When allowing people to access your website, it is very important to keep fully controlling. Employees, contractors and volunteers have effectively completed their work. You should take some important steps to complete this operation.
We will understand the different user types, the meaning of these permissions, and other best practices of websites.
User’s role and permissions
The user management system is based on two aspects: characters and capabilities.
Character is a group of classification titles assigned to a group of users assigned to the WordPress website. Each character is associated with a set of capabilities.
Capability is a specific operation that allows users to complete. For example, editing posts are a unique feature, and review blog posts are another feature.
WordPress has six default user characters, and each character has its own group of permissions and functions:
- Super administrator:
- Super administrator has It is suitable for multi -site environment functions. They can manage the settings of all websites on the Internet. In the case of a single site, the administrator is the highest -level user.
- The most powerful user role, because it allows you to access everything. As a website owner, this should be your role
- This user is usually responsible for management content. Editors can add, edit, publish, and delete any posts and media, including posts and media written by other users. Editors can also review, edit and delete comments, as well as adding and editing categories and labels
- is usually responsible for the task related to writing content. They can create, edit and publish their own posts. They can also delete their posts (even if they have been published), but they cannot edit or delete posts written by other users
- The contributor is a more basic version of the author’s role. The submitters can perform three tasks on your website: reading all posts, creating and editing their own posts, and deleting their own posts. However, this character does not allow them to post their posts directly on your website. This gives you the opportunity to review and have a final control before any content they createdRealism
- If you enable registration on the website, you will be assigned to new users. The number of permissions of this role is the least. Users can only update their personal information, read the content on your website, and comment.
Administrator:
Editor:
Author:
contributor:
Subscriber:
When installing woocommerce, you will get two user characters:
- ]
- Customer: When new customers create accounts on your website, it is allocated to them. This role is basically equivalent to ordinary blog subscribers, but customers can edit their account information and check the past or current orders. Store manager:
This allows users to run the operation of your WOOCOMMERCE store without editing files and code back -end functions. The manager has the same permissions as the customer. In addition, they are also awarded all the settings, creation/editing products in the management of Wooocommerce, and the ability to access all WOOCOMMERCE reports.
Important Tips: They can also access the above WordPress editor function.
Woocommerce also provides
- Other functions
- , allowing administrators:
Manage all WooCommerce settings
Creation and editing Product
View WOOCOMMERCE report
When to use the role of the store manager
In the following cases, assign workshop manager characters: 123]
You want to allow users to manage orders, issue refunds and generate reports, but cannot edit the plug -in, themes or settings on your website.
You want to allow users to view and update orders and products, but cannot access your user settings (they will not be able to add/edit user characters and permissions).
When to use the administrator role
In some cases, you may need to be on your site Given the role of administrator for other users.
Example of administrator user:
- Website developer
- Website designer
- Social media marketing agency
- Digital campsSales Institution
Generally, those who act as these characters need to access a wider WordPress function and settings to perform projects on your website.
You need to be very careful because the administrator is the most powerful role in your store.
The best practice of user permissions
- Only provides users with access rights they need. This is important for security, which can prevent users from changing unruly changes and prevent the content from being unexpectedly deleted.
- The number of users with an administrator role is limited. Many suppliers may ask this role, but few people really need such advanced access rights. Before granting the request, carefully consider the work functions they will execute and check whether the lower -level access rights are sufficient.
- If you want to control the content that the user can access more accurately, please the free user character editor plug -in, which allows you to choose to grant each user’s personal function.
The best practice of website security
Add users to your website that requires additional security measures -the more users you have, the greater the risk you bear.
Security user name and password
Always ensure you The entire team maintains a strong username and password.
If possible,
- Enables two -factor authentication
- . Free Jetpack plug -in makes it all simple. For user names, avoid using common titles such as \”admin\” or \”administrator\”. This makes your website vulnerable to security loopholes. Instead,
- . When you create a new user, WordPress will automatically create a security password for you, but you can indeed cover it and
- . When creating a new password, make sure the password contains uppercase letters, lowercase letters, numbers, symbols, and at least 12 characters in length. This may sound extremely extreme, but the more complicated the password of each user
- , the better your security .
create a specific username for everyone
allow your user to set your own password
Regularly review the role
regularly check the user role, especially the administrator. You may need to allocate new characters or completeDelete their account.
For example, if you stop working with agency or developers, please make sure Delete their account so that they can no longer access it. The same thing is also applicable to other user characters. Any user should not access your website unless the current needs.
This is also applicable to your host and domain account. If you allow someone to access your login information and you no longer cooperate with them, please change your password. If you provide FTP credentials to developers at any time, so that they can manage your website files, make sure these credentials are fully updated or deleted. Inmotion Hosting provides easy -to -understand drills for anyone using CPANEL.
Remember: Website professionals can still visit your website through your custody account information or FTP credentials.
Create a backup for your website
Regularly backup your website and online store is very important, not only for security, but also to make you feel at ease.
If the user eventually conducts unruly changes to your website, or your website is subject When invasion, you must prepare a copy so that you can restore it to the original state. Paying the Jetpack program allows you to quickly restore the site backup by clicking the button. Jetpack also retains the review log in your WordPress instrument board to provide detailed information about all changes to your site. You can see which user has made changes, changes, and exact content of changes.
Sharing login credentials If you need to be a user Character or hosting/domain account sharingLogin proof, please do not send them through emails or other unsafe systems.
On the contrary, please use free password sharing tools such as Lastpass.
Lastpass allows you to create an account, store all online usernames and passwords in the insurance library, and use its encryption and secure network sharing credentials.
You can also set the user authority in this tool -for example, if you want users to see the password, you can select a box.
Safety outside
It is necessary to bear a lot of responsibilities to have an online store, especially when the access authority of the back -end of the website is allocated.
Fortunately, WordPress and Woocommerce make it easy to distribute specific user characters, lock permissions, protect customer information and your digital property security.
