Many times we have come across sites that have given their user the keys to the kingdom. What we mean by this is that almost every internal user was given the “administrator” role. This is a no no, WordPress by default comes with a default set of roles:

Super Admin:

This is role is someone that has access to everything across multiple sites within WordPress Multisites

This role is not something you have to worry about to much as it does not appear in WordPress unless you are running WordPress Multisite.

 

Administrator :

This is role is someone that has access to everything within a site.

Access to modify themes & plugins, enable or disable them, install or remove them.

Access to create, modify or delete pages.

A lot of damage can be done with this account if you do not know what you are doing.

There should only be one person maximum 2 to 3 knowledgeable people with this level of access. Not everyone

 

Editor:

This role is someone who can not only publish & manage their content “Pages & Post” but can also publish & mange the content of others.

Even though this role can publish, add, edit & delete content and pages they can not get into the core settings of the site.

This role is intended for your editorial staff “A select few”

 

Author:

This role is someone that can only Add, Edit, delete & publish their own “post” and has no access to pages

Your Authors or Blog Writers

 

Contributor:

This role is someone that can edit & delete post but can not publish and has no access to pages.

Your Blog Writers

 

Subscriber:

This is someone that only has “Read”capabilities.

Your Readers

 

Hopefully this helps you out to get a better understanding of the permissions so that way you can secure your site and protect yourself from an accidental loss.