Ver 1.0 Oct. 2014
Edited September 2015
One of the biggest issues facing schools with WordPress Multisites is the management of user accounts. This guide will hopefully set out a few ground rules and dispel a few misunderstandings. What questions have we missed?
1. Who can create user accounts?
User accounts can be created by network administrators and by blog administrators. However it is vital to understand that if an administrator on a blog (normally the class teacher) creates a new user account on their class blog, they MUST do so with a real email address. This is because WordPress sends out a confirmation email to any new accounts and this must be responded to before the user account is created. Since most primary schools do not give children their own email addresses, class teachers should not be responsible for creating accounts for the children in their class. In fact, we recommend using a spreadsheet to add children’s accounts in bulk (see notes below).
Network administrators are the only people who can create user accounts with dummy emails.
2. I want to add a new member of staff to my system
The easiest way to do this is for a network administrator to go to:
Network Admin > Sites > All Sites
Hover over the blog that you wish to add the teacher to and click “Edit”. Then click on the “Users” tab. You will then fill in either “Add existing user” if the user already exists on another blog, or “Add new user” if they are new to the school’s WordPress system.
Note that for an existing user you can simply start typing their username and the system will find the user for you. For a new user you are required to add an email address. The system will send the username and password to this email address. If you do not have an email address you can enter a dummy email. If you do so you must edit that user’s profile after you have created the user in order to manually set their password. You must then communicate this to the user.
You can also use this method to add a new pupil to a class blog. Remember, because you will be using dummy email addresses for children’s logins you must edit their profile and manually change their password after you have created the user’s login. You should also remember to add the child’s details to the class spreadsheet of user logins.
3. What to do when a member of staff leaves the school?
The only person that can delete a user account in a WordPress Multisite environment is a network administrator. However, be sure that you want to do this before deleting a user. This is because if you delete a user account you will also delete all their blog posts along with them. Therefore, the simplest thing to do when a member of staff leaves is to edit their profile and make two amendments. The first is to change their email address to a dummy email and the second is to change their password. The former removes their ability to recover a lost password and the latter revokes their access to the system.
It is important to note that if the member of staff leaving is also a network administrator you should revoke their network administrator privileges by unticking the box on their profile.
To access any user’s profile go to:
Network Admin > Users
Note: use the search box at top right to quickly locate a specific user account.
4. How do I find someone’s password?
The short answer is, you can’t. All passwords are encrypted for security reasons. If a member of staff forgets their password then encourage them to click “Lost your password” underneath the login screen.
If the person has a dummy email address associated with their user account they will not be able to reset their password themselves and you will need to change it for them. You do this by finding their profile and entering a new password. You will then need to communicate this to the user.
Important note: in the default setup for Creative Blogs sites children do not have access to their profile and so they are unable to change their passwords from that which was given to them when their account was created. It is imperative, therefore, that you keep lists with details of children’s logins on and refer to these when a child forgets their password rather than changing it as you go.
Creative Blogs cannot print off user lists or decrypt lost passwords for you. WordPress security does not allow it. Where we have created user accounts in bulk we will send you spreadsheets with those user accounts on them. We will not retain copies of these spreadsheets on our computers for data protection reasons.
5. What role should I give a user?
Whenever you create a user as in (2) above WordPress requires that you assign a user a role for them on the blog to which you are adding them. This can be one of the following:
Administrator: Has full rights to do anything on the blog including and up to deleting the blog. Note the limitations on an administrator’s ability to create new user accounts as discussed in (1) above.
Editor: Has full editorial responsibilites including the ability to approve posts and moderate comments. They cannot change the design or settings on a blog.
Author: Can write, publish and edit their own blogposts but not those of others. They can add media such as pictures to blogposts.
Contributor: They can write and edit their own blogposts but their posts require the approval of an Editor or Administrator before they can be published. Once published the contributor may not edit their post anymore. Contributors cannot add media to their posts for several reasons (click here to read an article about this). Important note: unless further security measures are added to your WordPress Multisite, contributors are able to view all comments including unmoderated comments on their posts. Creative Blogs uses a plugin called Easy Blogging to mitigate this.
Subscriber: Used rarely in schools, the subscriber role simply gives somebody membership of a blog. It is used to give users a login to private blogs or to give a user the ability to comment on a blog where commenting is restricted to members only.
Roles are applied on a blog by blog basis: i.e. a user could be an administrator on one blog and an editor on another. For a full list of the different capabilities of each user see this list on WordPress.org.
6. How do I add users in bulk?
We recommend using the Add Multiple Users plugin to do this. The plugin has not been updated for over 2 years but we have used it with current Multisites running WordPress 4.0 without problems.
Important note: it is vital to have a protocol for usernames when creating users in bulk. This will enable you to easily identify which yeargroup a particular user account belongs to. Without this being part of the username the end of year process when moving users from blog to blog can become almost impossible. Here is a brief discussion on how to set up usernames and passwords.
7. How do I add existing users to a new blog
To add an individual user (new or existing) to a blog follow (2) above. To add existing users in bulk to a new class blog use the Add Multiple Users plugin choosing the “Add from netwotk” option. See this tutorial.
Note: if a new child arrives and you add them as an individual new user to a class blog (as in (2) above) it is important to add their details to the spreadsheet of children’s logins for that class so that you have a record of their username and password. Children cannot retrieve lost passwords, see (4) above.
For a full protocol on year end procedures including adding children to new class blogs see this extensive guide.
8. How do I make someone a network administrator?
Only another network administrator can create a network administrator. Go to:
Network Admin > Users
Locate and edit their user profile and tick the box allowing Super Admin privileges.
Important note: this should not be done lightly. Only grant super admin privileges if the person is going to be responsible for managing the network. An untrained super administrator can wreak havoc very easily on your network. Consider attendance on a Creative Blogs WordPress Multisites Admin course as mandatory before granting someone the ability to manage your entire WordPress Multisite platform.
9. What to do when children leave
In the same way as when a staff member leaves, if you delete a child’s account you will delete all their content with them. This is something that you are unlikely to want to do. We would recommend that you create an archive menu for all old class blogs (see step 8 in the year end tutorial guide). You may wish to go one step further and remove the ability for those children to post on their old class blog by following Step 2 in the year end tutorial guide.
Training and contact details
To book tailored WordPress training and consultancy for your school or business contact:
John Sutton Creative Blogs Ltd Mill House Hornby Road Claughton Lancashire LA2 9LA
Mobile: 07894 222 671
Published under a Creative Commons Attribution-ShareAlike 4.0 International License.