Prefer a video? See User Access on our Learn WordPress page.

It’s a good idea to review who has access to your WordPress site—and what level of access they have—on a regular basis. We always conduct a brief user security audit when we work on a new site and suggest checking in on this quarterly. 

User Security Audit

  1. Log in to WordPress and navigate to the Users section. 
  2. Review each user, ensure you know who they are and that they still require access to WordPress. 
  3. When you delete a user you will need to reassign their content to another user, WordPress will walk you through that as you delete them. 
  4. Review access levels.
    1. Specifically, review who has Admin access. This is the top-level of access and should be reserved for only your web project leads and web/SEO agency/agencies. These users can install plugins and update the core—neither of which should be done lightly or by someone who doesn’t have experience doing so.
    2. You maybe have hosting or plugins that require a user login—we see this most often with WPEngine. Leave those users or your reporting functionality can break. 
    3. To learn more about WordPress access levels please visit