Site Administrators are bestowed a lot of power with an administrator account. But with that power comes great responsibility. Admins should be aware that they have the unfiltered_html capability.
With that said, it is recommended that admins use their administrator accounts for administrative purposes only. An admin should create a secondary Editor account for themselves for the posting of content. Using the Editor account will provide a layer of security when posting content to the website.
Whether malicious code is explicitly, unintentionally, or even unknowingly added into a page or post, the HTML filter applied to Editor, Author, & Contributor roles will guard against these occurrences.
- Minimize the creation of admin user accounts.
- Admin users should utilize a secondary editor account to commit new posts or updates.
- Keep passwords safe and confidential.
- Do not use the browser to save log-in credentials.
- Uninstall any unused and potentially harmful browser extensions.
- Do not use unsecured public wi-fi access when logging into your website.
- Make sure workstations are running an updated anti-virus program with scheduled scans.