Users & roles
Users & roles
The Users section manages the accounts that have access to the panel. Only an administrator can open it.
Creating a user
- Users → Create.
- Specify a name, email, password and role.
- Save. The new user can log in at
/admin/login.
Passwords are stored encrypted (Argon2id) — even the administrator can't see them in plain text. Resetting a password = setting a new one by editing the user.
Roles and what they grant
| Role | Access |
|---|---|
| admin | Full access to everything, including settings, plugins and users. |
| editor | Content management: pages, news, categories, media, comments. |
| author | Creating content without access to settings or other people's records. |
| user | No panel access. |
| customer | A storefront customer (account area /account), not an admin. |
Grant the minimum role needed: a marketer/copywriter is usually fine with editor or author; full admin — only for trusted people.
Account security
- Use long, unique passwords.
- Don't create a shared account for several people — each should have their own record (you can see who changed what).
- Deactivate or delete accounts of staff who no longer work with the site.
Profile
Every user can change their own name, email and password in the Profile section. Changing a role is available only to the administrator via the Users section.
Visitor accounts
The customer role is not staff but registered site visitors (e.g. shop customers). They have a separate login and a personal account at /account; they don't get into the admin panel.