I see a red 'Reduced permissions' in the top of Wordpress

If you have not done read it already, you will find the About Wordpress Security Overview article useful to get an overview of our security. Once you have read that you can come back here. 

What is the 'Reduced Permissions' 

As part of your Fortress enabled site you will see a red section in the top WordPress toolbar, when logged in as an Administrator or Editor. 

This security feature is a bit like when you are using online banking and you have to re-enter your password to approve a payment. You can do most things but when it comes to crunch time, you have to add your password again because the bank want to make sure you are a) sure you want to do this, and b) you are still really you. 

In order to do anything that is substantive to your site you will need to authenticate for your safety. This feature will not get in your way if you are editing and posting pages and content. 

What does this do?

When you have reduced permissions your user is restricted from completing destructive or sensitive actions. This is for the protection of your site and your user account. 

Simply put, in order to do anything that is substantive to your site you will need to authenticate for your safety. This feature will not get in your way if you are editing and posting pages and content. 

Why?

The number one way a Wordpress website (in fact anything online) gets compromised is by accessing a privileged user account.

In Wordpress that's an Administrator or Editor account being used by a malicious attacker. 

The second most common is a where your computer has been compromised (e.g. virus infection) and your Wordpress session is stolen and used elsewhere. Yes this happens, and more often that you want to know. 

Our security system reduces the efficacy of such situations by forcing the attacker to need your password and/or two factor authentication again. This results in your site being more resilient and reliable.

What can I do when 'Reduced Permissions' is showing?

All normal publishing functions will continue to work, such as:

  • Creating new posts
  • Updating existing posts
  • Adding media to the media library 

You do not have to react to the red box and immediately enter your password to continue working. 

What are the restrictions?

This is not an exhaustive list, because every site is slightly different. You can see a full list and more information in our guide about what Wordpress user levels to choose for your team

Administrators:

  • Adding / removing plugins 
  • Changing site wide settings
  • Changing other plugin settings
  • Adding / removing / changing users

Editors:

  • Deleting content 
  • Deleting media items

I lost work when I re-authenticated!

It can appear this way sometimes, but rest assured you have not lost anything.

When you click the red box to re-authenticate it will open a new browser tab to prevent loss of your work in progress. 

This means after you re-enter your password to get the elevated permissions back, simply close this tab to return to the one you were originally working on, click save to save your work and reload the page. 

 

  • security
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Administrator / Editor password resets are not working

Email by it's very nature is insecure, and is frequently compromised. This results in a trade-off...

Wordpress Two Factor Authentication - user security

Your website is important to us, and as a representative of your business it's important we work...

Lost / reset two factor authentication in Wordpress

When you are unable to complete authentication on your WordPress account, it's likely because...

What user roles should I make my team?

When you add your team to your website so they can make changes, consider the level of access...

What is Code Freeze?

Code Freeze prevents you adding new plugins, or altering code on the server via the Wordpress...