This WordPress beginner tutorial focuses on the very first steps you’ll need to take in order to get started with managing your website.
If you’ve logged in to WordPress a few times already you might not find much new information here; however you might find the discussion about password best practices and user roles useful.
Table of contents:
- What you’ll need to get started
- Logging in to WordPress
- Editing your user profile
- Understanding roles and capabilities
What you’ll need to get started
Managing the content of your WordPress website is done through the WordPress Admin back-end. This is where you can publish blog posts, update pages, install new plugins and change the general settings of your website. If you have an ecommerce system installed, you’ll also be able to view your latest orders and customer details from the back-end too.
Access to the back-end should always be restricted to the smallest number of people possible. This is because it provides many powerful tools that allow privileged users to make significant changes to the website structure and content, and these are not tools you’d want falling into the wrong hands. If you want to play a role in managing a WordPress website, you’ll need two things to get started:
- A user login
- The login URL for the website you want to manage
If you installed WordPress yourself, you’ll already have an administrator account which you created when you ran the installer. Alternatively, if your website was set up by somebody else, then they should’ve given you login details for an account that has appropriate privileges for the kind of tasks you’ll be performing on the site.
If you don’t have a set of login details for your own exclusive use, ask a site administrator to create an account for you. Never log in using an account that belongs to somebody else — doing so increases the risk of their password being exposed to an unauthorised party. It also takes the accountability out of the account — if something goes wrong, how will you know who did what if more than one person uses those login details?
Logging in to WordPress
Some WordPress sites feature a link to the admin login prompt on every page of the website, often in the footer or sidebar. I don’t tend to set up websites in this way simply because I prefer not to shout about the fact there’s a nice juicy admin panel running behind the websites I build. This move won’t stop a hacker with any degree of competence, but it does help to prevent my sites from being one of the first pieces of ‘low hanging fruit’ picked from the tree.
So whether your website has a link to the admin back-end or not, I think it’s best to get into the habit of entering http://<your-domain.com>/wp-login.php into the address bar of your browser. You can then add this page to your browser bookmarks if you fancy, but it’s actually quite likely your browser will remember and suggest the address next time you start typing it anyway.
Now that you’re on the login page, enter your username and password (exactly as they’ve been given to you, capital letters and all), then hit ‘Log in‘. You’ll then be directed to the WordPress Dashboard, which is unique to you and can be customised to suit your preferences.
If the system won’t let you in, click on ‘Lost your password‘ at the bottom of the page. You’ll then be prompted to enter your username or email address that was used to create your account (if you know it). A link will then be sent to your registered email address from which you’ll be able to reset your password.
Editing your user profile
Once you’ve logged in successfully, you’ll be taken to the WordPress dashboard. From the left-hand menu, click ‘Profile‘ to be taken to the page that lets you edit your own user account. If your account has user management privileges, the menu will be different, so you’ll need to hover over ‘Users‘, then click ‘Your Profile‘ instead.
At the top of this page you’ll see some options for changing the colour scheme of your back-end and a couple of other options that aren’t really very important and probably shouldn’t be at the top of the page at all. Remember that the changes you make on this page apply to the user account you are editing. So for example, I might be happy with using the default colour scheme and have that saved in my account settings, and you might prefer to use the ‘Ecotplasm’ scheme — both of our preferences can co-exist peacefully.
Make a name for yourself
Scroll down a little to the ‘Name‘ section. Make sure you’re happy with how your name is spelled and choose how you’d like your name to appear publicly (e.g. the name that’s displayed on your posts and comments. The ‘username‘ can’t be changed, because it’s used internally by WordPress to reference your activity on the site.
Now, moving down to ‘Contact Info‘ make sure your account is using your preferred email address. This should be an account you check regularly. You may also enter your own website address if you have a personal site for example — some themes may display this extra information.
Additionally, some plugins such as the brilliant Yoast WordPress SEO plugin will add extra fields to this section, allowing you to enter links to your social media profiles for example. Some themes (including the bespoke themes we build at EggCup) will use this extra information to create icons that link to your social media profiles at the foot of every post you write. See my author biography at the bottom of this post for an example.
Tell us about yourself
This one’s not compulsory, but again certain themes (including my own) will use the information you provide here in the author biography that’s displayed at the bottom of each blog post and at the top of each authors’ blog feed.
Keep your password safe and secure
If your account was created by a site administrator who knows what they’re doing, your password is probably long, complex and very off-putting. My best advice is to change it straightaway (because you don’t want anybody else to know it, not even your site admin), but most importantly I implore you to resist the temptation to change it to something shorter or simpler.
A weak or exposed password is one of the easiest entry points for hackers to gain access to your website and accounts for a significant number of WordPress security breaches. It’s worthwhile reading more about choosing a secure password. Ideally, be sure to follow the recommendation in this linked article to use a password safe to generate and store secure passwords automatically — you’ll never look back, I promise!
Finally, and just to be clear: never give your password to anybody else, and never allow anyone else to use your account, even if you’ve logged in on their behalf. You might have the right attitude to cyber-security, but can you be certain they do too?
Because many themes display author profile pictures you might be wondering where the option is to upload one. WordPress itself doesn’t provide this functionality out of the box (although there are a few dusty old plugins knocking around that will do it). The reason for this is that WordPress (the company) wants you to sign up for Gravatar (which is owned by them). You may already have an account if you’ve ever signed up to WordPress.com.
If you would like your profile picture to appear next to your posts on your website, then the easiest way is to sign up with the same email address you use with your website login. Your WordPress website will then automatically pull across the image you provide to Gravatar and provided your theme makes use of it, you’ll see your profile picture appear next to your biography.
Understanding roles and capabilities
Not all user accounts in WordPress are created equal. For example, if you have guest bloggers or volunteers writing for you then you will need to create a separate account for each of them so they can each upload their own content and submit it for your approval. But you almost certainly don’t want anybody who’s external to your organisation to have the ability to modify pages, install plugins, or change your sites’ theme.
This is why WordPress employs roles to manage what actions particular users can and can’t take on your website. This way, you can allow people to have a login to your site, but at the same time restrict the actions they can take to a ‘needs only’ basis.
The rule of thumb is to only grant the privileges that an individual requires in order to do their job, and to never give them more authority than absolutely necessary. Keep in mind that access levels can always upgraded later as needs arise. And don’t forget the inverse is also true: if somebody has privileges they don’t need any longer be sure to relegate their authority immediately, especially if they leave your organisation.
This is a very basic overview of user roles within WordPress. If you’d like more information, you may wish to read ‘Roles and Capabilities‘ in the WordPress.org documentation.
- Admin: every WordPress site has at least one administrator, created when WordPress is installed. Have as few admin accounts as possible – don’t be tempted to grant all accounts and admin role in an attempt to save time – a compromised site will take a lot longer to fix!
- Editor: a role with senior publishing authority — he can edit and publish content, but has no control over site settings or plugins.
- Author: an author can publish her own posts, but nobody else’s
- Contributor: he has no publishing authority and can only draft out posts and submit for review by an editor
- Subscriber: can create comments on posts (in fact, you can force all commenters to sign up first). If a person has no official role within your organisation, this is the role that should be assigned to them
Well done! Logging in to WordPress successfully and getting a better idea about how your account is controlled and displayed is the first step to playing an active role within the administration of a website. If there’s anything in particular you’re stuck on, or still not clear about, don’t hesitate to contact us and we’ll do what we can to help.
Is there anything else you’d like to see covered by this tutorial, or a separate tutorial you’d like to see? Let us know in the comments below!