Need to add a new user or author to your WordPress website? Well good news, it’s pretty easy. WordPress comes with a built in user management system that allows you to add users with a variety of roles and capabilities. This means you can safely add lower level users without compromising the security or functionality of your site. In this article we’ll show you how to add new users to your site.
Adding a new user to your site manually
There are actually a few ways to add a user to your site, but we’re going to focus on doing it manually. This is the best way to add a user if you only have a few to add. If you need to add a lot of new users, you’ll need to look into allowing them to register themselves. For now though, let’s stick to the manual method.
To add a new user, simply click on Users » Add New and proceed to fill out the form:
You’ll need to choose a username for the new user. This should be something easy for them to remember. We like to follow a set naming pattern – you can use their names in combination with periods or dashes… james.doe for example or george_washington. Once a username is set it cannot be changed.
Enter the users email. They will need this to receive notifications, set their password, and reset it if necessary.
First Name / Last Name / Website
These forms are optional to add when setting up a new user. These fields are editable in the future and the user can edit them when managing their own profile.
WordPress will generate a strong random password for the new user. You can either require your user to initially use this password or allow them to set their own.
- If you prefer to have them set their own, then simply leave the password as is. Keep the Send User Notification checkbox checked, and they will receive an email with a link to set their password.
- If you want to require them to use the generated password, you’ll need to send them their log in credentials separately. Click the Show Password button to see it, then copy it. Send them a separate notification with their username, password, and the log in URL. This will normally be something like
A note on passwords: It’s critical that strong passwords be used in WordPress, especially when granting Admin access. If you allow users to set their own passwords, make sure they understand the importance of using a strong password. You should have some kind of plan or requirements for your organization on passwords. See this article by Chris on strong passwords. It explains what makes a good password and offers options on password methodology.
Send User Notification
Sending the user a notification is a good idea. If you are having the user set their own password, this checkbox is a requirement.
The user role dropdown offers a set of roles to choose from. Each role offers a different set of capabilities that gives the user different access levels. Subscriber is the least capable role, while Admin is the most. Grant the new user only the role that they need. Give an author Admin access is an unnecessary security vulnerability that is easily avoided. See below for a rundown of the default WordPress roles.
WordPress User Roles
WordPress comes with a default set of user roles. Each have a different set of capabilities and access to the site:
An Administrator has access to all sections of the website and can perform all tasks. Do not assign this role to any user that you don’t trust. Don’t assign this role to users that don’t need to access all areas of the site. Some things an Administrator can do are: install or change themes, add new users, install plugins, and delete content.
Editors have access to all content on the site. They can add, edit, publish, and delete any post or page, including content written by others. Editors also have access to the comment system and can moderate, edit, and delete them.
Editors have no access to change site settings, such as plugins, themes, or users.
Authors can write, edit, publish, and delete their own posts. When writing blog posts, authors can add the article to the existing list of categories. They can add their own tags however. Authors can view comments, but cannot moderate, approve, or delete them.
Authors, like Editors, have no access to your site settings.
Contributors can add new posts as well as edit those posts, but they cannot publish their posts. They are also restricted from uploading media, which means they can’t add images to their posts. They have the same capabilities as an Author regarding categories, tags, and comments.
Contributors have no access to site settings.
Subscribers have a very limited set of capabilities. They can change their profile, including their password. They cannot create a post, view comments, or do anything else within the site.
The subscriber role is useful if you require users to log in before leaving a comment, or reading a post.
Customizing User Roles
The default user roles each have a set of capabilities that is diverse enough for most websites. But what if you need a different set of capabilities, or a new role all together? Luckily the WordPress roles and capabilities system is very flexible. Modifying these roles is easily handled using the Members plugin by Justin Tadlock. I won’t go into detail here on how to use Members, but know that it’s possible.
Reach out if you need help in creating a new user or especially if you need help with custom user roles.