Adding users to a government website should be done carefully and intentionally. Each user account provides access to public-facing content, so proper role assignment and security practices are essential.
This guide walks through how to add a new user safely and correctly.
Before creating an account, confirm:
The person requires access to the website.
You understand what level of access they need.
Their department supervisor has approved access (if required).
You are assigning the lowest appropriate role.
Never share your own login credentials. Each user should have their own account.
To add a new user:
Click Users in the left-hand menu.
Click Add New.
You will see the New User form.
You will need to complete the following fields:
Username
Choose something professional and identifiable. For government sites, use a standard format such as:
first initial + last name
department.lastname
firstname.lastname
Avoid generic usernames like “admin2” or “editor1.”
Email Address
Use the employee’s official government email address. Avoid personal email accounts unless absolutely necessary.
First Name and Last Name
Enter the user’s real name for accountability.
Website
This field can usually be left blank.
Password
You can either:
Generate a secure password automatically
Allow WordPress to send a password setup link
Always use strong passwords.
Choose the appropriate role based on responsibility.
Administrator: Reserved for IT staff or authorized web administrators.
Editor: For communications staff or department leaders who manage published content.
Author: For staff members who publish their own posts.
Contributor: For staff who draft content that must be reviewed before publishing.
Subscriber: For limited-access use cases only.
Always assign the lowest role that meets the user’s needs.
Make sure the “Send User Notification” option is enabled.
This allows the user to:
Set their own password
Access login instructions
Securely activate their account
Avoid manually emailing passwords whenever possible.
After completing the form:
Click Add New User.
The account is now created.
After adding a user:
Confirm they received the email.
Verify they can log in.
Confirm their role functions as expected.
If they cannot access certain features, review their assigned role.
To edit a user:
Click Users → All Users.
Click the user’s name.
Update role or information.
Click Update User.
Changes take effect immediately.
When an employee leaves or no longer requires access:
Click Users → All Users.
Hover over the username.
Click Delete.
If the user created content, you will be prompted to:
Delete all content, or
Reassign content to another user
Always reassign content to preserve public records.
Removing unused accounts is critical for security.
Remove access promptly when employment ends
Conduct annual user audits
Limit the number of Administrator accounts
Require strong passwords
Consider two-factor authentication
Never share accounts between employees
Each account should represent one individual.
Assigning Administrator access unnecessarily
Using personal email addresses
Sharing one login across multiple departments
Forgetting to remove access after staff changes
Not reassigning content when deleting users
Account management is part of website governance.
For a municipal website:
IT Department → Administrator
Public Information Officer → Editor
Parks Department Staff → Author or Contributor
Council Clerk → Editor or custom role
This structure ensures accountability and controlled publishing.
To add a new user:
Go to Users → Add New
Enter official information
Assign the appropriate role
Send notification
Confirm access
Proper user management protects your website’s integrity, security, and public trust.