Managing Multiple User Logins for WordPress
This article will address creating user accounts in WordPress and how to assign them with different roles. The following topics will be discussed in-depth:
- Why Have Multiple Users?↴
- How Do I Create a New User?↴
- What Roles Do I Assign Users?↴
- What Do I Do When My Developer is Done?↴
Why Have Multiple Users?
If you're not familiar with using WordPress, the first question you may ask yourself is why you would create multiple users for your WordPress installation. The most immediate answer is if you wish to have developer access to your WordPress account. You'll need to create additional user accounts to provide this without giving away your admin credentials or even your Customer Portal credentials to access your WordPress account.
How Do I Create a New User?
The following video will provide instructions for how to create a new user in WordPress:
These instructions will walk you through the process as well:
- Log in to your WordPress Dashboard.
- Click Users on the left-hand sidebar.
- Click Add New in the top left corner of the page:
- Enter the following information:
- Username: The username the user will log in with.
- Email: The address they will use to reset their password.
- First Name (optional): The first name of the user.
- Last Name (optional): The last name of the user.
- Website (optional): The user's homepage if the user offers one.
- Password and Repeat Password: Select a strong password for the user, so their access is secure.
- Send Password: Select whether or not to send the selected password to the email.
- Role: Select the role for the user. Read more about roles if you're unsure what role to assign to your user.
- Click Add New User.
What Roles Do I Assign Users?
When adding new users, it's important to restrict their access so that they may not do more than they are allowed to the inside of your WordPress site. For example, you would not want an author who should only be writing and editing articles making changes to your website pages or an editor who should only be making changes to your page content installing plugins or changing your theme.
Restricting this access is what roles are for. Here is a list of roles available on the Add New User page:
- Administrator: Full access to everything inside of your WordPress, including (but not limited to): themes, plugins, users and user privileges, posts, pages, menu bars, and all settings. Most developers will require an Administrator role.
- Editor: This user has access to all posts, pages, comments, categories, tags, and links. This role is ideal for an editor who needs to edit the content for your entire site.
- Author: This role allows users to write, upload photos to, edit, and publish their posts.
- Contributor: This role restricts users from writing and editing posts until they are published.
- Follower (public sites) / Viewer (private sites only): This role allows users to read private posts and comment on posts and pages.
Administrator
An Administrator has full power over the site and can do absolutely everything. Administrators can create more Administrators, invite new users, remove users, and change user roles. They have complete control over posts, pages, uploaded files, comments, settings, themes, imports, other users – the whole shebang.
Nothing is off-limits for Administrators, including deleting the entire site. This is why we recommend having only one administrator per blog.
Editor
An Editor can create, edit, publish, and delete any post or page (not just their own), moderate comments, and manage categories, tags, and links.
Author
An Author can create, edit, publish, and delete only their posts and upload files and images. Authors do not have access to create, modify, or delete pages, nor can they modify posts by other users. Authors can edit comments made on their posts.
Contributor
A Contributor can create and edit only their posts but cannot publish them. When one of their posts is ready to be published or revised, the administrator needs to be notified personally by the Contributor to review it. Furthermore, once a Contributor's post is approved and published by an Administrator, it can no longer be edited by the Contributor.
Contributors cannot upload files or images, but they can see your site's stats.
Follower (public sites) / Viewer (private sites only)
Follower
Followers do not have any editing privileges on your site whatsoever, and they are simply people who have signed up to receive updates each time you publish a new post. The only thing they can do on your site is left comments (if you have them enabled), though they do not have to be a follower.
If your blog is public, anyone can follow it, but you can also send out invitations to specific people you'd like to share your blog with.
If your blog is private, nobody will be able to follow it unless you specifically invite them, at which point they become a Viewer.
Viewer
Viewers are users who can only view private sites. Like Followers, Viewers do not have any editing privileges. All they can do is read the private site they were invited to and leave comments on it (again, only if you have enabled them).
What Do I Do When My Developer is Done?
When you no longer need work from your developer, it is best to remove their administrator privileges for security purposes. The following video will provide instructions for how to change user privileges in WordPress:
These instructions will walk you through the process as well:
- Log in to WordPress.
- Click Users in the left-hand sidebar.
- Place a checkmark next to the user you wish to change permissions for.
- Click on the Change role to dropdown box and select the reduced role you want to use.
- Click Change.