Last time we showed how to make sure unwanted visitors cannot access your private intranet. In this article we will talk through ways to make sure that once authorized users (perhaps employees) do have login details, they can edit and view the content they are supposed to.
Next time we will cover user management tactics – actually creating accounts for your employees – but it can be worth doing some groundwork first to ensure that those new accounts have the access they require.
To be clear, you can always come back and set up the access levels in the future (although it might be a bit more work), so if you’re just experimenting with the possibility of setting up an intranet at this stage, feel free to take a bit of a break for this part of the course…
Default User Roles
You will need a clear idea about who should be able to write their own content, and more importantly edit or delete others’. You should never make too many Administrators (able to change site configuration and remove other users), but for a small single-site intranet, you might well want all employees to be Authors who can be trusted to change any of the content.
For more details of the various roles, please see our guide Making the most of WordPress’ user system. Below we discuss how to set the default roles for single-site (normal) WordPress installations, and then for multisite installations.
Single-site default role
In a single-site installation, just load up your Admin panel and go to Settings -> General. There is a drop-down called ‘New User Default Role’ which allows you to select the default role assigned to any new users when they are registered. To start with, it should be set to the lowest level of Subscriber.
Multisite default role
Things are a little bit more complicated for multisite installations. By default, new users will have accounts created so they can login, but they will not actually be members of any of your sub-sites. They won’t be able to do a lot! Unless you install a special plugin, an administrator will have to add each new user to each site manually. For a large organization, that might be preferable – perhaps you don’t want many teams to access each others’ sub-sites.
If you do want new users to be added to all sub-sites automatically when their accounts are created, install the Multisite User Management plugin. From the Plugins page in your admin panel, search for the plugin by name to install it.
As shown in the screenshot here, you can choose a default role for each sub-site in your network.
Perhaps you will make all users Contributors to all sub-sites by default, and then if you need to make any exceptions – such as the head of sales being an admin of only the /sales sub-site – then you can always change individual users’ settings later.
The Landing Page
When users login to your intranet, one of two things may happen:
- If they were trying to access a protected page, but have been required to login to access it, after successful authentication they should just be redirected back to the original page they were trying to view. All good.
- If they followed a link straight to /wp-login.php to login, then by default they will find themselves in their own cut-down version of the WordPress admin panel, which will just be a page to edit their ‘profile details’ for most non-admin roles.
The second scenario is a bit disappointing in most cases, so again some plugins come to the rescue.
Peter’s Login Redirect plugin allows you a lot of flexibility over the landing page for users when they login directly to your site. Once installed and activated, in your Admin panel go to Settings -> Login/logout redirects. There are granular controls if you need them, but otherwise just look for the ‘All other users’ section and enter the URL you want users to see when they first login. You can use ‘variable’ codes to represent the user’s username in order to build a URL that may not be identical for each user, but varies depending on their username.
For multisite, you may need to set up redirects for each of your sub-sites independently.
In this article we showed how to make sure your authorized users are able to use your site once logged in. But how do you go about creating user accounts for all your employees (and only them…) in the first place? In the next article we will discuss some ways to easily create and manage accounts for your intended users without it becoming a burden for you as admin. And if you want your employees to fully use the intranet, you don’t want them to take on the burden either. The next part is now available here.
Since writing this intranet guide, we received a lot of feedback asking if there was a simpler way to turn WordPress into a typical corporate intranet instead of having to cherry-pick features from a series of free plugins. So we released our own All-In-One Intranet plugin. If you want to cut to the chase and set up your intranet quickly and easily, backed by expert support from ourselves, see more details and purchase here: All-In-One Intranet product page.