One of the first things you need to do when you setup a new WordPress blog is create an administrator user and also remove the “admin” username if it exists. The “admin” username is created in many WordPress automatic installations by default and is exploited by a number of hackers. This tutorial will cover what you need to know to both create and remove users.
Creating a New User
To create new users in WordPress you will need to be logged in with a username that has administrator privileges. If this is a brand new WordPress installation, the username is most likely “admin”. You will want to create a new user with administrator privileges and then delete the “admin” username.
First click on “Users” in the left menu in WordPress.
Now that you are on the users page, click on “Add New”.
On the Add New User screen you will need to provide information for the new user.
Usernames
The username for your new user can be any combination of letters, numbers, and the underscore (_) character. In most WordPress themes the username is not displayed. Normally when displaying author credits on a post WordPress themes use the first and last name of the user. However, if there is no first or last name then the theme will display the username. Usernames cannot be modified once the user is created.
User Password
Your password should be a combination of lowercase letters, uppercase letters, numbers, and symbols. WordPress has a password strength indicator, when WordPress determines your password is strong it will turn green. For more information, see my tutorial on Creating Secure Passwords.
User Role
If you’re replacing the “admin” username, make sure you give this new user “Administrator” Role.
If you need help determining what role to give this user, here is a basic explanation of the privledges associated with each user role. As a rule of thumb, give users only as many permissions as they need. User roles can be changed at any time by an administrator.
- Administrator – An administrator has full access to the WordPress Dashboard, they can do anything and everything. This role comes with responsibility to make sure that you don’t break anything.
- Editor – Editors can edit, publish, and create Posts, Pages, and Comments. They have access to a limited number of plugins and cannot modify Widgets, Plugins, Users or blog Settings.
- Author – Authors can create posts, edit their own posts and publish their posts. They do not have any access to other posts, may have access to some plugins.
- Contributor – Contributors can create posts, edit their own posts but can not publish. This is a common user role on multi-author blogs.
- Subscriber – A subscriber only has access to their own user profile. They can not access Pages, Posts, Comments, or other areas of the WordPress Dashboard. These are generally only used with larger websites that have specific subscription options available to the general public.
If you would like more information on user roles, the official WordPress codex has detailed descriptions.
Once you have entered the information for the new user, click on “Add New User”.
After you click on “Add New User” you will be returned to the Users page and will notice that the user now exists.
Removing a User
Deleting a user is a straightforward process. First you need to make sure you are not logged in as the user you wish to delete. Also make sure that you are logged in as an administrator, as only administrators can add or delete users.
If you are logged in as the user you wish to delete, you can log out of WordPress by going to the upper right hand corner and hovering your cursor over the username. When you hover your cursor the username will expand and provide you two options, Edit My Profile and Log Out. Click on Log Out.
Now you can log in with an administrators username (not the one you want to delete). Once you have logged in, go to the Users page in WordPress.
Here you will see a list of the user accounts for the blog. Hover your cursor over the username that you want to delete and a pair of options will appear. The options are Edit and Delete. Click on Delete.
After you click on “Delete” you will be prompted to confirm the deletion. Here you should select “Attribute all posts to:” and select a user to attribute to them to. Then click on “Confirm Deletion”.
You will be taken back to the Users page and you will see that the username no longer exists.
Conclusion
Adding and removing users from WordPress is a common action and one that you will become comfortable with over time. It is important though to remember that strong passwords and not having have an “admin” username are important to the security of your WordPress website.