Complete control over your website is one of the most appealing features of WordPress. However, if this is your first time as a WordPress admin, you may be feeling a bit overwhelmed. After all, there’s a lot more to running a website than just picking your favorite theme and installing some plugins.
Stepping into the role of WordPress administrator can be intimidating given the amount you need to learn. The good news is you don’t need to be a WordPress expert in order to be a successful admin. With some foundational knowledge, you’ll be able to get started in no time.
In this guide, we’ll cover seven things you should know about being a WordPress admin. Regardless of your experience, the information and tools here will make your job easier. Let’s get going!
WordPress Admin: 2 Different Definitions
Before we get started, we should point out that there are two different meanings for the term “WordPress Admin” or “WordPress Administrator.” We’ll be using them both in this article, so to avoid any confusion remember that we could be referring to:
- The WordPress Administrator user role
- The WordPress administrator dashboard
The WordPress Admin Role
Every user of a WordPress website is assigned a role. The role dictates what permissions the user has and what tasks they can perform. When you create a WordPress site, you are given the Administrator role. As the admin, you’re able to access all the administration features of a single website.
The WordPress Admin Dashboard
The WordPress administrator dashboard or admin dashboard is the backend of your WordPress website, or what you see when you log in to your WordPress website.
Throughout the piece, we’ll make it clear when we’re referencing one or the other.
7 Things to Know About Being a WordPress Admin
Now that we’ve clarified the different meanings of WordPress admin, we can start to dig into what an administrator user does, and how you can use the admin dashboard to get the job done.
Here are seven things you’ll want to know as a WordPress admin.
1. How to Log In as a WordPress Admin
Let’s begin with how to log in to your site as a WordPress admin. You can use either of two URLs to access the WordPress admin login screen:
http://www.yoursite.com/wp-login.php
http://www.yoursite.com/wp-admin
Either of these URLs will bring you to the admin login page, and of course you’ll want to replace our placeholder “yoursite.com” domain with your own.
To log in, simply enter the credentials you selected when you installed WordPress and click the Log In button. If you’ve forgotten your password, you can reset it from this screen. Click on the Lost Your Password link to receive a password reset link in your email.
We have a WordPress login video tutorial if you’d like to see all of this in action. Once you’ve logged in, you’ll want to take a look around.
2. Learn WordPress Administrator Capabilities
As a WordPress administrator, you have a lot of capabilities available to you. Capabilities include all the actions you can take on the website.
It’s worth mentioning that as an administrator, your capabilities are limited to a single website. Armed with some high-level knowledge of what you can do as a site administrator, the next step is to get familiar with the admin dashboard.
In fact, you can do just about anything on a WordPress site, including:
- Installing and managing plugins
- Managing pages and posts
- Installing and configuring themes
- Managing Reusable Blocks
- Creating and deleting users
- Moderating comments
- Deleting the entire site
For an exhaustive list, check out the WordPress.org capabilities of WordPress Administrators documentation. This should give you an idea of the scope of a WordPress admin’s job.
| Capability | Actions |
|---|---|
| Manage Plugins | Upload/Install (Add New), Activate, Deactivate, Update, Delete, Edit |
| Manage Pages | Add New, Edit, Schedule, Publish, Change to Draft, Delete, Read |
| Manage Posts | Add New, Edit, Schedule, Publish, Change to Draft, Delete, Read |
| Manage Themes | Upload/Install (Add New), Activate, Edit Theme Options, Switch Themes, Delete Themes |
| Export/Import | Export, Import |
| Manage Users | Create, Promote, Delete, Edit |
| Manage Categories | Add New, Edit, Delete View, |
| Manage Links | Add New, Edit, Delete; Manage Link Categories (Add New, Edit, Delete, View) |
| Manage Options | Control Settings (General, Writing, Reading, Discussion, Permalinks, Miscellaneous) |
| Manage Updates | Update Plugins, Update Themes, Update WordPress, Activate Auto Updates for Themes And Plugins, Deactivate Auto Updates for Themes and Plugins |
| Moderate Comments | Approve, Reply, Edit, Mark as Spam, Trash, Empty Trash |
| Manage Private Pages/Posts | Read, Edit, Publish, Add New, Set Password, Schedule, Change to Draft |
| Manage Media Library Files | Upload, Delete, Rename, Edit |
| Customize | Perform Customizer Actions (Site Identity, Menus, Widgets, Homepage Settings, Additional CSS) |
| Delete Site | Delete |
| Manage Reusable Blocks | Create, Edit, Read, Delete |
3. Get to Know the WordPress Admin Dashboard
The WordPress admin dashboard is what you’ll use to navigate the back end of your website. You’ll quickly become familiar with its layout and functionality.
When you log in, you’ll find yourself on the dashboard’s home screen. It will give you an overview of your website and alert you to any urgent issues. There are several widgets containing this information.
Activity Widget
The Activity widget is one you’ll undoubtedly want to check out, especially if your site has a blog. This is where you’ll see recently published posts and any scheduled posts you may have waiting to go live. Recent comments will be displayed, and you can moderate them right from here.
Quick Draft Widget
Quick Draft is another useful widget, especially if you’ll be making a lot of bite-sized posts. You can create the entire post (including adding media and tags) and publish without leaving the home screen. As the widget’s name implies, you can also use it for saving drafts without publishing. This function comes in handy if inspiration strikes while you’re working.
Screen Options
You’re free to decide which sections to show and hide by making use of the Screen Options at the top right of the screen. You can even drag and drop the boxes if you’d like to arrange them in a different order.
Navigation Menu
Finally, the left side of the screen is home to the WordPress navigation menu. It contains all the tools you need to perform your WordPress administration tasks.
4. Understand Important WordPress Admin Tasks
WordPress maintenance will ensure you stay busy. Let’s have a look at some of the tasks you’ll be performing most often.
WordPress Backups
If you don’t back up your WordPress website, you run a real risk of losing all of your hard work. While this is something you’ll likely set up to be done automatically, you still need to check the backup is happening the way it’s supposed to. Your backups should be delivered to several different offsite storage locations. If something goes wrong with one, you know your site is still safe.
BackupBuddy, a 3-in-1 WordPress backup plugin, will handle all of your backups on a schedule you choose. This tool backs up your entire WordPress installation, including comments, theme settings, settings, Media Library files and more. If your site is updated frequently, you may want to consider using Stash Live as well, which will monitor your site for changes and perform a backup after each one.
Running Updates for Themes and Plugins
Running outdated software is actually the number one reason a WordPress website or blog gets hacked. Keeping your WordPress website up to date should be at the top of your WordPress Administrator checklist. WordPress core and any theme or plugin you have installed on your website should always be running the latest version.
Keeping themes and plugins updated is a large part of what keeps your WordPress site running smoothly and safely. Checking for patches and updates should be a daily priority for you. If you use any premium products, be sure to keep the licenses active so you’ll know when updates are released. As a general rule, you’ll want to install all updates and patches as soon as possible, after performing a backup of your site.
What’s more, unused themes or plugins slow down your site and can make it more vulnerable to attack. You can deactivate plugins you aren’t using right now, although you’ll want to completely uninstall anything you won’t use again. An exception would be keeping a WordPress default theme installed, as your site will fall back on this if your primary theme fails.
Blog Management
Successful blogs need attention, and you’ll find yourself spending quite a bit of time on yours. You’ll want to monitor your best performing posts to help brainstorm topics for new posts. If you’re not writing your own posts, you’ll need to edit and publish any pending articles.
Once you have some posts published, you’ll need to monitor the comments. Spam comments will become the bane of your life, and deleting them is necessary, as they can negatively impact your SEO. In contrast, you’ll also want to approve and reply to legitimate comments daily too. Engagement is a large part of building a community around your website.
Blog management isn’t just about on-site content either. As such, you should periodically test your email list signup as well as your social sharing buttons. If you offer any free downloads, check that those are working as expected as well.
WordPress Security Tasks
As a WordPress admin, you’ll also have additional WordPress security tasks to make sure your website is secure. Most of these tasks can be accomplished by using a WordPress security plugin like iThemes Security Pro.
Unfortunately, there is not a 100% guaranteed solution for securing WordPress. Good security is all about minimizing risk. If anybody tries to sell you a 100% secure solution, they’re scamming you. You’ll never be completely safe, but there’s a lot you
can do to minimize your risk.
For example, some of the most important WordPress security tasks include:
- Limit Login Attempts – By default, WordPress doesn’t limit failed login attempts. Without this limit, WordPress can be an easy target for brute force attacks
- Use Strong Passwords – You should use a strong password for your WordPress admin password. A strong password is a minimum of 12 characters, using a combination of alphanumeric and ASCII characters.
- Use Two-Factor Authentication – Two-factor authentication (2FA) adds a very strong layer of security by requiring an extra code along with your WordPress admin username and password in order to log in to your website.
- Keep Your Software Updated – Keep WordPress, themes and plugins updated to the latest version by running updates.
- Backup Your Website – We covered this in a previous section, but it’s that important. Backup your site!
5. Use iThemes Sync to Perform WordPress Admin Tasks for Multiple WordPress Sites
A single website demands a significant time commitment from its admin. However, if you’re overseeing several sites, you’ll probably want to use a tool like Sync, which enables you to manage multiple WordPress websites from one dashboard.
Using iThemes Sync will give you back a lot of time. Logging in to the Sync dashboard will provide you with access to each of your websites, without needing to visit multiple login pages or worry about forgetting credentials.
Once you’ve logged in, you can handle theme and plugin updates with a single click. You’ll even be able to add new users, which is another responsibility that falls to the site’s administrator.
6. Add a New User to a WordPress Site
Adding new users isn’t a complicated process, but you’ll want to put some thought into it. We recommend using the Principle of Least Privilege (PoLP) to determine which role the new user should be assigned. PoLP states that a user should have the minimum privileges necessary to accomplish their purpose.
As an administrator, you can also create new users up to the Administrator level. However, do use caution when granting this level of access to your site.
You should only assign this role to those you trust, such as customer support or a web developer you’ve hired to work on your website – no more than one or two permanent users. Furthermore, it’s best to revoke the administrator-level privileges once they are no longer necessary.
To add a new user:
- Select Users > New from the navigation menu.
- Create a username.
- Enter the first and last name and email for the user.
- Select the appropriate role.
- Click Add New User.
You can choose to change the password, rather than using the one generated by WordPress. Also, you can have an email sent to the new user about their role. We’ve created a tutorial – How to Add a New WordPress User – to give you a visual walkthrough.
The new user will show up in your list of users, which you can view by clicking Users in the left-hand dashboard navigation panel. This list is something to check periodically, and keeping the number of legitimate admins to a minimum will make an unexpected addition easier to spot.
7. Secure Your WordPress Admin Login & Other Users
The WordPress admin login screen is especially vulnerable to attack. The URLs used to access it are the same for every WordPress site. To keep your site safe, follow these best practices for passwords:
- Choose a strong password that uses upper and lowercase letters, numbers, and special characters.
- Don’t use information that can be linked to you, such as your birthday.
- Don’t use the same password on multiple accounts.
- Change your password several times a year.
- Consider enabling password-less login for your site.
The point is to make it as difficult as possible to carry out brute force attacks on your site. Your WordPress site’s security is paramount, so you may want to install a plugin to help you with this task.
iThemes Security Pro protects your site in over 30 different ways. These include adding Two-Factor Authentication (2FA), trusted device settings, and passwordless login. All of these features will contribute to your peace of mind.
Wrapping Up
As a WordPress admin, the daily upkeep of your site falls to you. It’s a huge responsibility, but also very rewarding as you see your hard work pay off. By now, you have the tools you need to get started and execute your role successfully.
With the basics down, the common daily tasks such as backups and blog management will be a breeze. For running multiple sites, you’ll want to install Sync to save yourself a lot of time. Managing users is also key, and gives an overall boost to your site’s security.
Are there any challenges you’ve faced while getting started as the administrator of a WordPress site? Let us know in the comments section below!
Each week, the team at iThemes team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, iThemes has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Our mission? Make People’s Lives Awesome.
