If you operate a business or manage large projects you know how important a multi-user environment can be. In this post, I’d like to give some tips and tricks on how you can operate a website safely using WordPress’ built-in tools and some advanced features MyKinsta offers you.

The Benefits Of Multi-User Environments

There are two main benefits that arise from the ability to access software with different user levels – security and convenience.

If only one user has ownership-level access to your hosting account while all the other users have reduced permissions you are mitigating a large portion of risk. Every user has access to what they need and nothing more.

Trust in your users is only part of the issue. Each user has third-party logins that could affect any service – chiefly their email. If someone hacks a trusted employee’s email they could disrupt your application.

As for convenience, giving everyone the access they require can ease their job. If you give a user Billing access in MyKinsta they will not have access to sites, analytics and other data at all. They just see billing related items like company settings and invoices. Reducing the noise allows billing users to do their jobs more easily. This is also handy in an agency situation where your accountant shouldn’t necessarily have access to site details.

Hosting And WordPress Accounts

Managed WordPress hosting can be a little different from other applications because you are operating under two distinct and different software systems.

Access to your hosting dashboard (MyKinsta for Kinsta) should usually be restricted to a much smaller set of users than access to your WordPress admin. You may have scores of writers, proofreaders, editors and developers but in most cases, they won’t all need access to your hosting environment.

Setting Up A Good Multi-User System In MyKinsta

In this section, we’ll give you some recommendations through MyKinsta but the general principles can be applied to any hosting environment. In MyKinsta we offer Company and Site users. Company-level users can access company-level information while site-level users have access to individual sites only.

We offer four user roles at the company level.

  1. Company Administrators have access to everything, including all sites.
  2. Company Developers can manage all websites but don’t see company billing or settings.
  3. Company Billing users only have access to company settings and billing information, and do not have access to sites.
  4. A Company Owner has the same permissions as Company Administrators with the added capability to request account closure.

For site level users, we offer two user roles.

  1. Site administrators have access to all environments (live and staging) for assigned sites.
  2. Site developers only have access to staging environments for assigned sites.

For more information about our user levels take a look at our Knowledge Base article about how my Kinsta roles work.

Company-Level Users

With that in mind you can set up your users with the correct accesses, here’s what we recommend:

Site-Level Users

Depending on how your business is set up you’ll want to invite site-level users differently. Here are some scenarios to consider:

To learn more about MyKinsta user roles, check out our in-depth knowledgebase article.

Advanced Usage

We’ve added a couple of bulk actions to make sure you can get everything set up in as little time as possible. The two most important ones are adding multiple users to a site and how to remove users from sites. See the links for descriptions and videos.

Using WordPress User Roles

If you use MyKinsta’s multi-user feature in tandem with WordPress’ built-in roles feature you are greatly reducing risk. The same general advice from above applies to WordPress. By default WordPress offers the following roles:

In this post, we give you a good explanation of what each one does. In a nutshell: administrators can do anything. Editors can manage all posts while authors can only manage their own. Contributors can write and manage their own posts but can’t publish. Subscribers can only manage their profile.

At Kinsta we give our authors the contributor role because publishing is done by the marketing team. Some authors, particularly those on our non-English sites like the Spanish blog may receive the editor role. This is because they may need to do small edits to posts which we couldn’t do otherwise due to language barriers. Even so, these are trusted partners, a typo if preferable to a security breach.

Administrator privileges are only given to a couple of people to make sure we have someone online at all times who can manage all settings if needed.

If you need to modify the default roles or want to create your own you can do so via custom code or plugins like User Role Editor. These methods give you granular control over your whole website.

Further Good Practices

Roles and permissions have nothing to do with a person’s hierarchy in a company. Don’t insist on having an actively used admin account everywhere because you are the CEO. In other words: don’t let your ego dictate your permissions.

At Kinsta we use G Suite and 1Password. G Suite is great for being able to reset passwords to any company email account in an emergency and 1Password is great for storing login credentials – including two-factor authentication codes. This way if a manager really needs to he can gain access to most accounts without having to operate an administrative account for each service we use.

Make regular security sweeps. Organizations change quickly and forgetting to remove someone from a project is not uncommon. Security sweeps ensure that everything is current and secured. On the website, we do a quick sweep every couple of months. If a user with the author role hasn’t written any posts for a while we’ll make them a contributor. If they start writing again they’ll let us know and we can me a decision about the update then.

The Future Of MyKinsta Multi-User

We built the multi-user feature from the ground up based on interviews conducted by our UX team. We solved the most common cases that came up and we think we’ve made something that every user will enjoy. We’ll continue to listen to feedback and improve this corner of MyKinsta, just like we have improved other systems.

We’re particularly interested in catering to the needs of agencies, if you have any thoughts, ideas or comments let us know. Log into MyKinsta or grab one of our plans now to get started. Multi-user is enabled on all our plans out-of-the-box.


If you enjoyed this article, then you’ll love Kinsta’s WordPress hosting platform. Turbocharge your website and get 24/7 support from our veteran WordPress team. Our Google Cloud powered infrastructure focuses on auto-scaling, performance, and security. Let us show you the Kinsta difference! Check out our plans