It’s a tale as old as time in the online world… a staff member leaves, a contractor wraps up their project, but their login still lingers on your website like an uninvited guest at a party.
It might not seem like a big deal, I mean if they’re not logging in, what’s the issue? But old user accounts can be a sneaky way for people/bots to get into your site. All it takes is one weak password or a forgotten email account and suddenly your site is wide open.
In today’s Lil Bit Better tip, we’ll look at why removing old accounts matters, how to spot them, and the safe way to tidy up your user list without breaking anything. By the end, you’ll have a quick action task to tighten your site’s security.
Why Removing Old Accounts Matters
- Security risks: Every extra login is another doorway into your website. If that person’s email gets exposed, your site could too.
- Outdated access: Contractors or staff may still have permissions to edit, publish, or even delete content. Yikes.
- Audit trail: If something changes on your site, you want to know who did it. Old accounts can add to the mess.
- Good housekeeping: Less clutter = easier management. Clean accounts mean you know exactly who has access.
Think of it like giving back the keys to your house. If someone no longer lives there, you wouldn’t want them to keep a spare.
How to Find Old User Accounts
- Log into your WordPress dashboard.
- Go to Users > All Users.
- Look for anyone you don’t recognise, or people who haven’t logged in for months/years.
- Double-check with your team (if you have one) before removing accounts, just in case.
Pro tip: If you run a bigger site, consider installing an activity log plugin so you can actually see who’s logging in and making changes.
What to Do Before You Delete
Sometimes old accounts have created content (blog posts, pages, products). If you delete the account outright, you risk losing that content too.
When removing a user in WordPress, you’ll be given 2 options:
- Delete all content – removes everything they created (use carefully).
- Attribute content to another user – the safest option! Choose your main admin or editor so nothing disappears.
Removing an Old User Account
Step 1: Go to Users > All Users.
Step 2: Hover over the account you want to remove and click the Delete link that will appear.
Step 3: Choose Attribute all content to… and choose your preferred user.
Step 4: Confirm deletion. Done!
Mistakes to Avoid
- Leaving admin accounts active: Don’t let old staff keep admin access. Not to repeat myself but it’s like someone not returning keys to your house.
- Not checking who owns the content: Avoid losing posts or pages by reassigning them first.
- Sharing logins: Create separate accounts instead of handing out one shared login. That way, removing access is simple.
Bonus Tips
- I recommend running a user account audit once or twice a year.
- For contractors, set a reminder to remove their access as soon as the project ends.
- Consider using Editor or Author roles instead of Admin. Quite often people don’t need full access.
Make Your Website a Lil Bit Better
Your task for this week is to log into your website and remove any old users on your website. Follow the instructions outlined above. 🙂
It’s a quick win and one less thing to worry about!
Wrap Up
That’s it! Cleaning up old user accounts is quick, simple and keeps your website safer in the long run.
If you found this helpful, subscribe to my Lil Bit Better email series – each week I’ll send you a bite-sized tip to make your site just a lil bit better.
And if you’d rather not worry about the behind-the-scenes stuff at all, my Website Care Plans include ongoing security checks, user audits, and backups so you can sleep easy.
