managing user roles in wordpress
TRANSCRIPT
angelawilsononline.com http://angelawilsononline.com/managing-user-roles-wordpress/
Posted on11.18.14
Managing user roles in WordPress
Anytime you have a staff change, switch contractors or change host providers, you should check the type of accessthat person had to your WordPress site. Chances are, you will need to update user roles, so people who no longerwork for your company or nonprofit cannot make changes to the site.
What are WordPress user roles
WordPress is an extremely robust content management system. Not only does it allow you to create a powerful web‐site, it also allows you to create various roles for contributors.
For example, someone could have full access to your site — from themes and plugins to posts — while others mightjust submit articles for approval. Below are basic user roles for WordPress.
Administrator — This person accesses all WordPress features within a single site. They can create and edit posts,create new user accounts, post for users, add plugins and switch or edit themes.
Editor — This user is in charge of content. Editors publish and manage posts and pages for themselves, as well asother users. They also moderate comments.
Author — These bloggers publish and edit their own posts, but nothing else.
Contributor — Great for contractors, or the occasional freelance writer, contributor status allows writers to submit oredit posts, but not publish them. Only an editor or Administrator can publish a Contributor’s stories.
Subscriber — This person reads content and maintains profile information.
You can get complete details about user roles on the WordPress Codex. Scroll down the page for the Capability vs.Role Table.
Why you should update WordPress user roles
Who has access to your WordPress site isn’t something you think about all the time — but it should be. It’s tieddirectly to your site security.
A disgruntled employee could hijack your site by changing all access passwords, themes and content.
A hacker could get into an unused account that has a poor password.
A well-meaning employee with too much access could try to be helpful by making changes, and end up crash‐ing your site.
You need to know who can access your site — and what type of access they have. It is especially important to keeptabs on who is an administrator, since they have complete site access.
How to update user roles
WordPress makes it easy to manage user roles. Within minutes, you can add new posters, delete accounts, or con‐solidate users under one role (which might happen if you put posts all under an “admin” account.)
Here is how to manage WordPress user roles:
After you login, scroll down the until you see Users in the left column.
This opens up a screen to current users.(You will notice that under Users in theleft column, a few options appear. Youcan click to add a new user, orupdate your own profile.)
Click the name of the user you want to change. In this example, I’ll use the Demo. When you click a specific user, youwill see all of the options for that user. There are a LOT. You can add biographies, social media handles, and update
emails and displays.
However, for this post, I’ll focus on user role.
Scroll down the page until you see Role. It comes under the Name section.
In WordPress, all new users default to Subscriber. In the drop down menu, you can change a contributor’s role on thewebsite.
Notice at the bottom of the drop down menu there is the option, No role for this site.
That means you can keep a user’s name on posts, but give them no further role on the website.
This is a great option for publications that frequently use contractors or freelancers to produce copy. It is also useful
when a full-time employee leaves and will no longer be posting, but should continue to get credit for articles published.
Once you select a new user role, click Update User at the bottom.
Challenges of WordPress user role management
It’s tough for many businesses and organizations to keep track of website maintenance issues like user rolemanagement.
Too many times, staff changes and lack of knowledge about the platform keep businesses and nonprofits from updat‐ing user roles.
High turnover, volunteers with no knowledge of the system and bosses who don’t understand WordPress cause manyto allow user roles to fall to the wayside.
There are ways to make it manageable — without a lot of fuss.
Every business owner or nonprofit director should have administrative access to the site — even if they rarelyuse it. They should also have access to documentation about user roles in the organization — even if it is justto share with a web designer or new employee.
Every organization should have at least two people with administrative access to the site. If one leaves, thereis always another person familiar with the system.
Someone besides the web designer should have administrative access. If you don’t part ways amicably, youmay get locked out of your site. (Unfortunately, this can happen.)
Keep documentation for future administrators about who has what role for site design and posting. This docu‐ment should be updated with every personnel change and kept on a drive accessible to all administrators.Google Drive, DropBox or iCloud are great resources for document storage.
At least one administrator or the IT department should have access to all user passwords. Some will balk atlack of privacy, but I have found it a necessity. Employees rarely keep track of their passwords and aren’talways able to reset it themselves. They expect someone else to do it for them. It also makes troubleshootingissues from a specific user account much easier.
Even if there are no personnel changes, user roles should be reviewed every six months. You would be sur‐prised how much changes, even when people don’t leave.
WordPress is an incredibly robust content management system. You have many options for various users on yoursite. Make company policies about who should have what roles — and follow them. Review who has access to yourWordPress site on a regular basis for site security and general clean up of your site.