How to Make WordPress User Roles More User-Friendly
User roles are the settings that determine what each user can and cannot do within your WordPress installation. When users log in to WordPress they are presented with a page showing all of their roles. This page contains a list of all the user roles along with the level of access each one grants. There are five distinct user roles: Admin, Author, Contributor, Member, and Subscriber. You can assign each role to a group of users or to individual users so you can control what they can and cannot do on your network. This article will teach you how to make the roles more user-friendly so anyone can easily figure out what each one does.
Why Should User Roles Be User-Friendly?
The fact is that not all WordPress users are created equal. Some users are much more experienced than others, and with more experience comes comes more knowledge. If you don’t want experienced users to have complete access to your WordPress installation then you should deny them the ability to log in with the super user account. This way they will not be able to misuse the permissions that come with it.
Similarly, if you are worried about less experienced users accidentally making changes to your WordPress installation then you should limit their access to the backend. Giving them limited access to the backend will stop them from installing plugins and changing settings unless you specifically tell them to do so. Front-end access is given to all users by default, and this includes the ability to change themes, create new posts, and upload images. Limiting access to the frontend will stop inexperienced users from accidentally causing trouble.
How Do I Make User Roles More User-Friendly?
To make user roles more user-friendly you should start by changing the way users log in to WordPress. When they log in for the first time they should be presented with a login page that looks like this,
Then, if they log in with Facebook or Google, they should be presented with a page that looks like this:
The reason that the login pages look differently is because we are restricting access to certain roles. Because we don’t want experienced users to have access to the backend, we are preventing them from logging in with the super user account, so we show them an error message. We are also preventing them from changing the appearance of the site unless they are an admin, and because we don’t want them to be able to upload media to the site (which would make it much more difficult to manage), we show them an error message when they try to upload a file.
On the contrary, if they have been given front-end access (which you can determine by looking at the user roles in your WordPress administration screen), they should be able to log in with either method without any problems. The login pages will look the same, and once they log in they will see all the site’s content as usual.
The next step is to change how users access content. If they have been given front-end access (i.e. they can view posts and upload media to them) then the best way to limit their access is to prevent them from changing the site’s theme. WordPress comes with a built-in option that allows you to choose a theme for your site, and if you don’t like the theme WordPress provides then you can choose another one, but you can’t go back once you made the selection. Changing the theme means changing everything from the fonts to the colors, and it can be a hassle to do so if you aren’t careful. Limiting access to the theme makes it more difficult for users to alter the look of the site without having some prior knowledge, so it’s in your best interest to keep the theme locked down.
User Roles and Access Control
Keeping a close eye on what each user can and cannot do is essential when it comes to maintaining an efficient WordPress network. To that end, you can use the Role Editor, found within the WordPress administration panel, to easily change the permissions of each user role. As a plugin developer yourself, you know how important it is to have complete control over your code and the data within it. The Role Editor gives you this power by allowing you to determine exactly what each user can and cannot do on your WordPress website. If you want to disable a user role you can do so from the Role Editor; however, you should only do so when necessary.
Enforcing User Roles Through Filters
One of the most useful things that the Role Editor provides is the ability to filter users by their roles. For example, if you notice that a certain user is always causing problems on your site by changing important settings or posting spam, you can block them from ever accessing the admin backend or the WordPress database through the use of filters. You can use the Role Editor to create a role called ‘staff’, and then apply the ‘staff’ filter to that user. Doing this will prevent them from accessing the admin backend or the WordPress database. It is important to block this user from accessing these vital parts of your network, as they can cause a lot of unnecessary damage. Blocking these parts of the network, however, does not mean that you want to completely lock down your site; it means that you want to be more selective about the users that can access them. It is a good idea to create separate filters for each user role, so you can easily find and disable the specific role that is causing problems on your site.
If you follow the steps outlined in this article you will make WordPress user roles more user-friendly. This will not only improve the experience of the people that use your network but it will also make it easier for you to keep control over your site. Additionally, you will be able to keep an eye on what each user can and cannot do, which will help maintain some level of security on your network.