password is at least 8 characters that are a combination of upper- and lower-case letters, numbers, and symbols ($, &, #, @, etc.). The more characters, the stronger the password.
We keep your site safe
Pro Web Marketing offers secure website hosting with 99.9% uptimes. We have security measures in place to minimize the risk of an attack. What we cannot control is a website owner using a weak password or sharing the wrong access level for their website. If you are not sure what type of access an employee or contractor requires for your website give us a call at 877-577-6932. We can set up the appropriate user level and offer secure password options.
Don’t leave the door open for just anyone to stop by and have a party!