We know website security at Anchor & Alpine and it’s folded into everything we do. One of our partners comes from insider threat management and has been responsible for pulling data off of computers as a squad of marines took down a bad guy. We work in a much less stressful environment these days, but the adherence to security policies and practices is well ingrained in the agency.
Why do I need to review users?
There are two main things that make a website insecure: hacked user accounts and malicious exploits. To learn more check out our resource: What Exactly is Web Security and Why Do I Need It.
One of the easiest ways to protect your company’s website is to do a quarterly audit on all users and their access.
How do I do a WordPress User Audit?
First of all, you will need to be an administrator on your WordPress account.
- Log in to WordPress, go to Users on the left side, and look at the list.
- Remove anyone that you know is no longer working on the project—from employees to people at your various web, SEO, and marketing agencies.
- List any names that you don’t know and check with someone that does know. If no one knows who they are, remove them.
- Review access for everyone—the Administrator permission level should only be held by people who are doing the highest-level tasks, like installing plugins, writing code, and managing users. Everyone else should be an editor or lower.
NOTE: If you remove someone you’ll need to reassign their content (you don’t generally want to delete it) to another user.
User Audits—5 Minutes Keeps Websites Safer
If you do this audit consistently, every quarter or so, it should only take about five minutes and can save you headaches and money later.
Do you want to work with us on a WordPress, website, or security project? Let’s talk.