The more users your have on your WordPress website, the more difficult it is to manage them. The administrative efforts required usually include controlling access, restricting ‘site-breaking’ settings, stopping users from modifying specific content, and more.
WordPress has user roles to let you set privileges and manage users. However, there are plenty of other ways to run a more efficient operation, without getting bogged down with user micromanagement, especially if you own an e-commerce of subscription based service.
In this article, we’re going to go over the challenges of managing a WordPress website with multiple users. Then we highlight four tips to help you do it more efficiently.
The Challenges of Managing a WordPress Site with Multiple Users
When we talk about ‘users’ in the context of this article we’re referring to people with access to your WordPress dashboard. They may be there to help you manage comments, publish new content, or whatever other tasks you assign to them. Depending on the scope of your site, having other people helping you can be a load off your shoulders. However, it also presents a couple of problems:
- The greater the number of people who have access to your website, the more exposed it potentially becomes, especially if those users don’t follow good security practices.
- Human error. Sooner or later, someone will break something on your website. Call it a mistake or ‘law of nature’, if you will.
As the administrator of your WordPress site, it falls upon you to prevent those issues. This means taking on an active role when it comes to user management. Let’s discuss this next.
4 Tips to Manage Your WordPress Users More Efficiently
Ideally, you’ll spend as little time as possible worrying about what your users are doing. This lets you focus on more productive tasks, such as coming up with new content and business ideas. However, to get there, you’ll need to figure out how to manage users efficiently. The following four tips should help!
1. Assign and Configure User Roles Carefully
For the uninitiated, WordPress includes a number of user roles:
- Administrator. This is the person with full access to the website.
- Editor. This role can publish and edit posts from every other user.
- Author. Can publish and manage only their own posts.
- Contributor. Contributors can write and submit posts for review, edit them, but not publish them.
- subscriber. The lowest tier of the totem pole only gets access to their own profile.
When considering which role to assign to a user, use the principle of least privileges on your WordPress website. For example, if you have someone whose sole job it is to write and publish their own posts, there’s no reason why they should get administrator or editor privileges. They should be assigned the author role.
This is easy with the default WordPress user roles. However, some plugins add extra roles. For example WooCommerce adds the ‘Shop Manager’ and ‘Customer’ roles.
As a rule of thumb, it’s usually a good idea to review user roles if you’re going to add new functionality to your website. In addition, some plugins enable you to create new user roles or modify existing ones, such as User Role Editor.
With this plugin, you can for example, give a user the ability to make changes to your active theme. This level of granularity is not available in the default WordPress roles, and you don’t want to give other people admin access. So your best bet is to create a custom role.
2. Monitor Users With an Activity Log Plugin
The more users you have, the more activity there will be on your site. However, without any logs or record it is difficult to ascertain the exact activity that takes place.
Logging isn’t included in WordPress by default on WordPress. So you should install the WP Security Audit Log plugin to keep a record of every user change that happens on your website.
The WP Security Audit Log plugin keeps a log of every event on your site. It also have a dedicated sensor to keep a log of changes done on WooCommerce stores and products. However, it is a fully configurable plugin so you can easily tweak it to only record and notify you on the things you want.
3. Enforce Strong Password Policies
A surprising percentage of people have horrible password habits. The more users you have on your website, the greater the chance that some are putting it at risk due to weak passwords.
Out of the box, WordPress tells you if you’re setting a weak password. However, it doesn’t have a way to enforce a strong password. The easiest approach – as is often the case – is with plugins. Install the Password Policy Manager for WordPress.
With this plugin you can configure policies for the types of passwords users can set. For example, you can configure minimum password length, force users to use mix characters, set passwords to expire and more.
Keep in mind though, that research shows that length is the primary determinator when it comes to a secure password. If you want to diminish the chances of security breaches, you might want to set a minimum password length of 15–20 characters. This sounds like a lot, but it’s also a good excuse to start using a password manager if you’re not doing so yet!
4. Disable dormant WordPress users
If you have an e-commerce solution, sell software, or run some sort of subscription service on your website you’re inevitably going to end up with hundreds, and possibly thousands of users. Some of them will definitely be active. However, what about neglected dormant WordPress users? What happens to ex-customers, or those subscribers who just login once a year?
Unused accounts are an easy target for malicious attackers because their password is never changed and no one notices them if they are hijacked. So they are a prime target. Unfortunately it is not always possible to delete inactive users on your WordPress website.
However, you can still safeguard your website against this security issue. You can enable the dormant users policy in the Password Policy Manager plugin so inactive users are locked. When locked, inactive users cannot login or reset a password, hence they can no longer be hijacked by users. Should such users be needed again, the administrator can always unlock them for them to be used again.
Better Managing Your WordPress Users
It’s always great to have other people helping with the day-today running of your website or eCommerce store. However, this also means you’ll have to take on a more active role in managing users. WordPress provides you with some basic functionality to help you run multi-user websites, but it’s an area you’ll need to bolster using some third-party plugins.
If you want to manage your WordPress users more efficiently, here are three tips to improve your current process:
- Assign and configure user roles carefully.
- Monitor users with an activity log plugin.
- Enforce strong password policies.
What do you think is the number one rule for managing WordPress users? Share your thoughts with us in the comments section below!