Essential WordPress Security: Setting Up a Non-Admin User for Content Publishing

In the world of website development, security is of paramount importance. When setting up a WordPress site, hardening your security should be a top priority. WordPress is a common target for attackers due to its popularity. That's why one of the first steps you should take in securing your WordPress site is to create a non-admin user for publishing content. This simple yet effective step can significantly increase your site's resistance to potential attacks.

Why Use a Non-Admin User for Publishing?

Every WordPress website comes with an administrator account upon installation. While this account has the necessary privileges to manage all aspects of your site, it can be a potential security vulnerability if used for all tasks, including content publishing. The reason for this is that the metadata of the pages and posts created by this admin user can be scraped by automated scripts to determine the username of the admin account. This information can be exploited to carry out malicious activities.

By using a non-admin user for publishing content, you make it harder for these scripts to find out the admin username, thereby adding an extra layer of security to your site.

Setting Up a Non-Admin User for Publishing

Here are the steps to create a non-admin user for your WordPress site:

  1. From your WordPress dashboard, navigate to "Users > Add New".
  2. Fill in the necessary details for the new user, ensuring that you assign them the role of "Editor". This role has enough permissions to create, edit, and delete posts.
  3. Ensure you use a strong password for this account and that the email associated with it is secure.
  4. Log out of the admin account, and log back in with the new non-admin user account.
  5. Begin publishing posts and pages from this account.

By following these steps, all your content will be published under the new non-admin user, reducing the visibility of your admin username.

Hardening, not Securing

It's important to note that these steps are about hardening your security, not ensuring complete security. There is no foolproof method of securing a website, as new vulnerabilities are discovered regularly, and security is an ongoing process. But by taking steps such as using a non-admin user for content creation, you can significantly reduce your site's exposure to potential threats.


Securing a WordPress site takes time and effort, but every step counts. Using a non-admin user to publish content is an easy yet effective strategy to enhance your site's security. While it's not a magic bullet against all forms of attacks, it's a fundamental practice in hardening your site's security. It's all about taking the necessary steps to make your site a harder target for potential threats. Happy (and safe) WordPressing!


When setting up a WordPress site, creating a non-admin user for all your content creation is a crucial step in hardening your site’s security. By doing so, you make it more difficult for potential attackers to discover your admin username through page and post metadata, thus adding a crucial layer of security to your site. Remember, it's about hardening your security, not ensuring absolute security—always stay vigilant and updated with the latest security practices.

Subscribe to Blog Magician

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]