I often come across sites that have questionable WordPress administrator accounts. I work with clients to reduce this exposure. It’s dangerous offering full privilege accounts to anybody besides fully trusted and technically capable vendors and staff. Regular review is recommended since there tends to be shifts in staff and roles over time.
Here’s why admin accounts are so important:
- All of their passwords must be strong and secure.
- All computers used to access the admin panels should be up to date, clean and secure.
- Accounts can be forgotten about; people can move on; website access isn’t always the first priority.
- Users unfamiliar with plugin vetting, software update testing, or code can make a mess or break the site.
More conservative agencies totally block filesystem access to anybody but their development team over version-control software such as GIT. Refer to the setting DISALLOW_FILE_MODS for details. This is the safest route, shielding WordPress Administrators from many of the trouble areas. While a likely requirement for enterprise scenarios, smaller business can find this approach less empowering and inefficient. It’s in effect breaking WordPress features in the name of security by disabling plugin and theme installation and updating in the admin portal.
A lighter setting DISALLOW_FILE_EDIT only blocks editing of files via the code editor in WordPress.
Installing and updating plugins and themes is the most dangerous thing Administrators have access to do. Plugins add customization risks and maintenance. Themes can involve dependencies and require significant testing prior to upgrading them. They both tend to throw up all kids of alerts about available updates.
User roles and Shop Managers
User roles should be evaluated and the Shop Manager role utilized and standard for all store admins. This role provides access to edit and publish content, manage media, products, orders, and more. I’ll often add capabilities to it to support editing customer accounts as well, though not promoting them. Check out the official blog post for further user role thoughts and recommendations.
Coming back to the original question of who should have Administrator access; I recommend this be a select few who are thought of as fully trusted and technically capable. Regular audits will help keep things in check.