When you add your team to your website so they can make changes, consider the level of access that they need.
In this article, we'll look at the built in roles, what they can do and best practice for site owners. We have also included information about how the Fortress Wordpress security system will affect each user level.
Administrator
Somebody who has access to all the administration features within a single site.
Apply to users with caution.
Who should be an Administrator?
- Your web developer / team as they will need to manage settings and more for you
- People with the technical understanding of all the Wordpress functions
- The site owner (but not for normal day to day use)
Administrator Capabilities
Everything. Sheer destructive and creative power.
Read more: Wordpress details on Administrator capabilities
Restricted Capabilities
What capabilities are restricted when Reduced Permissions is enforced?
- View / Install / Activate / Delete plugins
- View / Activate / Disable / Edit / switch themes
- View / Add / Delete / Promote Users
- Delete Posts / Pages / Custom Posts types
- Manage Categories
- Delete media
- Import / Export
- Manage Settings / Options
- Wordpress Core Updates / Site Health
Fortress Security information
Two factor authentication: Required
Password reset by email: Disabled - must be done by contacting SixFive
Elevated permissions: 10 minutes (you will see the Reduced Permissions in the toolbar)
Full logout: 12 hours (you will see a Wordpress login covering your screen)
Idle/No activity logout: 30 minutes (you will see a Wordpress login covering your screen)
Editors
Somebody who can publish and manage posts/pages and content on the website including the posts of other users.
Who should be an Editor?
Most users should be editors on your website. They will be the ones managing content on the site, adding new information, editing existing content and uploading media.
Editor Capabilities
All content related functions to add and edit new pages and posts, plus edit those created by other users.
Read more: Wordpress details on Editor capabilities
Restricted Capabilities
What capabilities are restricted when Reduced Permissions is enforced?
- Deleting posts
- Deleting media
Fortress Security information
Two factor authentication: Required
Password reset by email: Disabled - must be done by contacting SixFive
Elevated permissions: 10 minutes (you will see the Reduced Permissions in the toolbar)
Full logout: 12 hours (you will see a Wordpress login covering your screen)
Idle/No activity logout: 30 minutes (you will see a Wordpress login covering your screen)
Authors
Somebody who can publish and manage their own posts
Who should be an Author?
Your content managers and writers should be authors on your website.
Author Capabilities
Add new pages and posts, plus edit only their own authored posts.
Cannot delete content.
Read more: Wordpress details on Author capabilities
Fortress Security information
Two factor authentication:Not Enforced
Password reset by email: Normal
Full logout: 12 hours (you will see a Wordpress login covering your screen)
Idle/No activity logout: 30 minutes (you will see a Wordpress login covering your screen)
Contributors
Somebody who can write and manage their own posts but cannot publish them.
Who should be a Contributor?
Contributors would be used in situations where they are writing articles for you, but do not have control on the editorial calendar, and your Editor would review and then schedule the post.
Contributor Capabilities
Add new posts, plus edit or delete only their own authored posts.
Cannot delete content.
Read more: Wordpress details on Contributor capabilities
Fortress Security information
Two factor authentication: Not Enforced
Password reset by email: Normal
Full logout: 12 hours (you will see a Wordpress login covering your screen)
Idle/No activity logout: 30 minutes (you will see a Wordpress login covering your screen)
Subscribers
Subscribers are usually your site users, they can do nothing on the site other than manage their own profile.
Who should be a Subscriber?
Your customers and visitors of your site, if a login / registration is required.
Subscribers Capabilities
Manage their profile.
Read more: Wordpress details on Subscriber capabilities
Fortress Security information
Two factor authentication: Not Required, we can implement this on your site where required (e.g. an Ecommerce site)
Password reset by email: Normal
Full logout: 12 hours - sent to your login screen
Idle/No activity logout: 30 minutes - sent to your login screen