What user roles should I make my team?

When you add your team to your website so they can make changes, consider the level of access that they need.

In this article, we'll look at the built in roles, what they can do and best practice for site owners. We have also included information about how the Fortress Wordpress security system will affect each user level. 

Administrator 

Somebody who has access to all the administration features within a single site.

Apply to users with caution. 

Who should be an Administrator?

  • Your web developer / team as they will need to manage settings and more for you
  • People with the technical understanding of all the Wordpress functions
  • The site owner (but not for normal day to day use)

Administrator Capabilities

Everything. Sheer destructive and creative power. 

Read more: Wordpress details on Administrator capabilities 

Restricted Capabilities

What capabilities are restricted when Reduced Permissions is enforced?

  • View / Install / Activate / Delete plugins 
  • View / Activate / Disable / Edit / switch themes
  • View / Add / Delete / Promote Users 
  • Delete Posts / Pages / Custom Posts types
  • Manage Categories
  • Delete media
  • Import / Export
  • Manage Settings / Options
  • Wordpress Core Updates / Site Health 

Fortress Security information

Two factor authentication: Required

Password reset by email: Disabled - must be done by contacting SixFive

Elevated permissions: 10 minutes (you will see the Reduced Permissions in the toolbar)

Full logout: 12 hours (you will see a Wordpress login covering your screen)

Idle/No activity logout: 30 minutes (you will see a Wordpress login covering your screen)

Editors

Somebody who can publish and manage posts/pages and content on the website including the posts of other users.

Who should be an Editor? 

Most users should be editors on your website. They will be the ones managing content on the site, adding new information, editing existing content and uploading media. 

Editor Capabilities

All content related functions to add and edit new pages and posts, plus edit those created by other users. 

Read more: Wordpress details on Editor capabilities

Restricted Capabilities

What capabilities are restricted when Reduced Permissions is enforced?

  • Deleting posts 
  • Deleting media

Fortress Security information

Two factor authentication: Required

Password reset by email: Disabled - must be done by contacting SixFive

Elevated permissions: 10 minutes (you will see the Reduced Permissions in the toolbar)

Full logout: 12 hours (you will see a Wordpress login covering your screen)

Idle/No activity logout: 30 minutes  (you will see a Wordpress login covering your screen)

Authors

Somebody who can publish and manage their own posts

Who should be an Author? 

Your content managers and writers should be authors on your website. 

Author Capabilities

Add new pages and posts, plus edit only their own authored posts.

Cannot delete content. 

Read more: Wordpress details on Author capabilities

Fortress Security information

Two factor authentication:Not Enforced

Password reset by email: Normal

Full logout: 12 hours (you will see a Wordpress login covering your screen)

Idle/No activity logout: 30 minutes (you will see a Wordpress login covering your screen)

Contributors

Somebody who can write and manage their own posts but cannot publish them. 

Who should be a Contributor? 

Contributors would be used in situations where they are writing articles for you, but do not have control on the editorial calendar, and your Editor would review and then schedule the post. 

Contributor Capabilities

Add new posts, plus edit or delete only their own authored posts.

Cannot delete content. 

Read more: Wordpress details on Contributor capabilities

Fortress Security information

Two factor authentication: Not Enforced

Password reset by email: Normal

Full logout: 12 hours (you will see a Wordpress login covering your screen)

Idle/No activity logout: 30 minutes (you will see a Wordpress login covering your screen)

Subscribers

Subscribers are usually your site users, they can do nothing on the site other than manage their own profile. 

Who should be a Subscriber? 

Your customers and visitors of your site, if a login / registration is required. 

Subscribers Capabilities

Manage their profile.

Read more: Wordpress details on Subscriber capabilities

Fortress Security information

Two factor authentication: Not Required, we can implement this on your site where required (e.g. an Ecommerce site)

Password reset by email: Normal

Full logout: 12 hours - sent to your login screen

Idle/No activity logout: 30 minutes - sent to your login screen

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Administrator / Editor password resets are not working

Email by it's very nature is insecure, and is frequently compromised. This results in a trade-off...

Wordpress Two Factor Authentication - user security

Your website is important to us, and as a representative of your business it's important we work...

Lost / reset two factor authentication in Wordpress

When you are unable to complete authentication on your WordPress account, it's likely because...

What is Code Freeze?

Code Freeze prevents you adding new plugins, or altering code on the server via the Wordpress...

Do I need to install Wordfence / Security plugins?

There’s no right answer to this question, but in this article, we’ll provide you with some...