WordPress User Capabilities and Manager PlugIn

Depending upon what type of wordpress user you are you should be able to do all or some of the following capabilities; publishing, editing and deleting posts and pages, moderating comments, managing users, managing themes and plugins.

If the wordpress default users system doesn’t meet your requirements, then check out Thomas Schneider’s role manager plugin. This plugin allows you to edit the capabilities of existing roles, or even create completely new roles with arbitrary collections of capabilities!

Administrator, Author, Editor, Contributor, Subscriber – WordPress User Permissions

I hope the above website design information was of help to you.

Your Internet website marketing partner at ProNetUSA.com

WordPress User Permissions- Administrator, Author, Editor, Contributor, Subscriber

Listed below are the permissions for the five Word Press default users.

In order of most permissions first;

Administrator – Somebody who has access to all the administration features and mangement, including management of all the below users.

Editor – Somebody who can publish posts, manage posts as well as manage other people’s posts.

Author – Somebody who can publish and manage their own posts.

Contributor – Somebody who can write and manage their posts but not publish posts without getting individual post approval from one of the above first two listed users.

Subscriber – Somebody who can read comments/make comments/receive news letters.

WordPress user Capabilities and Manager PlugIn is available.

I hope the above wordpress website design information was of help to you.

Your Internet website marketing partner at ProNetUSA.com

Three tips to protect your WordPress installation

The below information as received in part from Matt Cutts.

Here are three easy but important ways to protect yourself if you run a WordPress blog:

1. Secure your /wp-admin/ directory. What I’ve done is lock down /wp-admin/ so that only certain IP addresses can access that directory. I use an .htaccess file, which you can place directly at /wp-admin/.htaccess . This is what mine looks like:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
order deny,allow
deny from all
# whitelist home IP address
allow from
# whitelist work IP address
allow from
allow from
# IP while in Kentucky; delete when back
allow from

I’ve changed the IP addresses, but otherwise that’s what I use. This file says that the IP address (and the other IP addresses that I’ve whitelisted) are allowed to access /wp-admin/, but all other IP addresses are denied access. Has this saved me from being hacked before? Yes.
2. Make an empty wp-content/plugins/index.html file. Otherwise you leak information on which plug-ins you run. If someone wanted to hack your blog, they might be able to do it by discovering that you run an out-of-date plugin on your blog and then they could exploit that.
3. Subscribe to the WordPress Development blog at http://wordpress.org/development/feed/ . When WordPress patches a security hole or releases a new version, they announce it on that blog. If you see a security patch released, you need to upgrade or apply the patch. You leave yourself open to being hacked if you don’t upgrade.

And here’s a bonus tip: in the header.php file for your theme, you might want to check for a line like

” />

I’d just go ahead and delete that line or at least the bloginfo(‘version’). If you’re running an older version of WordPress, anyone can view source to see what attacks might work against your blog.

Hat tip to Reuben Yau and Shoe.

I hope the above information is of help to you.

Your Internet website marketing partner at ProNetUSA.com