User Management


In this workshop you’ll learn how to add, edit, and remove users within your WordPress website. This workshop will introduce the user roles that exist within WordPress, but will focus on the how-to of user management, and not the organizational philosophy behind deciding which users are assigned various roles and permissions.

Learning outcomes

After watching this workshop, viewers will be able to…

  • Update their own profile
  • Customize the visible columns in the Users table
  • Create a new user account
  • Enable/Disable the ability for users to register their own account
  • Use the search, filter, and batch modification tools within the users table to find and/or modify existing users
  • Add and remove permissions (via Roles and Capabilities) for individual users
  • Reset a user’s password
  • Disable a user without deleting them
  • Delete a user
  • Reassign a deleted user’s content to another user

Comprehension questions

  • What roles can be assigned to users?
  • How do you create a new user account?
  • When deleting a user, what can you do with their existing content?

Transcript

Hello, and welcome to this Learn WordPress workshop on user management. Today, we will learn how to add, remove and update user accounts within your WordPress website. User Management is important and useful for a few different reasons. For instance, you may want to add another user to your website without allowing public registration for new accounts. Or you may want to promote an existing user to a role where they can create content for your site, demote an existing user or remove their account entirely. Perhaps you created your website with the default administrator username, admin, and later learned that that’s not the best security practice and would like to change your own username. Lastly, as your website grows, it’s best security practice to disable or remove old and unused accounts. Let’s get started. Before we talk about how to manage users, let’s quickly go over the different roles and capabilities that a site owner can give to other users. This workshop won’t dive deeply into what each of these roles are capable of, or why you should give a specific user a specific user role, but you do want to be familiar with them. The WordPress Codex describes each role briefly as administrator, somebody who has access to all of the administrative administration features within a single site editor, someone who can publish and manage posts including the posts of other users, author, somebody who can publish and manage their own posts. contributor, someone who can write and manage their own posts but cannot publish them. And last but not least subscriber somebody who can only manage their profile.

For more information about the capabilities of each role type, you’ll want to review the complete roles and capabilities article in the WordPress Codex. For this lesson, we are assuming that you are the administrator of the WordPress site, and that you want to add and manage your users.

To manage users, you’ll use tools within the users menu on the dashboard, along with General Settings. Under users all users, you can see a complete listing of all users within your WordPress site, including your own user account. From the table listing, you’ll have access to bulk actions, where you can modify multiple users at the same time, add new, or add new here allows you to manually add a new user. This is important if users are unable to register their own accounts and all new accounts are created by you or another administrator. Your profile is where you can update information within your own profile. If you are instructing another logged in user to update their own profile, the same URL applies. Within the settings menu general includes an option for allowing users to register their own new account here under membership. By default, this option is disabled in a new WordPress installation. But if your website has many users, you may elect to enable this and only use your administrator account to promote specific users into roles with more capabilities. In the following lessons, we’ll dig into each of these screens and the important tasks you can perform within them. To update your own profile on the WordPress toolbar, you can hover over your user name in the upper right hand corner of the screen and select edit my profile. Or you can go to the user menu in the dashboard and select profile. Scroll down to the name section. This is where you can fill in your name, your nickname, contact information, your biography and your profile photo.

Your display name is the name shown when browsing content on the website. It typically appears as an author attribution on posts as well as comments on posts or pages. You may choose to display your WordPress username any combination of your first and last name. For your specified nickname. Please note that if you have not filled in your full name in the first name or last name fields, these options will not appear in the display name drop down. Likewise, if your nickname is the same as your user name, only one of the two will appear. Some themes will give you the option, or even hide authors from posts or pages. Your email address is required by WordPress to support system notifications, and to be used if password recovery is ever necessary to regain access to your account. Also note that if you change a user’s email address, including your own, WordPress will automatically email the previous email address with a notice of email change message. This is a security feature to allow a user to report any malicious or suspicious activity. If a user’s email address is changed. By default, the Gravatar profile photo will update to reflect the photo associated with the new email address. If the old and new email addresses both use the same photo within Gravatar, you may not notice this change. Speaking of your profile picture, by default, changing your profile picture is tied to your Gravatar account. To learn more about using Gravatar, visit en.gravatar.com. Now let’s talk about adding a new user. On the user menu in the dashboard. You can select Add new, or in the sidebar here, click Add New. On the add new user page, create a new user by assigning them a username. This being the name they will use to log into WordPress, invalid email address, and any other optional details. Choose an appropriate role for this user. Remember that a user’s role determines their abilities within the WordPress website, for example, whether they are only allowed to read content, or whether they can edit or post their own content. The default role of a new user will be subscriber unless you’ve changed this preference within settings, under General and under new user default role. When you filled out the required details, click the Add New User button at the bottom of the page to save the user. Keep in mind that once the user account is created, the username cannot be changed. By default, the new users password will be automatically generated and hidden from you. If you need to know the user’s password, or intend to create a custom password, use the show Password button. This is an optional step and is not typically necessary in the user creation process. A few things to note here. First, a new user will automatically be sent a welcome email by WordPress with their new login information including the generated password, the user will be prompted to login and to change their password to one of their liking. If you if you have assigned them a custom password, they will still have the ability to and will be encouraged to update their password. Next, if you’d like to suppress the welcoming email, you may uncheck the send the new user an email about their account option below. This step is not typically recommended, but may be useful if you’re adding many users in preparation for a website that is not ready to be revealed to its users. Be aware if a user has not been sent a welcoming email, they may still use their email address to recover their login credentials. Sometimes it is necessary to change an existing user’s role within WordPress. common use cases for this are a user account that needs to be disabled temporarily without deleting the user. Or a user is being promoted within the WordPress website from a more restricted role like subscriber to a role allowing content editing capabilities.

Update a user’s role by locating their profile within the users table. Remember that you want to go to users all users. In the users table. A user can be found using the search users function by browsing through the list of users manually, or by filtering the list of users by role. to filter by role click on the appropriate role. Above the users table. You may see administrator, author, subscriber and other roles if you have them. When the user is located. Click on The users name to edit their profile. On the profile editing screen, scroll down to the roll drop down to choose a new role for the user. At the bottom of the page, select Update user to apply any changes. One thing to note here is that you cannot downgrade or otherwise restrict your own administrator account while logged into that account. To modify your own administrator account, you’ll need to create a new administrator account or use another existing administrator account to login and downgrade or otherwise change the permissions of your administrator account. To disable a user without deleting them from the users list, follow the steps for changing a user’s role. This time however, you’ll select no role for this site as the new role. This role will still allow logging into the WordPress site that they will not be able to access the administrative area, effectively freezing their account and access to their content, which will still exist on the website. Note that to fully prevent account access, you would need to change the user’s email address and password. While changing the password temporarily prevents them from logging in. Changing the email address will prevent them from regaining access to their account through the password recovery process. From the users table, you may choose to modify the role of multiple users. This is possible using the checkboxes. Select the checkboxes next to any users for whom you would like to change the role. Use the change roll to button above and select a new role for these users. click the Change button to the right of the selected role to apply the change. When removing a user from your WordPress website, you’ll need to decide what to do with any content they’ve authored, including posts, pages, comments or other content types. First, locate the user to be removed, hover over their username and click Delete. On the next screen, you can confirm the deletion. However, if the user being deleted has content associated with their account, you’ll want to determine how to reassign their content to another user as author. As part of the deletion screen, you have two options. First, delete all content. This option removes any pages, posts or comments this user has created. This option is less common in most situations. Your other option is to attribute all content to another user. This option allows you to choose another user within your WordPress website to attribute this content to instead. Choosing This option will change the author of pages and posts from the deleted user to the user you select in the provided drop down. Click Confirm deletion to delete the user. Just as you have the ability to change the role of multiple users from the users table. You also have the ability to delete multiple users and to assign all of their content to another single user. From the users table. Select the checkboxes next to each user in your list that you’d like to delete. Do keep in mind that you cannot delete your own user account. With the bulk Actions button at the top of the users table, select delete from the drop down. Click the Apply button to be brought to the Delete screen with any applicable options.

Click Confirm deletion. To apply all changes. You may be presented with options to reassign all content to an existing user. This option will apply your selection to all users you’ve marked for deletion. If you’d like to assign different users content to different existing users, you’ll need to select each grouping as its own bulk action. For example, select some users to delete an assign their content to user A, then return to the users table and select other users to delete and assign their content to user B. To manually reset a user’s password, or to change your own follow the same steps as editing a user’s profile. You may choose to change a user’s password at any time. First, locate a user to edit in the users table. Click the user name or hover over the user name to click on the Edit link. Scroll down to the password area. Click Generate password to be given a new random password. Optionally, you may customize this password by placing your cursor into the password field and typing in another password. If your new password is flagged as very weak or weak, then the password is too simple and may pose a security risk. To use a weak password, you’ll need to enable the Confirm Password option. For best security practices, a strong password is highly recommended. Click Update user to save your new password. Also note that anytime a user’s password is changed, the user will receive an automatic notification email alerting them to this change. That email will not reveal the old or new password to them. But it is a security feature to alert that user and give them the ability to contact an administrator if they feel this activity is suspicious. If you are changing your password in your own profile, you’ll have the additional option to log your account out of all devices except your current device. This is a recommended step particularly when changing your password. To specify which columns to view on the users table or to change the default number of users to list per page, use the Screen Options panel in the upper right hand corner. Click on screen options to open the panel. Optionally uncheck any columns you wish to hide from the users table. You can change the number of users to list per page in the results. For any change you make, click Apply. To save the changes. You can update the screen options at any time to reveal hidden columns or update the number of preferred rows of users. For additional modifications to viewing and managing the users table. There are many plugins available@wordpress.org. It is also possible to give visitors to your website the ability to register their own accounts to minimize the need for you to create new users. on the dashboard, go to Settings general. On the General Settings page, scroll down to membership. Check the box for anyone can register. Scroll to the bottom of the page and click Save Changes. Then instruct users to visit your website dot TLD backslash WP dash login dot PHP question mark action equals register to create their own account. Also note that depending on your theme, there may be a register like to invite visitors to the registration URL. This may be in your footer or within a sidebar widget. If you’re logged into WordPress with any account, including your own, you will not see the register link presented on the website when previewing the website. To look for the register link, you’ll need to log out of your account or browse to your WordPress website within another browser where you are not already logged into your account. Lastly, if you allow users to register their own accounts, it is recommended that the default user role to be subscriber unless new users should be allowed to create content within your WordPress website. A warning here though, do not allow new users to be automatically assigned to an administrator role as they would be able to disable or even delete your administrator account.

This brings us to the end of this Learn WordPress workshop on user management. Thanks for joining me today. I hope you are feeling comfortable with and prepared to manage your users. For more great content on how to use WordPress and built WordPress. Don’t forget to check out other Learn WordPress workshops or join a discussion group. Thanks!

  • Length 19 mins
  • Language English
  • Subtitles English

You must agree to our Code of Conduct in order to participate.



Presenters

Angela Jin
@angelasjin

An inveterate volunteer, Angela has a longstanding passion for building strong, inclusive communities. She joined Automattic in 2018 as a community organizer for the WordPress open source project, and adores working with WordPress communities around the world. Originally from Seattle, Washington, Angela is currently trying out Madrid, Spain, where she delights in learning Spanish, exploring by eating, and reading a good book.