DO NOT use the admin user to write in your WordPress

One of the basic security tips that we repeat the most is this: Do not write with the administrator user of your WordPress.

Why can't I use the admin user to write?

Every day millions and millions of sites are attacked by bots (programs created to execute actions automatically) which, in this case, try to break in and hack a website.

If you use the administrator user to publish posts, pages or reply to comments on your blog, you will be providing both these bots and anyone else with 50% of the access data to your site: the user.

In this way, it will only be a matter of time (half as long, since we have provided the first part) before someone manages to access our site and its administration panel.

What is the difference between writing with an Administrator user and one that is not?

As I just commented, the user is an easy piece of information to obtain. Just make any type of post and we would have already exposed it (with the base configuration, since there are methods to hide the username in, for example, the url, but they are somewhat more complex).

Therefore, writing with a user role with fewer permissions, such as the Editor, guarantees us what the person or robot that enters our site will not be able to do.

What I mean by this is that if you get hacked as the Admin user, you are granting all existing admin permissions on your WordPress installation, but if you get hacked by an Editor user, they could only perform those tasks related to posting and editing tickets.

The wonderful and recommendable thing would be to have 3 users:

• An Administrator, the user with the most permissions in the entire installation.
• An Editor, who has access to everything related to posting.
• A Subscriber, the most basic WordPress user, who can only modify his own profile and post comments.

Once these 3 users are created, the modus operandi would be the following:

• with the user Administrator: We would use this user only when we need to carry out maintenance, updating or configuration tasks on the website.
• With the Editor: It would be the user with whom we access regularly, to manage comments and entries in a simple way and without depending on a higher rank.
• Finally, with the Subscriber: User "dummy", which we would not use to access the website, but would be the user to whom we assign the entries that we have written with the editor.

That way, even if they used your subscriber's username and managed to access the installation, they wouldn't be able to change important information.

Other security measures regarding users to take into account

Another important adjustment, which we have already talked about in the blog, is to change the user ID of each of our users (especially administrators).

When we configure a WordPress, in the installation it will always ask us to create a user that will be an administrator and will have the ID number 1. It is a somewhat dangerous fact, isn't it? Well, make it more difficult for the bad guys and take a look at «change user id in wordpress»🙂

And that would be all. And you, did you write on your blog with the editor user? Tell us in the comments!