WordPress CMS – User Access Levels
The more I use WordPress the more I like it.
Recently I’ve been asked to do two web sites that have multiple access levels. One is for a graphic designer who wants a public site as well as things only her clients can see and things only her employees can see. The other is a private club that wants to give a very small amount of information to the public, and also wants separate access to information for two levels of membership. In both cases I used WordPress.
For the private club, I used the Role Manager plugin to create a Subscriber level that has access to pages marked Private, and another that has access to pages and posts marked Private. Thereby I created two levels of private access. See my article titled “Caveats for Emptors” for warnings about using the Role Manager plugin. You may prefer to use the User Access Manager plugin instead. I used it on the graphic designer’s site and will probably never use the Role Manager again.
To augment that, I added Peter’s Login Redirect plugin to both sites. This plugin allows you to redirect users to any page on the site by user name, role, numeric admin level, or “anyone else” (i.e. anyone not defined by the preceding criteria). The really nice thing about this plugin is not terribly obvious. If you have created a page or post that you only want one person or a defined group to see, you can send them there directly. Note that by default, links to pages marked Private will not appear in your WP navigation, and category links will only appear if there is at least one public post in the category. So, now you have a way of “hiding” information within your site. You could (for example) give your employees access to a category that contains protected posts about several projects and your clients a direct route to a specific page where their project is posted. Search the WordPress plugins directory for the words login redirect and you will find similar plugins that may better suit your specific purposes. Beware of Weasel’s Login Redirect as it requires the Role Manager plugin to work.
Finally in both cases I used the Hide dashboard plugin and removed the Meta links from the sidebar so that Subscriber-level visitors won’t mess with the login profiles.
Thanks WordPress!
This article copyright © John Nasta 2009 – All Rights Reserved
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
How about various editing-user roles? For instance I have a WordPress site w/ areas A, B and C (each a different page) and people that are Head Poo-Bah of A, Head Poo-Bah of B, etc. They each need to edit their own area, but shouldn’t have access to the other two.
I get the feeling the answer to this is, “Get a real CMS system,” but wanted to ask those in the know.
The WordPress Roles & Capabilities cover some of this. Someone with the role of Author can publish but they can only edit or delete their own posts. An Editor can edit or delete other Authors’ posts. That’s why I prefer not to define user groups by Role. There are also plugins that allow you to manipulate the capabilities for each role, but be careful because some of them let you do things that may not be easy to undo. There is an explanation of WordPress Roles & Capabilities here http://codex.wordpress.org/Roles_and_Capabilities
Thanks bunches, John!
Yeeeaaahhh … it’s just that’s the easy part. Today requirements of a CMS is much more. Here is a scenario that WP can’t handle.
You want one community site for sports fans: soccer, cricket and chess. Some of those that play cricket also play soccer and chess, some of those who play cricket also play soccer and/or chess.
On the top of that members from all groups take part in the fundraising activities.
Naturally, or sub-site-contributors and managers are overlapping too.
To keep the joint user-friendly, you want only one login for those, who are part of more groups. Also you would want the hierarchical management of the sub-sites. Some are top managers in one sub-site but only low end contributors in the other sub-site.
That’s what one is interested about.
Well, like my mother used to say “People in hell want free air conditioners but they’re not going to get them.”
I wasn’t aware of the Peter’s login redirect plugin but can definitely see how useful this could be when it comes to limiting access to certain pages, etc… The two plugins have nothing to do with each other really. You can use either one without the other.Thanks
Very useful plugin john. I was looking for a similar solution for my multi user interface blog. Its worth using for the multi leveled login. Thanks
Thanks for sharing – I wasn’t aware of the Peter’s login redirect plugin but can definitely see how useful this could be when it comes to limiting access to certain pages, etc…
I also wasn’t aware of the sidebar login plugin.
Take care,
Elise
No problem. Also check out the WP Hide Dashboard plugin.
Curious if you have advice about how to do the following:
WordPress site will have content which is password protected (news articles or press releases, for example). The organization wants to send out an e-newsletter with links to some of this content. And, they want any recipient of the newsletter to be able to access the content. So, in short, if a user navigates the site via a browser, the content in question would require login to view. But, URLs embedded into the newsletter would bypass the login and drill down directly to the content. Is that possible?
Thanks!
Sorry, I don’t know of any way to make content password-protected for some people and not for others.
Thanks for this very useful article !!! Exactly what I needed !
How do I use the Peters log in redirect with the user access manager.
Another thing, where does my login widget come from?
Thanks
Kris
Hi Kris,
The two plugins have nothing to do with each other really. You can use either one without the other.
If you want a login widget, try the Sidebar Login plugin.
HTH
[...] login redirect plugin based on user role http://johnnasta.com/blog/2009/wordpress/wordpress-cms-user-access-levels/ [...]
Very useful information. Thanks for this. You got a great blog .I will be interested in more similar topics.I’m very interested in CMS and all its related subjects.
[...] WordPress CMS – User Access Levels The more I use [...]