How to configure user roles with best practices?
There are three ways to manage user roles in WordPress. These are as follows:
Add users from the WordPress dashboard
It is recommended to follow the following steps to add, edit, and delete users from your WordPress admin panel:
After logging in to the WordPress admin area, click on "Users" and choose the "Add New" option.
Next, fill out the form with all the requested data for the new user, password settings, and assigned role. Then, click on "Add New User" to save it.
Once you have added the new user, you can edit their information or delete them by selecting "All Users" from the dropdown menu.
To have greater control over user roles, you must apply one of the following methods:
Manually modify using a shortcode
If you want to have more options when configuring user roles, you must adjust the template file of your WordPress. To do this, insert code functions in your functions.php file.
WordPress provides you with five code functions that will help you customize user roles and their privileges. They are as follows:
add_role(): - Function to add a role.
remove_role(): - Function to remove a role.
add_cap(): - Function to add a privilege to a specific role.
remove_cap(): - Function to remove a privilege from a specific role.
get_role(): - Function to get information about the privileges of a specific role.
When writing any of these commands, you must also complete:
role: name of the role.
display name: the name of the role that will appear in the WordPress panel.
privileges: the concessions or permissions that the user will have in their role. If you want to add multiple privileges, you must use an array.
Later, we show you an example of a role called "Publisher". This editor can publish content or posts and pages:
For more information on roles and capabilities, we recommend visiting "Roles and Capabilities" on the official WordPress site.
To start using the codes, you must follow these instructions:
Once the code snippet is structured, go to the admin area and open the "Appearance" menu.
Click on "Theme Editor" from the dropdown menu and select the theme you want to edit. Then, open the "functions.php" file.
In the functions.php file, paste the code snippet at the bottom of the file's content.
Finally, click on "Update File".
NOTE: Be careful when editing the code snippet, as any syntax error can cause problems.
Using a user role plugin
Manual customization, using codes for user roles, allows for greater control. However, depending on your skills, the risks are much higher. To avoid any kind of risk, you can use plugins such as "Capability Manager Enhanced".
Capability Manager Enhanced allows you to configure the pre-defined roles in WordPress, as well as add user permissions according to your needs.
Once you have installed and activated the plugin, you can customize all roles from the WordPress admin area.
First, click on the "Users" menu and select "Capabilities". Then, you will see an editor that allows you to configure the role and add the corresponding privilege.
Recommendations for effective use of User Roles
Although user roles are very useful, when you have collaboration from multiple people on your site, it can create less security. An incident such as forgetting a password on a public computer can cause a major problem. There are some ways to maintain a secure website:
Use plugins: allows you to easily manage user roles whenever you want to change or force the logout of a user. This can be achieved by installing a security plugin. For example, All in One WP.
Limit the number of privileged users: you must control exclusive access to your site. It is essential to make informed decisions regarding users and their privileges.
Immediately revoke assignments to suspicious users: If you want to avoid abuse on your website, brute force attacks, and other hacking attempts, it is advisable to deactivate inactive users or those who repeatedly try to log into the admin area of your website without success.
By implementing the above, you can