Are you looking to add multiple users to your website? Maybe you’re looking to outsource the content editing and don’t want your editor to have full administrator rights to your website? WordPress allows you to set up a variety of different user types with different levels of access, so you don’t need to worry about compromising the security of your site. In this article, we talk you through the different types of users and how to add them to your site.
Adding a new user to your WordPress Site
To add a new user to your WordPress site, you will need to navigate to Users > Add New and complete the relevant information in the form:
Entering the user’s information
Username (required): Enter something unique but memorable. This is what your user will use to log in with. Rule of thumb is to make sure that the username isn’t something generic, like “admin” or “editor” as this is what potential hackers will attempt to use to log into your site. It’s best to use something like the user’s initial and surname, e.g. jsmith which is both memorable and less likely to be guessed.
Email (required): This is the users email address and will be used to send the new user an email about their account setup. You need to enter the correct address as this will also be used for password resets and notifications
First Name, Last Name, Website: All optional fields which users can input themselves once their account has been created and they’ve logged in.
Password: The account password is autogenerated to ensure the password is strong and hard to guess. You can click on the “show password” button to view the password that has been generated and make a note of it if you wish.
Send User Notification: This option sends the new user an email notification letting them know an account has been created for them.
Role: Here is where you set up the user permissions by assigning them a role. The role you choose determines the level of access the user has, and what functionality they can perform. It is important you choose the correct role for the user you are creating, for example, if the user you are creating only needs access to update content, you don’t want to give them full access rights and the ability to potentially bring the site down.
Understanding User Roles and What They Mean
WordPress comes with 5 standard user roles, however the WordPress websites we create also include SEO users and also shop managers or customers if you have a WooCommerce shop installed. We will focus on the 5 standard users as follows:
Administrator: The administrator users have full access to everything on your website. This role should not be assigned to a user unless you feel 100% confident they know what they are doing and you can fully trust them. Administrators can do everything from editing content, to installing/deleting plugins, edit theme templates, create/delete pages and create/delete other users. They even have access to website settings which, if updated incorrectly, could potentially take your website down.
Contributor: A contributor can add new blog posts, and edit their own posts. Contributors can write posts however they can not publish them themselves and would need a user with author or administrator rights.
Author: An author is able to add and edit their posts as well as publish. This role is ideal for people who you can trust enough to write and publish their own content live, however does not have the full administrator rights.
Editor: Editors have full access to all content within your website, from blog posts to website pages. Editors have the ability to add, edit, publish and delete their own posts as well as posts by all other users. However, they cannot access any website settings, update/add/delete plugins, or edit the website themes.
Subscriber: A subscriber can simply access and update their own profile on your site. They are unable to write posts or update any content. Subscribers are usually created on websites where visitors need to sign in to submit their comments on blog posts.
Managing the users on your website
Administrators need to make sure they keep on top of the users currently registered on their websites to maintain a level of security. Any old users no longer required to have access should be deleted from the website by simply clicking on users in the navigation, and deleting the users. You can also edit users from this same screen by hovering over the user and selecting edit.
Remembering to manage your users can be a task that you forget to do regularly. Our maintenance and support services allow us to look after the user management for you and our website audit will highlight any potential users that may be causing issues or vulnerabilities with your website.