In part one of this post, I went over how WordPress maintenance support plans Security Advisories, SSL/TLS certificates, and thorough user account security help lay the foundation for keeping your WordPress maintenance support plans site secure. In part two, we’ll take a look at user roles and permissions, input filters and text formats, and third party libraries.
User Roles and Permissions
To keep your site secure, always make sure that your user roles and permissions are configured properly. Depending on the plugins installed and third party integrations, there could be additional permissions and/or roles to configure to ensure the site is still secure after installing a particular plugin. It’s important to read the full plugin README and/or plugin documentation to verify that all configuration options and permissions have been set up securely. In many cases, plugins with very important security related permissions will either set them to a sane default configuration, or put up a notice on the plugins page within the admin UI. Some will do both. Some will do neither, so that’s why you need to be aware.
For each plugin you enable, there can be optional or required permissions that need to be configured. This is one of the easiest things to overlook as a WordPress maintenance support plans beginner, so keep an eye on which plugins you’re enabling, and if you have permissions set for all your roles before launching the site.
Read more
Source: New feed