Categories
Open Source WordPress

WordPress: Users or Losers

Administering a WordPress site isn’t easy, and for anyone new to the application that is expecting a straightforward website building experience, they’ll be in for an unpleasant surprise. Whenever dealing with WordPress, it’s always important to remember its original purpose, publishing. That means whether you planned for it or not, user management is a fundamental skill that’s required if you want to have any success with WordPress. So what’s the best way to handle it?

Authentication

The best place to start is understanding the method by which people can access your site. Because WordPress’s core functionality is blogging, the application offers individuals outside of an organization the ability to create profiles, enabling users to follow posts and make comments. Any additional capabilities that are available to these users are managed by the site’s Administrator, which might be a new responsibility for anyone transitioning from Wix or Squarespace.

It all starts with deciding if visitors can create a profile. Yes, that’s correct, admins can toggle the ability for outsiders to create profiles by entering the Settings – General, menu, and checking, or unchecking, the “Anyone can register” option.

WordPress Setting Screen
The Membership Option in General Settings

If administrators decide to enable users to create profiles, it’s a best practice to install additional features that provide assistance with user management. Anti-span tools, as well as adding a second level of authentication, are the first steps in hardening access to WordPress. One of our favorite plugins on this topic is Simple Google reCAPTCHA by Michal Novak.

Setting up a Google Recaptcha Account will take some work, but the effectiveness of the plugin is great, and it’s free to use. ReCAPTCHA technology adds a puzzle to areas of WordPress that contain forms, asking users to complete basic interactions before being able to submit the data. Its addition to the profile creation and contact forms do a great job of preventing an explosion in fake users.

Authorization

After making sure the only people who can access WordPress are authentic, the next step is making sure they aren’t authorized to carry out any nefarious deeds. Every authenticated user is assigned a set of privileges called Capabilities. Capabilities determine if users are able to carry out certain tasks, like creating posts or adding users. Most user’s capabilities are predetermined based on which Role the user has been assigned.

Roles are categories of users that almost all applications use to quickly assign permissions to users. In the case of WordPress, most roles relate to publishing duties, like Author, Editor, and Contributor, but the default Role for new profiles is set to Subscriber. With that in mind, it’s not enough to simply have awareness of Roles, administrators have to know how to manage them.

As more plugins are added to a site, they create a variety of new Roles during the installation process. The plugins create these roles because the preinstalled ones are related to publishing, making them insufficient for their needs. At RTR Digital, we rely on Members, by MemberPress, to manage the Roles within our site.

Accounting

Lastly, there is accounting. Most people always associate the term, “accounting,” with money, but in IT, we use it in a different manner. When it comes to user management, accounting is about creating a log of interactions so administrators can associate them to individual users. For example, if a user changes their password, the application records that action in its log. Later, if that user has an issue with their credentials, the application has a method to show the last time changes were made.

Unfortunately, WordPress doesn’t offer a native feature for accounting, so a plugin is your only option for adding it to the application. Our recommendation is Simple History by Par Thernstrom. Simple History is a lightweight plugin that creates a log of any significant actions in WordPress and displays them on the Dashboard. Adding the Simple History plugin to WordPress will quickly open your eyes to the volume of bad actors in the IT space. Simply tracking the number of times a hacker tries to log in as “admin” will blow your mind, and give you a new perspective on the importance of security.

User Security

In fact, everything in this article is about providing a basic level of security to WordPress. It’s the responsibility of every administrator to provide their users with a level of security that keeps them safe. Even if you aren’t a security expert, the plugins mentioned in this article will get you heading in the right direction.

Information on important topics, like user management, is just a portion of the critical topics we cover in our WordPress Essentials eLearning. If you’re interested in learning more, click here.

WordPress Essentials Preview
Categories
Open Source WordPress

WordPress: Your Time is Now

Let me start by saying that I was never a fan of WordPress until Gutenberg. Considering the massive installed base of the application, that probably comes as a shock to most WordPress fans. So the fact I’m now putting so much effort into furthering its installation base is as big of a surprise to me, as it is to you. So what changed my mind?

Developing Dominance

Making a website building application that everyone can use is no easy feat, and WordPress has shown signs of early success by tackling the more difficult problems novice developers face. When it comes to developing website builders, handling developers of different skill levels, entering the application at different development points, creates a specific set of problems.

From a development perspective, website building applications develop in only one of two ways. One, they start where developers are writing pure HTML, and work their way towards a consumer-friendly, drag-n-drop method. Two, they begin as a drag-n-drop application, supposedly requiring no coding knowledge, and have to introduce developer-level tools to assist users down the road.

The problems these processes introduce are unique to both users and developers during the application’s transitional periods, and WordPress had always suffered from the former. As a developer, it was easy to build elaborate sites using built-in hooks, shortcode, and splash in a bit of custom HTML, completing the build process, but novice website developers struggled mightily.

Introducing Gutenberg

Once a website building applications choose a development path, for better or worse, they’re locked into that path until the end. WordPress’s ability to deliver a simplified blogging experience has always been its strong point, but design needs outside of that have been a bit of a pain point.

Introduction to The Block Editor

Beginners’ frustrations have always seemed to revolve around a single issue, the lack of a native page layout builder. Hearing the forum cries of, “I need a WordPress Expert,” in combination with the success of page builders, like Elementor, the WordPress Team officially integrated the Block Editor in WordPress version 5.0.

As I mentioned earlier, it was after the deployment of Gutenberg, now referred to as the Block Editor, that I began thinking WordPress would finally reach its potential. Until the Block Editor, I couldn’t imagine how users would ever escape the endless battle with broken themes and one-time support requests.

A Case for WordPress

If you were holding out on deciding which application to use to build your online presence, I’m here to throw my endorsement behind WordPress in 2020. Because of COVID-19, there has never been a better time to either, start an online business, or increase an existing business’s online exposure.

Whether you’re looking to make some money running ads on a food blog, sell your jewelry through an e-commerce platform, or enable online ordering for your food truck, WordPress is the place to start. Me, seeing WordPress only a couple more features away from total world domination, already decided it was time to jump on the bandwagon.

If you need an exact starting point, we’re happy to help. RTR Learning, a division of RTR Digital, has developed an eLearning course focusing on helping you get WordPress off the ground. You can find more information about the course by clicking here.