As an open-source site building platform, WordPress is loved by more and more people. Although WordPress is easy-to-use and time-saving, it is still difficult to successfully manage a website alone. Thus, invite capable people to help site owners to manage website is the best choice, which make WordPress User Management important.
Different people have various merits and accordingly they need to be responsible for different sections. For example, some are good at blog writing while others do well in article editing. In this case, user role assignment is a key to divide the work explicitly so as to make users know their responsibilities.
In the following WordPress tutorials, we focus on introducing the WordPress user roles and and user management.
WordPress User Role Management
By default, WordPress classifies user roles into 6 categories: administrator, editor, author, contributor, super admin and subscriber. Different roles are allocated with various rights, which means they are responsible for different section.
- Administrator – This is the big boss who is authorized to do anything on the dashboard, such as deciding which theme to use, changing essential files, and changing other users’ roles.
- Editor – As the name suggests, editor is responsible for all content editing things including edit, delete, or publish a post or page. However, editors don’t have access to the whole website design business like widgets, plugins, and themes.
- Author – The role of authors is a little bit similar to that of editors. Their differences lay in that the former can only edit, delete and publish their own articles while the latter can handle all the posts and pages.
- Contributor – Contributor is something like guest writer which means they can write, delete, and modify their own unpublished articles. However, they don’t have access to media library and published articles nor do they can publish articles themselves.
- Super Admin – This is the only one who can access the site network options to manage themes, plugins, sites and users.
- Subscriber – Subscriber has the least privilege among the five user roles that only can create profiles, read posts, and write comments to them.
Add Users Roles in WordPress
After understanding the function and rights of different user roles, you need to know how to add new users to your website. Thus, we give you comprehensive instructions step by step.
Firstly, log into your WordPress account and navigate to dashboard. You can see Users on the left side under Appearance. Click on Users and then click on Add New. After this, there is a format need to be filled including Username, First Name, Last Name, Email, and Password.
When finishing all the information above, you can see Role in the last line. There are several choices presented to choose the role of users. After completing the form, just click on Add User. Here, a new user is successfully built, and he or she can access to the dashboard by using the given username and password. Note that users need to reset admin password after get into the dashboard for password protecting the account.
Add WordPress Custom User Roles
Actually, the above-mentioned 6 roles may not be enough to meet the requirements of people who hanker for more user role settings. The following words deliver the information about how to add custom user role in your WordPress with the capability of “add_role()” so as to create more flexibilities.
There are 5 capabilities used to manage roles, including “add_role()”, “remove_role()”, “add_cap()”, “remove_cap()”, and “get_role()”, among which “add_role()” is a leading capability to add a customer user role, which is defined as below. Here, you need to add this code in the function.php file.
Defining the User Role
Suppose that you name a user role as “Guest”, and then, you are required to assign the abilities to it. Here, we enable this user role to edit posts, create posts, edit others posts, edit pages and manage categories.
After finishing the definition of a user role, you need to write the code like what we display as below. Note that, the “array” code is designed to show the capabilities orderly.
To avoid the abuse of capabilities, you can set the code to disable users to do something according to your needs, like editing themes, installing plugins, updating plugins, and updating core. Thus, the code should be like that.
Make Use of User Role Editor
This tool can help you change any user role capabilities as you want with a few clicks. With the changes in requirements, you are allowed to add new capabilities or remove anything unnecessary.
After having the User Role Editor installed, you can find it under Dashboard > Tools > User Role Editor to view dozens of core capabilities by default.
From the various options, you are required to check whatever you want to add custom user role, such as “delete_others_pages”, “edit_plugins”, “add_users”, “edit_private_posts”, and so on. However, if those capabilities cannot meet your requirements, you can add new role by clicking the “Add Role”.
Just like what we have shown as below, you can view all users’ information via Dashboard > Users as well as edit, delete and view their capabilities.
For any capabilities displaying below, you have the right to check it or delete it according to your own needs.
Besides, this powerful plugin enables you to change tole for users without role.
Plugins for WordPress User Role Controlling
As users’ roles and powers are fixed in WordPress, there is less room for site owners to customize the user roles themselves. Besides, consuming you have many users, managing those roles through dashboard can be tedious and time-consuming. However, don’t worry, there are easy-to-use and practical user role control plugins that create for user managing.
You can quickly create new roles in WordPress with this plugin. Besides, you can grand any power to a role as you wish. For example, you can create a new role named as Manager and let it help you manage all the users, but limit his right to edit and create users with the contributor user role.
Members not only make it easy to create, edit, and delete user roles, but also simplify the process to increase or decrease the capabilities of these roles. Besides, the plugin offers free shortcodes for users to decide who have the right to access content.
Force Strong Password on Your WordPress
Website security has been a big concern for all site managers for long. People follow WordPress security tips, using security platforms, and WordPress plugins to keep their sites safe. However, the most vulnerable and easy to be neglected part is to strengthen users’ password. To arouse people’s attentions in this part and help webmasters develop secure websites, we write why and how to force strong password for users.
Why to Force Strong Password for Users
Any responsible site manager may have already done a lot of work on website security. However, they can just manage problems on the site, how about all the users on the multiuser blog? With the growing of a website, there will be more and more users who have permissions to enter your website, and every one of them have a username and password.
If any user chooses simple and easy-to-guess password like password123, letmein, or any other straightforward combinations, he or she will leave a big chance for hackers to cause damage on your website. Therefore, forcing complicated and a strong password for users is a necessary step to enhance website security.
Force Strong Password for Users with Codes
Every little configuration on a website may become a serious headache for WordPress beginners. Therefore, our editors not only explain why you should force strong password, but also give solutions about how to achieve this easily. In the following, we present all codes that are needed to enforce users to create strong password and what you need to do is copying and pasting them into your function.php file.
Force Strong Password for Users with Plugins
As a popular blog platform, WordPress provides a lot of plugins to enrich WordPress extensions. Considering strong password is the necessity of creating a wonderful website, WordPress developers create many password generator plugins to enforce users to apply complex passwords. In the following, our editors carefully pick out some popular and easy-to-handle ones, hoping that readers can get great benefits from them.
WP Password Policy Manager
When users’ passwords expire, the plugin requires them to reset password according to a series of policies. For example, the new password should not be the same as the username or the previous password. There need to be at least seven characters length, and the new password is required to contain numeric digits, special characters, and case characters.
Enforce Strong Password
The plugin is designed for personal use and aims to enforce all users to use a strong password when changing it on the profile page. If someone type into a simple and weak password, the plugin will send an error message and display it on the setting page. Besides, Enforce Strong Password utilizes the same algorithm as WordPress to decide whether a password is complex enough. In this way, the plugin can provide the highest level of password protection service for all webmasters.
Simple User Password Generator
Simple User Password Generator embeds a new button on the edit and add user screens to allow site managers generate strong password for users. Besides, there is an option to encourage users to change their insecure password into strong ones. What’s more, the plugin is easy to use without any configuration screens and new settings.
How to Recover a Lost Password in WordPress
In WordPress, password is a string of characters with which you can gain admission to the backend. But with too many passwords remembered, chances are that you will forget your passwords now and then. Then how to recover a lost password in WordPress is a common question we have received from a great many readers.
In fact, you have no need to worry about the situation where you forget your WordPress password and fail to login to the dashboard. WordPress not only provides you an easy way to recover a lost password but also enables you to reset a WordPress password from phpMyAdmin. In this article, the two methods are explained in detail so that you can better deal with the forgotten password in WordPress.
Recover a Lost Password Using Email
The first thing is to land on your login page, for example, http://creatwebsite.pro/wp-login/. Replace the example website address with yours. Below the WordPress login form shows a password reminder “Lost your password?”. The screenshot below clearly points out where the link is.
With a click on that link, you will be redirected to another page where your private information is asked. You have the option to enter your WordPress username or provide your email address.
Here you are required to enter the valid information and click the Get New Password button. And an email will be sent to the email address you use to install or register on the WordPress site. At the same time, on the login screen will show a notification: Check your email for the confirmation link.
It doesn’t matter if you have not received the email immediately. What you need to do is to wait a few minutes for its coming. There is a great possibility that you encounter the failure to check the email in the inbox. Then another place to find the email is Spam or Junk Mail folder.
Below is a typical example of how the email looks.
Going through the confirmation link, you will come back to your WordPress site. By default, there will be a strong password generated by WordPress. Also, you have the freedom to replace the default one with your own password. And WordPress will show you whether the entered password is strong enough or not with the strength indicator.
The basic requirement is that the password should contain more than 12 characters long. It is advisable to use numbers, upper and lower case letters, and symbols, for example, &. This can make your password stronger to better protect your WordPress account.
The next step is to click on the Reset Password button. Then what comes after saving your changes is a notification of “Your password has been reset. Log in”.
At this moment, you have recovered a lost password in WordPress via email. With the click on the Log in link, you can use the new password to enter the WordPress backend.
Recover a Lost Password from phpMyAdmin
In the process to reset your password with the first method, you may fall into difficult situations. One is that you have no access to the email address associated with your WordPress account. The other is that WordPress fails to send you an email.
With the consideration of not receiving the confirmation email, we also show how to recover a lost password from phpMyAdmin.
A phpMyAdmin icon should be noticed under the databases section, having logged into your cPanel or other admin panel account.
After clicking on that icon and being taken to phpMyAdmin, you have the need to select your website database from the listed options on the left.
In the database, you should click the table wp_users to browse.
As a result, choose the account which you want to reset the password. The edit button is available for you to make changes.
All the user information fields will be learned from the form phpMyAdmin shows. Here you are required to replace the value with a new password in the user_pass field. And before finishing the whole process, choose MD5 from the drop down and press the Go button.
The reason to choose MD5 is to achieve a higher level of your website security. The password will be stored as MD5 hash instead of the plain text.
In fact, the former method is much easier to use than the latter one. Advanced users can reset their WordPress password via phpMyAdmin. In most cases, however, beginners are more advised to recover a lost password via email.
Monitor User Activity in WordPress
WordPress allows you to manage multi-author blogs. This kind of blog enables you to handle the operations efficiently and conveniently by the division of work. However, there are several challenges that you have to face in multi-author blogs, such as managing workflow, moderating comments and approving registrations.
Therefore, you might be looking for a measure, with which you can monitor the actions of other users. In this case, we’d like to introduce the methods of how to monitor user activity in WordPress sites. Note that this practice allows you to detect mistakes, along with the identification of a user who has committed the wrong things. Moreover, you can fix an error conveniently and suggest the trouble-maker to avoid it in the future.
Set up Simple History Plugin to Monitor User Activity
To begin with, you should download the Simple History Plugin on your desktop and upload it to your WordPress site. Upon activation, you must navigate to the Settings page of the plugin for configuring the settings efficiently.
On the settings screen, you get an option to select the page where you want to see the user activities. You can either choose the dashboard or a customized plugin page for monitoring the notifications. For more convenience, you are allowed to choose both of the options.
In addition to this, you can activate the secret RSS feed for tracking the user activities. This is used by many administrators because it hides the history page from some wrong hands, meaning that only people you trust can check the feed. Moreover, you get the secrecy to track activities of other users without their knowledge.
By default, the Simple History plugin stores history up to 60 days from its date of occurrence. In simpler words, you can track the activities of users executed in the last 60 days. Data older than 60 days are automatically erased from the database. However, if you want to erase history at any time, you can hit the “Clear it now” option available in the settings page of the tool.
However, what kinds of activities are recorded by the plugin? To be precise, the Simple History plugin keeps a record of basic activities such as login, logout and user profile changes. In addition to this, it tracks post related activities like post/page edit, deletion, modification and creation. Also, it notifies you about the plugin and widget changes along with wrong password attempts.
Apart from the standard features, there is a unique offering that differentiates this plugin from other tools. With it, you can create a custom event. This means that you can keep a track of an upcoming event and plan it accordingly. Whether it is related to the development of your site or the change of your themes, create a custom event can keep you up to date.
If you do not want to use the Simple History Plugin for monitoring user activity on your WordPress blog, there are several alternative tools having similar effectiveness.
WP Security Audit Log
This tool starts tracking the activities of every logged in users upon activation. You can track everything happening on your site in a well-presented format. Hence, you are notified about the login and logout attempts, file uploads, page and post modifications, changes made to site settings. However, this tool doesn’t notify you about modifications bought into themes by other users.
ThreeWP Activity Monitor
This plugin can run properly with limited versions of WordPress. It requires WordPress v3.3 or higher and is only compatible with websites using up to WordPress v3.4.2, for it doesn’t get any update after 20th May 2014.
In terms of features, you can track the successful and failed login attempts of users, along with several other tasks. This involves updates, trashes, deletes and created posts or pages by users.
When it comes to security, you can track users’ attempts to retrieve, change or reset passwords.
This is a free tool that tracks activities as well as the data usage of other users. In addition to the basic features, you can activate various functionalities from the settings menu of the plugin. This involves theme switching, user page visits, file attachments, user logins, comment and category management and link management.