Site Creation – Security Roles

No matter how large or small your company is, security should be a top priority. While you might not be managing hundreds of thousands of user’s credit card numbers, it is important to protect what data you do manage. When you run a website or a blog system, there are various security roles you need to configure.

What are security roles?

Some systems refer to them as user roles or membership roles. Essentially, when you have multiple people working on single items or a website as a whole, everybody is responsible for specific duties and tasks. For example, you would not want a blog contributor to have access to edit user accounts. Speaking of blogs, let’s take a look at the security roles in WordPress:

  1. Administrator – This user role has complete access to the entire system. Admins can do anything within WordPress including adding, deleting and changing all user accounts, blog posts, comments, links and pages. This is usually the blog owner and should only be access by use or someone you trust.
  2. Editor – Editors have complete control over all content such as links, categories, comments, posts and pages but they have no configuration access for the blog system nor can they create or delete user accounts. This role would usually go to someone who’s just there to moderate your blog.
  3. Author – Authors can write and publish posts without review from an Editor, but can only edit the posts they’ve created. They can also only manage the comments left on their posts. This role is designed for users which need to publish blog posts, but do not need to manage content they didn’t create.
  4. Contributor – Contributors are similar to authors except they cannot publish any posts. They can only submit posts for review by either an Editor or an Administrator. If you would like people to be able to submit their own writings to your site, give them this access.
  5. Subscriber – Visitors to your site can register (provided you allow them to) on your site and this account role will give them access to leave comments on any posts and modify their own user profile. Subscribers have no other access to the blog. There is an option in WordPress to force users to register to leave comments.

You should become familiar with each of these roles and what permissions they give to each user. You don’t want to be surprised later to discover that one of your users has more access than they need.

Benefits

If you’re the only person running your business/website, you will not see any benefit in creating various security roles. However, it’s important to understand your backend system and what types of controls you have over it because in the future, you may expand and require the help of others to maintain everything.

More often than not, you find in businesses where users are sharing their usernames and password to various systems to gain more access when they need it. This is very dangerous because all it takes is one person who knows what they can do with that access and your entire company can come down in one fell swoop.

Just like you lock your doors at night, never take for granted the security of your website and system software. It could mean the difference between a secured business and no business.

<< Back to Portals Forward to Memberships >>