Documentation

All the information you need in one place

Why should authors be regular, non-admin users?

Often, for convenience, we create a single user with admin permissions to manage our website (manage updates, install plugins, etc) but we also use this same user to generate new content (create and publish pages or posts). This is a big mistake!

Users who publish content usually have a public profile page that contains information (showing details such as your user name or the identifier in the database) that can be exploited by an attacker. That will cause your website to be compromised.

That’s why the recommendation to follow is to differentiate between users who dedicate themselves to generate content in WordPress (which will have the role of Editor, Author or Contributor), and users who are responsible for the administration of the website (which will have the role of Administrator).

We should have at least as WordPress users one Administrator and one Editor (different from the Administrator) to avoid security problems.