Adding, Editing and Deleting Users

Table Of Contents

Introduction #

This user guide discusses how a user’s details are added, edited and if necessary deleted from SiteWorks. These tasks are undertaken via the Users Menu which is only accessible to users with Administrator access rights and is located on the left-hand sidebar of the Dashboard. In creating a new user reference should be made to information on a user’s role and the management of passwords.

To start the process, from the Dashboard, select Add New to add a new user, or All Users to edit or delete a current user.

Adding a New User #

Overview #

The only information required to set up a new user is a username and a unique email address. It is recommended that the u3a adopt a standard format for generating usernames and passwords. It is strongly recommended that the following process is followed to add a new user:

Detailed Consideration of the Process #

To add a new user, select Add New, which when selected allows the new user’s details to be added using the following screen

Assigning a Username and details #

Each new user is assigned a unique username. It is important to note that, once set, the user name can not be changed. The following points should be noted when assigning a username:

  • The username should be ten characters or more, and include a mixture of upper and lower case letters and numbers. Dashes (-), period (.), underscores (_) and ampersand (@) can also be used but other punctuation characters are not permitted in WordPress.
  • No part of the username should refer to (i) the u3a in general, (ii) the local u3a’s name, and (iii) the name and position of the user.
  • The user name is NOT case-sensitive. e.g. NightWatchMan and NIGHTwatchMAN are both accepted.

In addition, a unique email is required, all other information is optional. The user can customise this and add additional information by editing their Profile.

Assign a password #

A password for the initial login needs to be provided for the new user. This can either be a string of random characters generated by WordPress or a password manager or one based on the three-word principle.

  • Between 8 and 64 characters in length.
  • Includes at least one upper case letter, a lower case letter, a number and a punctuation mark.

Although WordPress provides a tick-box to confirm a weak password, the u3a SiteWorks configuration plugin overrides this and does not permit a new user’s password that does not meet the above requirements.

Further advice on password security can be found in the password management user guide and information provided by the UK National Cyber Security Centre.

Important: remove the tick from the box labelled Send User Notification. Email sent using this option may be rejected by the new user’s email account as spam or phishing emails, are often not delivered successfully, and may impact the server’s reputation, as discussed here.

Select the user’s Role #

It should be noted that any new user is assigned the Author role by default, the most restrictive available, unless changed by the Administrator

Confirm the new user. #

On completion, select Add New User. Additionally, check that an error message shown below is not displayed, If the following message appears at the top of the screen after selecting Add New User, the entered password has not been accepted and should be reentered.

Sending the information to the new user #

The user’s username and initial password should be sent using the email address held in the u3a membership records (i.e. Beacon or a similar system), ensuring that an audit trail is maintained. In addition, the username and password should be sent as two separate emails.

When the Administrator sends a new user their initial login credentials, the new user MUST be instructed to change their password via their user profile on the initial login.

Managing Users #

By selecting All Users, a list of all the users, is provided, showing their email address, role and the number of posts they have created.

To undertake a change, the user is selected by checking the box on the left to allow the User’s profile to be viewed, edited or have their role changed.

There is an additional function available from this screen, in particular, the Administrator may send a Password Reset email to a user who has forgotten their password. However, it is important to note that such emails may be rejected by the user’s email account and result in reputational issues, as these emails can be interpreted as spam or phishing. It is recommended that any new password must be sent using an email. If the u3a uses Beacon or similar, this route is preferred as the email will be recorded in the audit log.

User Profile #

The profile of a user provides a summary of all the information held for that person, i.e., Login Username, First Name, Last Name, Email, Login Password and Role. As with all software of this type, WordPress has options which do not apply to u3a users. A user can change all the information except the username and role, however, it is recommended to remain with the default settings. In summary, the available sections are:

  • Personal Options. Sets several editing and display options.
  • Name. Gives the username, first and last name and nickname of the user. When a post includes the author’s name, the Display name Publicly as needs to be set, options include:
    • Username
    • First name, Last Name, First and Last name, Last and First Name
    • Nickname
  • Contact info. This records the email that the user provided when they became a user. This can differ from the email recorded in the contact section (if the person is both a user and a contact). If a change is required, for example, a personal email account is changed, changes should be undertaken in consultation with the site Administrator, to ensure an audit trail is maintained. If a user has a personal website this information can be entered.
  • About the user. This allows individual users to set up a biography and image. It is strongly recommended that this is not undertaken as this information may be visible on external sites. In addition, the profile picture can be added, however, this requires setting up a Gravatar account, which is not recommended.
  • Account Management:
    • Allows the setting of a new password.
    • Provides the capability to logout a session on another device, e.g. a smartphone or another computer. Once selected, the user will only be logged in to their current session.
  • Application Passwords. Not required for SiteWorks users.

Deleting a User #

WordPress requires all pages and posts to be assigned to a user. When deleting a user, the Web Site Administrator should be aware that any content created by that user is also deleted, unless the administrator assigns the content to another user.

When the Administrator select delete from the options given when hovering over the user’s name, the following options are displayed:

  • Delete all content: permanently delete all the content generated by the user (i.e., there is no recovery from the bin option). It is advised that this option is not selected.
  • Attribute all contents to: this option will allow the administrator to assign all the content created by the user to be reassigned to any other user in the system. For example, if a group leader changes, all the content created by the outgoing group leader can easily be assigned to the new group leader, as long as that person has been added as a user before the original user is deleted. The user who will be taking over the content can be selected from the pulldown menu.

Once an option is selected, select Confirm Deletion.

Updated on 01/12/2024