Managing Multiple User Logins for WordPress

This article will address creating user accounts in WordPress and how to assign them with different roles. The following topics will be addressed in depth:

Why Have Multiple Users?

If you're not familiar with using WordPress, the first question you may ask yourself is why you would create multiple users for your WordPress installation. The most immediate answer is if you wish to have a developer access your WordPress account. You'll need to create additional user accounts to provide this without giving away your own admin credentials or even your billing portal credentials in order to access your WordPress account.

How Do I Create a New User?

The following video will provide instructions for how to create a new user in WordPress:

These instructions will walk you through the process as well:

  1. Login to your WordPress Dashboard.
  2. Click Users on the left hand sidebar.
  3. Click Add New in the top left corner of the page:
  4. Enter the following information:
     
    1. Username: The username the user will log in with.
    2. E-mail: The address they will use to reset their password.
    3. First Name (optional): The first name of the user.
    4. Last Name (optional): The last name of the user.
    5. Website (optional): The user's homepage if the user offers one.
    6. Password and Repeat Password: Select a strong password for the user so their access is secure.
    7. Send Password: Select whether or not to send the selected password to the email.
    8. Role: Select the role for the user. Read more about rolesSee Below if you're unsure what role to assign to your user.
  5. Click Add New User.

What Roles Do I Assign Users?

When adding new users, it's important to restrict their access so that they may not do more than they are allowed to inside of your WordPress site. For example, you would not want an author who should only be writing and editing articles making changes to your website pages or an editor who should only be making changes to your page content installing plugins or changing your theme.

Restricting this access is what roles are for. Here is a list of roles available in the Add New User page:

  • Administrator: Full access to everything inside of your WordPress, including (but not limited to): themes, plugins, users and user privileges, posts, pages, menu bars, and all settings. Most developers will require an Administrator role.
  • Editor: This user has access to all posts, pages, comments, categories, tags, and links. This role is ideal to an editor who needs to edit the content for your entire site.
  • Author: This role allows a user to write, upload photos to, edit, and publish their own posts.
  • Contributor: This role restricts users to write and edit posts until they are published.
  • Follower (public sites) / Viewer (private sites only): This role allows users to both read private posts and comment on posts and pages.

Administrator

An Administrator has full power over the site and can do absolutely everything. Administrators can create more Administrators, invite new users, remove users, and change user roles. They have complete control over posts, pages, uploaded files, comments, settings, themes, imports, other users – the whole shebang.

Nothing is off-limits for Administrators, including deleting the entire site. This is why we recommend having only one administrator per blog.

Editor

An Editor can create, edit, publish, and delete any post or page (not just their own), as well as moderate comments and manage categories, tags, and links.

Author

An Author can create, edit, publish, and delete only their own posts, as well as upload files and images. Authors do not have access to create, modify, or delete pages, nor can they modify posts by other users. Authors can edit comments made on their posts.

Contributor

A Contributor can create and edit only their own posts, but cannot publish them. When one of their posts is ready to be published or has been revised, the Administrator needs to be notified personally by the Contributor to review it. Furthermore, once a Contributor’s post is approved and published by an Administrator, it can no longer be edited by the Contributor.

Contributors do not have the ability to upload files or images, but they can see your site’s stats.

Follower (public sites) / Viewer (private sites only)

Follower

Followers do not have any editing privileges on your site whatsoever, they are simply people who have signed up to receive updates each time you publish a new post. The only thing they can do on your site is leave comments (if you have them enabled), though they do not have to be a Follower to do so.

If your blog is public, anyone can follow it, but you can also send out invitations to specific people you’d like to share your blog with.

If your blog is private, nobody will be able to follow it unless you specifically invite them, at which point they become a Viewer.

Viewer

Viewers are users who can only view private sites. Like Followers, Viewers do not have any editing privileges. All they can do is simply read the private site they were invited to and leave comments on it (again, only if you have enabled them).

Note: If someone is a Follower of your public site, and then you set that site to private, they do not automatically become a Viewer. Viewers must always be specifically invited. Viewers must also sign up to follow a private site if they would like to receive updates each time you publish a new post.

What Do I Do When My Developer is Done?

When you no longer need work from your developer, it is best practice to remove their administrator privileges for security purposes. The following video will provide instructions for how to change user privileges in WordPress:

These instructions will walk you through the process as well:

  1. Log into WordPress.
  2. Click Users in the left hand sidebar.
  3. Place a checkmark next to the user you wish to change permissions for.
  4. Click on the Change role to... dropdown box and select the reduced role you wish to use.
  5. Click Change.