How important is it to set up a comprehensive user hierarchy on your WordPress sites?
This article will explain the benefits of creating multiple users for your WordPress site and how understanding the different roles users can have will give you the control needed to allow others to create content, without risking control of the site itself. The article will also teach you to check your site configuration to understand if there are any backdoors that unwanted visitors could use to register, view private content, or make undesired changes to your site.
Getting stuck in the ‘admin rut’
WordPress’ infamous one-minute installation process means it is straightforward to set up a new website or intranet. But in order to be so super-quick, it takes a shortcut that can often be the first step of falling into the trap of having just one user to do everything. It sets up a user named ‘admin’ by default, and it can often seem easier just to hang onto that, maybe even sharing its password with others, rather than taking a step back and setting up users and permissions that better mirror the way you want your organization to interact with WordPress.
Not only is this counter-productive for you and your team, but it’s also impersonal for your site’s visitors or users – every post is written by the impersonal ‘admin’ user: username ‘admin’, first-name ‘admin’, last-name ‘admin’…
There are even hacking attacks that take advantage of the proliferation of the username ‘admin’, brute-force guessing the password that a novice WordPress administrator might have entered.
Let’s say you are holding up your hand right now, and know that you’re more than the boring ‘admin’ you were tricked into labeling yourself (i.e. like most people, you actually have a real name). The first step is to identify yourself to the world!
All you actually need to do is to change your ‘Nickname’ from ‘admin’ to something else, then select it in the ‘Display name publicly’ dropdown list. This will at least list your chosen name as the owner of all your existing blog posts.
However, you’ll still have to enter ‘admin’ as your username when you login, and as you create more users for your other staff you will stand out as an anomaly who needs to be treated slightly differently (everyone else will have their name or maybe email as their username).
So, if you want to go the whole way, you’ll have to change your username too. That isn’t something you are allowed to do within a standard WordPress installation, but there are third-party plugins that let you do this. For example, http://wordpress.org/plugins/admin-username-changer/
For ideas of what to change your own username to, you’ll first need to decide on a strategy for naming all users in your organization.
Bringing on your co-pilots
It doesn’t need to be a complicated decision, but have a quick think about who else should be a user on your blog, and what they should be allowed to do. You might need to read the later sections about permissions to understand your options.
We recommend that you have a consistent policy for setting up new user accounts – we’re only talking about an informal decision, not that you need to write down a list of rules or anything! Let’s say, everyone in your organization has an email address at the same domain – everyone is just [email protected] or whatever – then you could just decide to take the first part of the address to form the WordPress username (i.e. “dan”). Or if you need a bit of flexibility – for example, if you might have contractors who need to login – be aware that you can just use full email addresses as usernames. And then have a policy on Firstname and Lastname for those fields, and the same for the ‘friendly name’ field.
But don’t let them drive too fast
So you’re delighted that it will be more manageable for other team members to contribute to your website – and maybe some of your readers too, especially if you want them to comment. But how do you stop them taking control of your site, and even removing you as a user? You’ve guessed if you don’t already know: you can set different ‘roles’ that restrict the capabilities of those users.
When you create a user in your admin panel, you specify a role.
Here is a brief overview of the standard WordPress roles for single-site WordPress installations (you’ll know if you have a Multisite Network, and differences for such an installation are listed later):
Admin
The all-seeing user who can do anything on the site: create new users, delete users, install new themes and plugins, plus all the day-to-day work of the site if they don’t delegate it completely. That means writing posts and pages, approving comments etc.
Editor
This user can’t change the technical structure of the site (by that, I mean they can’t install plugins or add/remove other users), but they have full editorial control on the content side of things. They can add/remove both pages and posts, and edit, delete, or approve other people’s content.
Author
An author can create their own new blog posts (but not pages) and publish them without authorization. However, they cannot interfere with other users’ content. They are allowed to upload images to their posts too, which Contributors cannot.
Contributor
This is basically a less trustworthy version of the Author role, and is especially useful for guest bloggers. You might want a guest blogger to be able to login to input their content directly (saves you copying it in manually, at the very least). But you don’t want them to publish it publically without it first being reviewed and approved by your core team. A contributor’s post has to first be approved by an administrator and then published. Once published, the contributor may no longer edit it. Should you want other members of the team to be able to approve and publish posts, you will first need to modify their roles.
Subscriber
These users are normally your readers – who, for a public-facing website, may need to login to comment or to receive additional functionality such as file downloads. For an intranet (or members-only) site, you might require that users have to register as Subscribers (or higher) before they are allowed to view any content at all.
Multisite Networks
If you have a more complicated set up known as a multisite network, where you are essentially running a whole set of different sites, then all the above roles are pushed down a level, and the initial user who created it all will be known as a ‘Super Admin’ – they have full control over the network itself, all other users, and the individual sites. They may then want to create Admin(s) for each sub-site, who have control over only their designated site(s) – although the capabilities for Admin in this situation are slightly reduced compared to the single site version: for example, it could be a security risk to the whole network if sub-site admins were allowed to choose and install their own plugins.
Backdoor Threats
Actually, this is almost the front-door… By default, WordPress will allow anyone on the internet to register as a user! If you don’t have a ‘register’ link on your site then you may not be aware of this, but people can register by going to /wp-login.php?action=register
To disable this, go in your WordPress admin panel to Settings -> General Settings -> Membership and uncheck Anyone can register.
On the same General Settings page, there will also be a New User Default Role dropdown. This will be applied to new users if you decide you do want people to be able to register themselves as users, and it should be at the lowest level of Subscriber unless someone else has changed it.
Google Apps
If your organization is using Google Apps to manage email, then our plugin will make WordPress user management a whole lot easier.
Google Apps Login allows users to log into websites and blogs using Google to securely authenticate their account, so no username or password is explicitly required.
For admins of busy, ever-changing corporate sites, the Premium version of the plugin provides an easy way to ensure that all your team has a WordPress account without having to manually set each one up, as they sync from Google Apps automatically.
New user profiles are populated based on their Google profile, and admins can specify a default WordPress role for new users.
The Premium version of the plugin also significantly increases security by ensuring that employees who leave or change roles can not login in the future, or gain unauthorized access to sensitive sites.
For more information, or to install the plugin, click here.
Conclusion
We hope this article has given you an overview of the different WordPress user roles, and how you can use them to keep your site more organized, accountable, and easier for you to manage in the long run!