WordPress user accounts and logging in: a beginners tutorial

This WordPress beginner tutorial focuses on the very first steps you’ll need to take in order to get started with managing your website.

If you’ve logged in to WordPress a few times already you might not find much new information in this tutorial. However, you might find the discussion about password best practices and user roles useful.

Table of contents:

  1. What you’ll need to get started
  2. Logging in to WordPress
  3. Editing your user profile
  4. Understanding user roles and capabilities

What you’ll need to get started

Managing the content of your WordPress website is done through the WordPress Admin back-end. This is where you can publish blog posts, update pages, install new plugins and change the general settings of your website. If you have an ecommerce system installed, you’ll also be able to view your latest orders and customer details too.

Access to the back-end should always be restricted to the smallest number of people possible. This is because it provides many powerful tools that allow privileged users to make significant changes to the website structure and content. These are not tools you’d want falling into the wrong hands.

If you want to play a role in managing a WordPress website, you’ll need two things to get started:

  1. A user login
  2. The login URL for the website you want to manage

If you installed WordPress yourself, you’ll already have an administrator account which you created when you ran the installer. Alternatively, if your website was set up by somebody else, then they should’ve given you login details. Your account should have appropriate privileges for the kind of tasks you’ll be performing on the site.

If you don’t have a set of login details for your own exclusive use, ask a site administrator to create an account for you. You can refer them to this tutorial if they need guidance.

Never log in using an account that belongs to somebody else — doing so increases the risk of their password being exposed to an unauthorised third party. It also takes the accountability out of the account. If something goes wrong, how will you know who did what if more than one person uses the same login details?

Logging in to WordPress

WordPress login prompt
The WordPress login prompt

Some WordPress sites feature a link to the admin login prompt on every page of the website, often in the footer or sidebar. I don’t tend to set up websites in this way because I prefer not to advertise the login page location to all and sundry. This move won’t stop a hacker with any degree of competence, but there’s no sense in making their life any easier.

So whether your website has a link to the admin back-end or not, it’s best to get into the habit of entering https://<your-domain.com>/wp-login.php into the address bar of your browser. You can then add this page to your browser bookmarks if you fancy.

Now that you’re on the login page, enter your username and password (exactly as they’ve been given to you, capital letters and all), then hit ‘Log in‘.

Lost your password?

If the system won’t let you in, click on ‘Lost your password‘ at the bottom of the page. You’ll then be prompted to enter your username or email address that was used to create your account.

A link will then be sent to your registered email address. You’ll be able to use this link to reset your password.

Editing your user profile

Once you’ve logged in successfully, you’ll be taken to the WordPress dashboard. Your dashboard is unique to you and can be customised to suit your preferences.

From the left-hand menu, click ‘Profile‘ to be taken to the page that lets you edit your own user account. If your account has user management privileges, the menu will be different, so you’ll need to hover over ‘Users‘, then click ‘Your Profile‘ instead.

At the top of this page you’ll see some options for changing the colour scheme of your back-end and a few other options too. Remember that the changes you make on this page apply to the user account you are editing.

To give an example, I might be happy with using the default colour scheme and have that saved in my account settings. You, on the other hand, might prefer to use the ‘Ectoplasm’ scheme. WordPress makes sure that both of our preferences can co-exist peacefully.

Make a name for yourself

Scroll down a little to the ‘Name‘ section. Make sure you’re happy with how your name is spelled and choose how you’d like your name to appear publicly. This is the name that’s displayed on your posts and comments.

Your ‘username‘ can’t be changed. This is because it’s used internally by WordPress to reference your activity on the site.

WordPress edit user profile name
Choose your public display name carefully

Check your contact details

Now, moving down to ‘Contact Info‘, make sure your account is using your preferred email address. This should be an account you check regularly. You may also enter your own website address if you have a personal site for example. Some themes may display this extra information.

Additionally, some plugins such as the brilliant Yoast WordPress SEO plugin will add extra fields to this section. This will allow you to enter links to your social media profiles, for example.

Some themes (including the bespoke themes we build at EggCup) will use this extra information to create icons that link to your social media profiles at the foot of every post you write. See my author biography at the bottom of this post for an example.

WordPress edit user contact details
Some themes will display the contact info you add to your profile

Tell us about yourself

This one’s not compulsory, but again certain themes (including my own) will use the information you provide here. Where it appears can vary, but my theme uses it for the author biography. This is displayed at the bottom of each blog and tutorial post and at the top of each authors’ blog feed.

WordPress edit user biography
Establish yourself as an authority by writing a detailed biography

Keep your password safe and secure

If your account was created by a site administrator who knows what they’re doing, your password is probably long and very off-putting. My best advice is to change it straightaway. The reason being that you don’t want anybody else to know it, not even your site admin.

Whenever you change your password, I implore you to resist the temptation to change it to something shorter or simpler.

A weak or exposed password is one of the easiest ways for hackers to gain access to your website. Weak passwords account for a significant number of WordPress security breaches.

wordpress-user-password
Choose a strong password

For this reason, it’s worth reading more about choosing a secure password. Ideally, be sure to follow the recommendation to use a password safe to generate and store secure passwords automatically. You’ll never look back, I promise!

Finally, and just to be clear:

  • Never give your password to anybody else.
  • Never allow anyone else to use your account, even if you’ve logged them in yourself. You might have the right attitude to cyber-security, but can you be certain they do too?

How do I set my profile picture in WordPress?

Because many themes display author profile pictures you might be wondering where the option is to upload one. WordPress itself doesn’t provide this functionality out of the box (although there are a few dusty old plugins knocking around that will do it).

The reason for this is that WordPress (the company) wants you to sign up for Gravatar (which is also owned by them). You may already have an account if you’ve ever signed up to WordPress.com.

If you would like your profile picture to appear next to your posts on your website, then the easiest way is to sign up to Gravatar with the same email address you use with your website login.

Your WordPress website will then automatically pull across the image you provide to Gravatar. Provided your theme knows how to make use of it, you’ll then see your profile picture appear next to your biography.

Understanding user roles and capabilities

Not all user accounts in WordPress are created equal. For example, if you have guest bloggers or volunteers writing for you then you will need to create a separate account for each of them. They will then be able to upload their own content and submit it for your approval.

You almost certainly don’t want these users to have the ability to modify pages, install plugins, or change your sites’ theme. This is why WordPress employs roles to manage what actions particular users can and can’t take on your website. This way, you can allow people to have a login to your site, but at the same time restrict the actions they can take to a ‘needs only’ basis.

The rule of thumb is to only grant the privileges that an individual requires in order to do their job, and to never give them more authority than absolutely necessary. Keep in mind that access levels can always be upgraded later as needs arise. And don’t forget the inverse is also true: if somebody has privileges they don’t need any longer be sure to relegate their authority immediately, especially if they leave your organisation.

An overview of user roles

This is a very basic overview of user roles within WordPress. If you’d like more information, you may wish to read ‘Roles and Capabilities‘ in the WordPress.org documentation.

  • Admin: every WordPress site has at least one administrator, created when WordPress is installed. Have as few admin accounts as possible. Don’t be tempted to grant all accounts an admin role in an attempt to save time. Remember that a compromised site will take a lot more time to fix!
  • Editor: a role with senior publishing authority. They can edit and publish content, but have no control over site settings or plugins.
  • Author: an author can publish her own posts, but nobody else’s.
  • Contributor: he has no publishing authority and can only draft out posts and submit for review by an editor.
  • Subscriber: she can create comments on posts (in fact, you can force all commenters to sign up first). If a person has no official role within your organisation, this is the role that should be assigned to them

Conclusion

Well done! You’ve learned how to log in to WordPress and understood how your account is controlled and displayed. These are the first steps to playing an active role within the administration of a website.

Is there anything else you’d like to see covered by this tutorial, or a separate tutorial you’d like to see? Or, are you stuck on something and need help? Either way, don’t hesitate to contact us and we’ll make like eggs and get cracking!