Our Feature Spotlight posts highlight a single feature in Solid Security Pro. Here, we’ll explain why we developed that feature, who it is intended for, and how to use it best. Today, we will cover User Groups, a key feature added to Solid Security in 2020.
User Groups are for applying unique security requirements to different groups of users on your site. User Groups allow you to define and enforce group and user-level security policies. A good group security policy should follow the principle of the least privilege. Don’t give anyone greater access privileges than they need.
Why You Need User Groups For Your WordPress Site
Increasing security always affects how people interact with your website. Often, heightened security measures add a higher level of protection by sacrificing some convenience for users. For example, adding two-factor authentication (2FA) or CAPTCHA challenges to your site will block malicious bots and attackers. However, it also requires more effort from legitimate users when they want to log in. That’s not ideal for eCommerce and community sites; it will impede sales and new signups.
Set Appropriate Login Security Requirements for Users Based on Their Roles and Privileges
You should require a higher level of security for every WordPress user who can change your site. However, you probably don’t want to impose the same requirements on your site’s customers and subscribers. If they wish, you should allow regular users to use more secure login methods like two-factor authentication. But let them opt in on their own. You don’t have to force it on them. User Groups in Solid Security Pro make all this possible.
It also makes sense to add some friction for your site Administrators by requiring them to use two-factor authentication when logging in. If an attacker were to take control of one of your site’s Admin accounts, they could also take over your website. People with greater privileges (or “permissions”), like your Admins and Editors, must understand this and take their account security seriously. Assigning them to User Groups with mandatory and opt-in security requirements is a great way to educate your users and onboard them to a responsible security practice.
Manage User-Related Security Easily with Role-Based and Custom User Groups
Solid Security Pro provides the tools to protect your website from attack. It also notifies you about threats to your site’s security. Security notifications and logs let you know when software and user accounts on your site are insecure. All this information is invaluable to anyone responsible for managing the security of a WordPress site. However, Solid Security’s warnings can overwhelm people who don’t understand how to interpret and prioritize them. A notification that a denial-of-service attack was stopped is very different from a notification that your site is infected with malware or that an Admin user has a weak password.
Fortunately, with User Groups, Solid Security Pro makes it simple to organize user-related security issues and manage them separately from other key security layers, like the security of WordPress and the software you have installed in it. User Groups are managed from the User Security section of Solid Security Pro, and individual users or groups can be quickly assessed in the User Security Profiles card in your Solid Security dashboard.
User Groups Explained
To make it easier to manage the user security on your site, Solid Security Pro sorts all your users into different groups. Your users will be grouped by their existing WordPress user roles and capabilities by default. You may create additional custom groups or assign users to multiple groups.
For example, if you are running a WooCommerce site, you might want to put your site Administrators and Shop Managers in a single, common custom User Group called “Admins,” since they all have high privileges and the capabilities to make significant changes to the site. Similarly, you might put Subscribers and Customers in a custom group for your lowest-access users.
The User Groups feature in Solid Security Pro allows you to quickly assess and modify the security settings for different groups of users. In the User Groups settings, you will see all your user groups and all the security settings enabled — or disabled — for each group. You can quickly toggle these settings on and off to determine whether members of a security group must use strong passwords or passwords that have not appeared in a data breach. You may require their passwords to be changed periodically. Should their activity be logged or not? That’s another option here You may also give a User Group the ability to manage Solid Security themselves and create custom security dashboards for their own use.
How to Use User Groups in Solid Security Pro
In the Solid Security Pro menu, click the User Security link.
On this page, you will see your site’s users, and the settings currently enabled for them. Filter out the group(s) you want to focus on.
You can also create and change User Groups in the Solid Security Settings screen under the User Groups tab:
Click the toggle switches to enable or disable each setting.
In the Security › Settings › User Groups › Edit Group tab, you can change a group’s name, determine the users it includes, and delete it.
You can also create Custom User Groups. Let’s say you wanted to define a highly restricted “SuperAdmins” group.
1. Click the + icon and then the Edit Group tab. Now you can name your new group and decide which existing user groups should belong to it:
2. Click the Security › Settings › User Groups › Features tab to enable the settings you want to be applied to the highlighted group.
Now our SuperAdmins have access to all the security features we’ve activated for them.
Wrapping Up
Configuring your website’s user security shouldn’t be confusing or require you to waste time jumping between security settings to ensure they are enabled for the right users. Solid Security Pro Users Groups give you the ability to fine-tune your site’s user security quickly.
Solid Security is part of Solid Suite — The best foundation for WordPress websites.
Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!
Sign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed