User Management in WordPress

Your WordPress website has an admin area that can be accessed by you and anyone else you give permission to. As with most elements of WordPress, there’s a basic setup that comes with your WordPress installation, and then the details can be settled as your web team builds the website.

Basically, you have control over who has access to your website. Your web team (the people who built your website) must have full access to your website, though some designers prefer to use FTP access rather than or along with Administrator access in the WP Admin area. Your webmaster must have full access, and sometimes your web host may have or need access. It’s good to give someone you trust access, even if you are your own webmaster, in case you need help at some point in the future. However, many websites have just one user: the site owner.

You can give access to people by setting up User accounts for them, using the “Add new” button under Users in the left sidebar in the WordPress Admin area. Read on to find out about Users, Roles, and how to set up users. You, as a site owner, can also change people’s roles or delete them. This means that you can give access to someone who is working on your website, and then delete them when they have finished the work. This includes the people who build your website; an Administrator can delete other Administrators at will.

Once your site is launched, start with Settings. In the General Settings area, there is a check box saying “Anyone can register.” If you leave that box unchecked, no one can register, and the only other users will be those that you add (that’s what we do at this site). If you check the box, anyone can register, and you can control their roles. The default role is “subscriber” which means that the people who register themselves will have no access to the Admin area, except for their profile pages.


For the website in the example above, the possible roles include these:

  • subscriber
  • premium subscriber
  • contributor
  • author
  • editor
  • administrator

Depending on your theme and your plugins, there are many possible roles. The example below shows the basic options. A subscriber can read posts and be notified when you have a new post, but has no access to the admin area, except to manage his or her own profile. A contributer can write posts, but cannot publish them. The posts will be held for someone else to check and publish. An author can write and publish posts, but cannot edit or publish other people’s posts. An editor can edit and publish other people’s posts as well as his or her own posts. An administrator has access to all the features of the admin area. Administrators can change other users’ roles, update plugins (the administrator for the site below needs to do that), and delete the website. Be very careful who you set up as an administrator.


You might have noticed that most of these roles are about blogging. Those are not the only options, however. The site below contains a job board, so a person with the role “Employer” can manage the job board without having access to the blog or other parts of the admin area.


In the example below, an ecommerce site, many different levels of access are possible. This way, a Shop Worker can update products without having access to the financial data and a Shop Accountant can handle the books without having access to any sensitive data about individuals. This level of granularity allows you to give each team member access to needed information without worrying about sharing sensitive data with contractors or people in high-turnover roles. This is a need-to-know set up that can be important when you store sensitive information at your website.


The example below shows a different set-up with a Customer role that allows for some nice customer service options, but the Shop Manager has access to all information. While you can have your developer fine-tune User roles, it makes sense to check these options when you choose your ecommerce plug in.


One more example below shows the Usergroups for sites that use the Edit Flow plugin: Copy Editors, Photographers, Reporters, and Section Editors. These additional user roles don’t show up in the dropdown menu as the previous roles do, but must be set for each individual on their profile page.  This doesn’t change the amount of access an individual needs, but it allows the editor, for example, to send a message to all the photographers letting them know that an image is needed.


The profile page is accessible to the page’s owner — the individual User — and to Administrators. We’re Administrators on many of the sites we build and nearly all of the websites we manage. That lets us help out with lost password issues, fix problems in posts, and make updates for our clients. Unless we’re specifically asked to, though, we don’t make changes at individual profile pages. At websites with a community, the User information lets community members find out about one another. At many websites, people must sign up before they can leave a comment. On many sites, Subscriber sign up is connected with the newsletter sign up. Since the User profile can be used in many ways, it’s also possible to change it to suit your needs. Read on to see what’s on a typical profile page.

The profile page begins with choices for how the site should be presented to that particular User. You can choose a color scheme, disable the Visual Editor if you prefer to write in HTML rather than in English, make the toolbar visible when you visit the website, and use keyboard shortcuts when you manage comments (if your role allows you to do so).


Next is the information for the individual User. The Username is set up along with the User account and cannot be changed. You must have a nickname and and email address, and you must choose a public display name, but otherwise this information is all optional.


There is more information that can be provided, but it’s up to you. Some plug ins and themes will give you more options, and some plug ins and themes will use the information you include on the page in specific ways, such as in setting up an Author bio on posts. If you want to do something special with author data, make that call early and let your web designer know.


In short, User management gives you, the site owner, a great deal of control over your website. Traditional websites generally just let someone see everything or nothing, but WordPress User controls allow you to determine what information and features each of your Users can access.






Leave a Reply