How To Control WordPress User Permissions Effectively Using The User Role Editor?
The WordPress user system controls what users can and cannot
do on your website. This includes administrative tasks, writing content,
approving content, plugin and theme management, and more.
Out of the box, there are Five User Roles available with
WordPress. I am sure you are all aware of these roles; however let us review
them quickly before moving on.
The five default user roles are!
1. Administrator
Has access to all administrative
options and features.
2. Editor
Can manage and publish posts. Traditionally,
editors review posts submitted by contributors and then schedule them for
review.
3. Author
Can publish their own posts when they wish.
4. Contributor
Can write posts but cannot publish them.
Instead, they need to submit their posts for review.
5. Subscriber
Has basic functionality such as changing
their profile and leaving comments.
Contributors are not permitted to upload files either.
Therefore, they cannot upload images to their articles. Due to this, I always
manually change the permissions of the contributor user role so that they can
upload images. The plugin I use to do that is User
Role Editor.
Once you have loaded a user role profile, you will see a
list of what a user assigned to that user role can and cannot do. To change
permissions for a user role, check or un-check the field for that capability.
All capabilities can be enabled or disabled using the “Select All” and
“Un-select All” buttons at the right hand side of the page.
Unfortunately, the default version of WordPress does not
allow you to change what particular user roles can and cannot do. Nor does it
allow you to create your own custom user groups.
This can be restrictive when running a multi author website.
Take the contributor user role, for example. The contributor user role allows
users to delete posts. This is not always ideal as a situation could arise
where a writer deletes their article after being paid for it (rare, but still
possible).
User Role Editor
User Role Editor can be installed directly through your
WordPress admin area. Alternatively, you can Download The Plugin From Official WordPress Plugin Directory and then upload the
files manually using file transfer protocol.
You will find User Role Editor under the Users menu once you
have activated the plugin.
The plugin is straight forward to use. The user role can be
selected at the top of the page. This list includes all default user roles and
any custom user roles you have created.
All core WordPress capabilities are displayed for each user
role.
|
User Role Editor does not only support core capabilities.
The plugin also lists capabilities for any additional functions you have
defined through your theme or through plugins.
Custom capabilities are listed in the bottom half of the
User Role Editor.
|
New roles and capabilities can be added and deleted through
the main User Role Editor page too. If you are basing a new user role on an
existing user role (e.g. author), you can choose to copy permissions from that
role. This saves you from having to enable all capabilities again.
New user roles can easily be created through the plugin.
|
Capabilities can also be defined on a user level. You will
see a link to the user capabilities page in the WordPress user list page.
For example, say you have a group of ten authors writing for
your blog. Each author sticks to the publishing schedule that you have
developed for your writing team, except one. That particular author does not
understand WordPress correctly and frequently publishes articles on the wrong
day or time. Rather than remove them from the author role or create a
completely new user role for them, you can simply remove the permission that
allows them to publish posts.
The capabilities of every user can be modified.
|
Controlling user permissions on a user level is useful when
you want to change the capabilities of a specific user.
A basic settings page can be found within the settings area
for User Role Editor. Settings include displaying the administrator user role
within User Role Editor, showing capabilities in a more readable form and
showing capabilities that have since been deprecated (i.e. capabilities that
have been superseded by more relevant capabilities).
A few basic configuration options are available.
|
The default roles settings page lets you define what user
role users are assigned when they sign up to your website. This can be useful
if you are using a forum plugin such as bbPress, but be careful about changing
the default user role from subscriber on normal blogs and websites, as you will
give permissions to anyone who signs up. On most setups, it is safer to
manually upgrade users to the desired user role instead.
The default role that new users are assigned can also be
defined.
|
If you have ever felt restricted by the default capabilities
of WordPress user roles, I encourage you to give User
Role Editor a try. It gives you complete control of the WordPress user
system and will help you manage your users in whatever way you see fit. Make sure to comment your suggestions in comments if you have any.
No comments:
Post a Comment