WordPress: The Missing Manual (2014)
Part III. Supercharging Your Blog
Chapter 11. Collaborating with Multiple Authors
When you first create a WordPress site, it’s a solo affair. You choose your site’s theme, write every post and page, and put every widget in place. Your readers can add comments, but you’re in charge of starting every conversation.
You might like this arrangement (and if so, that’s fine), but WordPress also makes it possible for you to have friends, colleagues, family members, and even complete strangers contribute to your site. You can, for example, create a site where several people post content, or you could be more selective, letting some people write content and others review and edit it. You can also implement an approval system to check the work of contributors before it goes live, and you can even create an entirely private site that only the people you approve can view.
In this chapter, you’ll learn how to enable all these features by registering new people—not new visitors, but new WordPress users who have special privileges on your site. You’ll also consider WordPress’s more ambitious multisite feature that’s open to self-hosters only. With a multisite network, you can let other people create their own sites on your web server. For example, big companies can use the multisite feature to give each employee a personal blog. Essentially, the multisite feature lets a whole family of WordPress sites exist side by side, on the same domain.
Adding People to Your Site
A new WordPress website starts with only one member: you. You assume the role of administrator, which means you can do anything from write a post to vaporize the entire site. Eventually, you may decide to make room for company. Usually, you make that decision because you want to work with co-authors, who will write posts for your site.
Before you add someone to your site, though, you need to decide what privileges that person will have. WordPress recognizes five roles, listed here in order of most to least powerful:
§ Administrator. Administrators can do absolutely everything. For example, if you add a friend as an administrator to your site, he can remove you, delete all your posts, and switch your site to a Hawaiian beach theme. WordPress strongly recommends that every site have just one administrator, to prevent power struggles.
§ Editor. Editors have full control over all posts and pages. They can create their own posts, and they can edit or delete any post, even ones they didn’t create. Editors can also manage post categories and tags, upload files, and moderate comments. They can’t change site settings, tweak the site’s layout and theme, or manage users.
§ Author. Authors have control over their own posts only. They can create new ones and upload pictures, and they can edit or delete their posts anytime. Everyone else’s content is off limits.
§ Contributor. Contributors are a more limited form of author. They can create draft posts, but they can’t actually publish them. Instead, contributors submit their work for review, and an editor or administrator approves and publishes it. Sadly, contributors can’t upload pictures, even for their own posts.
§ Follower or Subscriber. These people can read posts and add comments. WordPress.com calls them followers, while WordPress.org calls them subscribers. If you run a WordPress.com site, it automatically notifies your followers about newly posted content (perhaps by email, depending on their personal preferences). If you run a self-hosted site, your subscribers won’t get any notifications, but they can opt in to an email subscription service (Signing Up Subscribers).
Now that you know what roles WordPress recognizes, you’re ready to start creating new user accounts. There’s one wrinkle, however. The steps you take for a self-hosted site are significantly different from the ones for a WordPress.com site. If you’re a self-hoster, continue reading. If you’re a WordPress.com fan, skip ahead to Inviting People to Join a WordPress.com Site.
In WordPress lingo, all of these different types of people—administrators, editors, authors, contributors, and so on—are users. Technically, a user is any person who has an account on your site. This account identifies the person and determines what he’s allowed to do. Everyone else is an ordinary, anonymous visitor.
FREQUENTLY ASKED QUESTION: THE ROLE OF A SUBSCRIBER
Why would I add subscribers? Can’t everyone read my posts and make comments?
Ordinarily, there are no limits to who can read posts and write comments. In that way, subscribers are no different from regular, unregistered guests. Yes, subscribers may get email notifications about your content (if your site is hosted on WordPress.com, or if you added the right plug-in to a WordPress.org site). But they certainly won’t get any extra privileges.
However, the situation changes in these special cases:
§ If you create a private site (Creating a Private Site), every reader needs a subscriber account. Without one, they won’t be able to see anything on your site.
§ If you restrict comments with the “Users must be registered and logged in to comment” setting on a self-hosted site, and you don’t allow Facebook or Twitter logins (Facebook and Twitter Comments), only subscribers can leave comments. This is a pretty severe restriction, and few sites use it.
§ If you add a social plug-in like BuddyPress (http://buddypress.org), you want to give accounts to as many people as possible in the hope that they exploit the plug-in’s enhanced features, like sharing content with friends and chatting in discussion groups. That’ll make your site feel more like a community.
Adding New People to a Self-Hosted Site
Using the dashboard, you can register new users, one at a time. You supply a few key details (like a user name, password, and email address), and let your users take it from there.
Here’s what to do:
1. Choose Users→Add New.
The Add New User page opens (Figure 11-1).
2. Choose a good user name for the person you’re inviting.
The best approach is to use a consistent system you can apply to everyone you add. For example, you might choose to combine a person’s first and last name, separated by an underscore (like sam_picheski).
3. Type in the person’s email address.
WordPress uses that address to send the person important notifications, including password resets.
4. Optionally, specify the person’s first name, last name, and website.
These are three descriptive details that become part of the person’s profile.
Figure 11-1. There’s nothing mysterious about the Add New User page. Here, the site’s administrator has typed in the sign-up information for a person with the user name dianejenkins and is specifying her site privileges using the Role drop-down list.
The emails WordPress sends often end up in an email account’s junk folder, because they contain links. You may need to tell new users to check their junk mail to find the messages with their WordPress credentials.
5. Type in a strong password. (See the box on A WordPress Password Is More Than a Formality for tips.)
When you create a new account, you must supply a password—WordPress doesn’t let people pick their passwords the first time they log in. However, if you check “Send this password to the new user by email,” WordPress emails the person her user name and password, along with a link to your site’s login page (Figure 11-2). (And even if you don’t ask, WordPress sends you, the administrator, an email with a record of the new user’s name and email address.)
Figure 11-2. Here’s the message WordPress sends to newly registered guests if you select “Send this password to the new user by email.” Sadly, WordPress doesn’t let you add a custom welcome message or any extra information.
If a frustrated user arrives at your site but doesn’t know his password, he can click “Lost your password?” on the login page. WordPress emails him a link that lets him pick a new password.
6. Pick a role from the drop-down list.
You can use any of the roles described on Adding People to Your Site.
7. Click Add New User.
WordPress creates the account, sends a notification email (if you chose the “Send this password…” option), and takes you to the Users→All Users section of the dashboard. There, you can review a list of everyone you ever added to your site. Point to a user name, and you see two straightforward links—use Edit to change the person’s account info and Delete to remove the account.
UP TO SPEED: HELPING YOUR PEEPS LOG IN
To log into your site, users need to request the login page. That means that if your site is at http://cantonschool.org, they need to visit http://cantonschool.org/login. Alternatively, people can go straight to the dashboard by requesting the wp-admin page (as in http://cantonschool.org/wp-admin). In that case, WordPress asks them to log in before they can continue.
If you have a lot of users who haven’t used WordPress before, you may need to help them find the login or dashboard page. Here are two good options:
§ You can create your own welcome email message that contains a link to the login page, and send it to everyone. Use your favorite email program or get the Email Users plug-in (http://tinyurl.com/emailusers), which lets you send a mass email to all your users at once. This plug-in is a big help if you don’t have their email addresses handy.
§ You can add a link that goes to your login page. Put that link in the main site menu, or add the link to a sidebar using a Text widget (The Text Widget) or a Custom Menu widget (The Custom Menu Widget). Make sure you give your link some descriptive text that clearly explains why the person needs to log in, like “Log in to write your own posts” or “Log in as a contributor.”
You might want to add one other detail when you add a new user: changing the name WordPress displays when that person contributes content.
When your site has a single author (you), there’s no reason to attach the author’s name to every post. But once you have multiple people contributing to your site, it’s important to distinguish one author’s work from another’s. The standard year themes (like Twenty Twelve) handle this gracefully: As soon as your site publishes posts from more than one person, it modifies the text it adds to every post to include author information, like this:
This entry was posted in Uncategorized by mpm_site_admin. Bookmark the permalink.
Ordinarily, WordPress identifies a post author by his user name, which often makes for a lousy byline. Fortunately, you can choose something more meaningful and readable (both for you and your visitors). Here’s how:
1. Choose Users→All Users.
WordPress opens the Users page and lists everyone your site recognizes.
2. Point to the user name of the person whose info you want to change, and then click Edit.
The person’s profile page opens, where you see all her settings. You can tweak her personal preferences, like the dashboard’s color scheme and proofreading settings, but you probably won’t worry about these details—instead, you’ll let invited people configure their own profiles. But the person’s nickname affects the readability of the site for all your visitors, so it’s worth getting it right.
3. Choose an option from the “Display name publicly as” list.
For example, you can replace the WordPress user name from the previous example (dianejenkins) with the first name only (Diane), the last name (Jenkins), or a combination of the two (Diane Jenkins).
If you don’t see an option you like, type the name you want into the Nickname box, exactly as you want it to appear (for example, “Di Jenkins,” “Miss J,” or “Super Shorty”). WordPress adds the new nickname to the entries in the “Display name publicly as” list. To use it in place of her registered name, choose it.
4. Click Update Profile.
Your change is official.
You can change an author’s name anytime. The change affects all the posts the person has written—the next time you view a post, you see the new name in the byline. This is one of the benefits of dynamic websites like the ones you create with WordPress—they’re intelligent enough to keep everything up to date.
Inviting People to Join a WordPress.com Site
Before you can register someone as a user on your WordPress.com site, that person must have a WordPress.com account. Some people may already have one (they might, for example, have their own site or they may be following someone else’s blog). Non-WordPressers need to sign up, and they need to do it themselves—you can’t create a WordPress.com account for someone else.
Instead, your job is to invite people to become users. For example, imagine you invite two friends, Cathy and Sanjeev. Cathy already has a WordPress.com account, which means that all she needs to do is accept your invitation. WordPress then authorizes her to read, edit, or manage your site (depending on the role you grant her). On the other hand, Sanjeev doesn’t have a WordPress.com account, so WordPress asks him to create one. Once he does, Sanjeev can accept your invitation and become a contributor, just like Cathy.
You can invite one person or several at a time. The only rule is that if you create an invitation for several people, all those people must have the same role. That means you can invite a batch of followers all at once, or a group of contributors, but not a mix of the two.
To create an invitation, follow these steps:
1. Choose Users→Invite New in the dashboard.
2. Enter a list of email addresses, one for each person you want to invite, separated by commas (Figure 11-3).
If you invite someone who already has a WordPress.com account, you can supply his WordPress.com user name instead of his email address (either way, the invitation reads the same).
3. Choose a role from the Role drop-down list.
You can specify any of the roles described on Adding People to Your Site.
Figure 11-3. WordPress will send this invitation to three people, offering them the chance to become site contributors.
4. In the Message box, type a short invitation.
For example, if you’re inviting contributors, you might write “Come share your stories on my blog.” This note becomes part of the welcome message WordPress sends to each person on your list (Figure 11-4).
Figure 11-4. Here, site owner Charles Pakata invites Lisa Chang to contribute to his WordPress site, “The Real Estate Diaries.” If Chang clicks Accept Invitation, WordPress prompts her to sign in with her WordPress.com account (or to create an account if she doesn’t have one). She can then accept the invitation and become a contributor.
5. Click Send Invitation.
WordPress sends the invitation into cyberspace.
Below your message, on the same “Invite New Users” page, WordPress keeps track of whom you invited and how they responded (Figure 11-5). It keeps the records until you delete them (more about that in a moment).
If you think a previously invited person missed your email, you can ask WordPress to send it again by clicking Resend. If you want to revoke an invitation that hasn’t been accepted, click Delete. Now, if that person clicks the activation link in the invitation message, WordPress displays an error message.
Once someone accepts your invitation, you may choose to remove the record of the invitation (click Delete) so you can focus on the people who haven’t responded. Deleting an invitation for a registered user has no effect on that person—he remains registered on your site. (If you decide that you do want to take down an existing user, you need to go to the Users→All Users section of the dashboard and click Remove next to the persona non grata.)
The Users→All Users page shows all the administrators, editors, authors, and contributors you’ve signed up. It doesn’t include mere followers, because they have no special powers on your site.
Figure 11-5. Lazyfather invited three people to join his site. One has accepted, while the other two have yet to respond.
Working with Authors
The most common reason to add new users to your WordPress site is to get more content from more people. After all, new and interesting content is the lifeblood of any site, and by recruiting others to help you write it, you increase the odds that your site will grow and flourish.
As you already learned, all but one type of WordPress user (followers for WordPress.com sites, subscribers for self-hosted sites) can write posts. Whether you’re an administrator, editor, author, or contributor, the first step is the same: To write a post, you have to log in to the dashboard.
WordPress tailors the dashboard to the person’s role, so that each person sees only the menu commands he can use. For example, if you log in as a contributor, you see the stripped-down dashboard in Figure 11-6.
Figure 11-6. Different people see different versions of the WordPress dashboard. In this example, a contributor has logged into the Canton School site. This dashboard has commands for creating posts, reading comments (but not moderating them), and changing the contributor’s profile. It doesn’t offer commands for changing the site’s theme, its widgets, or its settings.
If you run a site on WordPress.com, every type of user can log in and see the dashboard, except followers. Why leave out followers? On WordPress.com, a person’s profile isn’t tied to your site—it’s actually part of that person’s WordPress.com account. For that reason, there’s no need for followers to use your site’s dashboard to change their profiles.
If you run a self-hosted site, every type of user can log in to the dashboard, although subscribers get just one option—the Profile command that lets them change their preferences and personal information.
Either way, the only type of user who can see the full, unrestricted version of the dashboard is an administrator—and, ideally, that’s just you.
The Post Approval Process for Contributors
Administrators, editors, and authors can add posts and pages to your site in the usual way. When they finish writing, they simply click Publish to make their content go live.
As you know, contributors have more limited powers. They can create posts but not publish them, which gives you a broad safety net—there’s no chance that bad content can get on your site, because you get to review it first. When contributors create posts, they have two options: They can save the post as a draft so they can return to it and edit it later, or they can submit it for review (Figure 11-7).
When a contributor submits a post this way, WordPress assigns it a special status, called pending. A pending post won’t appear on your site until an editor or administrator approves it. Here’s how you do that:
1. In the dashboard, choose Posts→All Posts.
2. Click the Pending link (Figure 11-8).
Figure 11-7. When a contributor logs in to your site, WordPress changes the familiar Publish button to a “Submit for Review” button.
Figure 11-8. When a contributor submits a post for review, it becomes a pending post.
3. If you see a pending post you want to review, click its title.
WordPress opens the post in the Edit Post window. Make any changes you want, from minor corrections to adding completely new content.
4. If the post is ready for prime time, click Publish.
This is the same way you publish your own posts. In this case, however, the newly published post will have the original author’s byline, even if you edited the post.
If you make changes to a post but you’re not quite ready to publish it, click “Save as Pending” to store the edited version. You might do this to add questions or comments to the author’s work, for example. You can wrap your comments in square brackets [like this]. Then the post author can make changes and re-submit the post.
Don’t be confused by the way WordPress uses the term “author.” Even though WordPress has a specific type of user called author, WordPress experts often use the same term to refer to anyone who writes a post on a WordPress site. Thus, administrators, authors, editors, and contributors can all act as post authors.
PLUG-IN POWER: BETTER WORKFLOW FOR REVIEWING POSTS
WordPress gives you the basic procedures you need to get multiple contributors working together on the same site, but the process has a few rough edges.
The problem is the workflow—the way a task passes from one person to another. Right now, it’s up to editors or administrators to go looking for pending posts. WordPress makes no effort to notify you that there’s content waiting for review. Similarly, if an administrator edits a post but decides it needs more work, there’s no easy way to let the contributor know that you need a rewrite. And when you do publish a pending post, WordPress once again fails to notify the original author.
WordPress’s creators are aware of these gaps, and they may fix them in future versions of the program. But because the contributor feature is a bit of a specialized tool, those fixes are low on the list of WordPress priorities.
However, if you run a self-hosted site and want to implement a better system, there’s a plug-in that can change everything. It’s called Edit Flow (http://tinyurl.com/editflow) and it adds the structure you need to manage a multistage review process, including:
§ Custom status notices. Instead of designating a post as Pending or Published, you can give it a status that reflects its stage in your organization’s workflow. For example, if you run a news site, you might want posts to go from “Pitched” to “Assigned” to “Pending Review” to “Published.” Edit Flow can help manage that sequence.
§ Editorial comments. Edit Flow lets people attach brief notes to a post as it whizzes back and forth between them (as in “I love your post, but can you expand on paragraph 3?”)
§ Email notifications. Edit Flow can send notifications at key points in the review process—when authors submit new posts for review, when an editor publishes a post, when an editor places a comment on a post asking for changes, and so on. On a bustling site, these emails keep the post review process running quickly and efficiently.
§ Calendar. If you want to make long-term content plans to ensure that there’s always something new on your site, the Edit Flow calendar can help you plan authors’ contributions.
Although Edit Flow is stuffed full of features, they’re arranged in a logical way, and you can find helpful information at http://editflow.org. If you need to coordinate the publishing efforts of a small or midsized group of people, don’t be afraid to give it a whirl.
As you already know, authors and contributors are limited to editing their own work. But editors and administrators have more sweeping powers; they can dip into any page or post and make changes.
This setup creates the possibility of conflicts. An editor could start editing a post that a contributor is still writing. Or two editors could attempt to revise the same work at the same time. WordPress doesn’t have any post collaboration features—instead, only one person at a time can revise a post and save changes. To prevent one person’s edits from wiping out another person’s work, WordPress uses a simple post locking system.
Here’s an example of how it works. If Diane starts editing a post, WordPress takes note. Every 15 seconds, it sends a message from Diane’s browser to the server, which essentially says, “I’m still working!” (This message is part of an internal system called the Heartbeat API.) If Diane stops editing—say, she saves her work and navigates to another page, or she just closes the browser window without a second thought—the messages stop and WordPress realizes (within 15 seconds or so) that Diane has stopped working.
When you look at the posts on the All Posts page, WordPress shows you which ones are currently being edited (Figure 11-9).
Figure 11-9. WordPress adds a lock icon next to every post being edited. Here, WordPress makes it clear that dianejenkins is at work on the first post in the list.
Life gets more interesting when someone else joins the editing party. For example, consider what happens if Lisa attempts to edit the post Diane is working on. WordPress notices the conflict the moment Lisa picks up the post, and shows a warning message (Figure 11-10, top). Now it’s up to Lisa to decide whether she wants to wait for Diane to finish (by clicking “Go back”) or push her out of the way and take over (by clicking “Take over”; see Figure 11-10, bottom).
Figure 11-10. Top: Lisa tried to edit a post that Diane is editing. Now she has a choice.Bottom: If Lisa clicks “Take over,” WordPress boots Diane out of the editing window with this message.
When it comes to taking over a post, everyone is created equal. For example, if Lisa wants to take over the post that Diane is editing, it doesn’t matter if Diane is an administrator or a lowly contributor. Nor does it matter who created the post. As long as Lisa is allowed to edit the post, she’ll be able to wrest control from anyone who’s currently working on it.
Diane has no chance to stop Lisa’s post takeover. Once it happens, her editing session ends. All she can do is click “All Posts” to return to the post list. However, once Diane is back at the post list, nothing stops her from editing the same post again. If she does, she’ll see the same warning message that Lisa saw, informing her that someone else is working on the post. If she forges ahead, Lisa will be kicked out of her editing session.
Of course, the point of the post locking system isn’t for editors and authors to become locked in a series of dueling edits. Instead, it’s for times when someone still has a post open but probably isn’t editing it anymore. For example, if Diane starts revising a post but walks away from her computer for lunch, Lisa can still get some work done by assuming control of Diane’s work in progress.
WordPress has another tool that can help you manage successive edits. It’s called revision tracking, and it saves old versions of every post. You can step through a post’s edit history to see who changed a post, when the edit took place, and exactly what that person changed.
Revision tracking is particularly useful on sites that have multiple authors. (And it’s a life-saver when an overeager author overwrites another person’s work.) However, revision tracking works just as well on single-author sites, where it lets you review your own edits.
You don’t need to turn on revision tracking—it’s always at work. Every time someone saves a post as a draft, publishes it, or updates it, WordPress takes a snapshot of the post’s content and adds it to the revision history. WordPress may also take a snapshot of a post-in-progress as you edit it, but it won’t keep more than one copy of your post in this state. After all, you wouldn’t want to clutter your revision list with thousands of in-progress autosaves.
To see the edit history of a post, find the post in the All Posts page, and then click Edit. WordPress displays the revision history in two places (Figure 11-11):
§ The Publish box. Look here to find the number of revisions WordPress stored. Click Browse to review these snapshots in the Compare Revisions page.
§ The Revisions box. Check here to see a list of snapshots, from most recent to oldest. To inspect a revision, click the timestamp next to it.
If you don’t see the Revisions box, click Screen Options in the top-right corner of the page, and then add a checkmark next to the Revisions option.
FREQUENTLY ASKED QUESTION: CO-AUTHORING POSTS
What if several people edit the same post? Can they all be credited as authors?
Revision tracking is neat, but your readers don’t see any of that information. All they see is the name of the post author—the person who initially created the post. Even when someone else edits a post, it remains the property of the initial author. An editor or administrator can edit a post and attribute it to someone else, but you can’t credit two people as authors of the same post—unless you run a self-hosted site and you’re willing to fiddle with your theme, as explained next.
To create true co-authored posts, you need to take two steps. First, you need to add the Co-Authors Plus plug-in (http://tinyurl.com/co-authors-plus), which lets you designate multiple authors for any post or page. Second—and this is the hard part—you have to get your posts and pages to actually display the names of the authors who worked on them. To make that possible, you need to edit your theme, as the Co-Authors Plus plug-in explains (see http://tinyurl.com/ccr7896).
Figure 11-11. This post has been edited five times. In the Revisions box, WordPress tells you when each revision was made, and who made it.
The easiest way to study the changes made to a post is to click the Browse link, which appears in the Publish box next to the Revisions count. WordPress takes you to the Compare Revisions page (Figure 11-12). Initially, it compares the differences between the current version of a post (shown in green on the right) and the previously saved version (shown in red on the left).
Figure 11-12. On the right, WordPress highlights the newly added bits of text. On the left, you see the previous version of the post, which included just one of the three sentences it holds now.
Once at the Compare Revisions page, you can dig deeper into the post’s edit history. First, grab hold of the circle that sits in the small slider near the top of the page. To see an older snapshot, drag the circle to the left. For example, if you drag the circle one notch left, WordPress compares the previous version of the post (which it shows on the right) to the version it saved just before that (which it shows on the left). Keep dragging and you’ll go further and further back in time (Figure 11-13).
Alternatively, you can use the buttons on either side of the slider button. Click Previous to go one step backward in time and Next to go one step forward.
Figure 11-13. Every vertical line indicates a version of your post. Here, you positioned the circle over the second-oldest revision.
To revert to an older version of a post, drag the slider back until the version you want appears on the right, in green. Then, click Restore This Revision, which appears just above the snapshot’s content.
When you drag the circle, WordPress compares two successive versions of a post (the one you pick, and the one just before that). But WordPress also allows curious administrators to perform an in-depth comparison that puts any two versions of a post under the microscope. For example, you could compare the oldest version of a post with the newest.
To do that, turn on the “Compare any two revisions” checkbox in the top-right corner of the page. Two circles appear in the slider, representing the two posts you want to compare. Drag the two circles to the two snapshots you want to examine, and WordPress compares their content underneath.
Revision tracking has one drawback. Keeping extra versions of all your posts takes space. If you host your site on WordPress.com, this isn’t a problem, because your revision history tops out at 25 snapshots per post. After this point, WordPress tosses out the oldest snapshot every time it takes a new one. But on a self-hosted site, there’s no limit. If you’re an obsessive sort who revises the same post over and over, your revision history can balloon into hundreds of snapshots per post. Even if you have room for all these revisions (which you almost certainly do), it’s never a good idea to waste space in your WordPress database. An unnecessarily big database makes backups slower and can even slow down the overall performance of your pages.
Unfortunately, there’s no way to delete old revisions using the dashboard. Instead, you need a plug-in to clear out the bloat. Numerous plug-ins can do the job, but WP-Optimize (http://tinyurl.com/wp-opti) is a popular, versatile choice. It clears several types of old data out of your database, including old post revisions, old drafts, and unapproved comments.
Alternatively, you can tell WordPress to save fewer snapshots. For example, you could set WordPress to store a maximum of five revisions for each post. You can do that with a plug-in (try the straightforward Revision Control, at http://tinyurl.com/rev-control), or you can edit the wp-config.php configuration file using the process described on 5. Hide Passwords with SSL.
If you decide to edit the wp-config.php file, you need to add a line like this to the end of the file in your website folder:
This tells WordPress to store a maximum of five revisions per post. However, you can replace the 5 with whatever number you want. Or you can tell WordPress to never store any revisions by substituting this line of code:
define('WP_POST_REVISIONS', false );
Now you’ll never have to worry about database bloat from old revisions, but you’ll also lose the safety net that lets you recover content if you accidentally erase or mangle it.
Browsing an Author’s Posts
Once you’ve added a few authors to your site and figured out a way for them to work without stepping on each other’s toes, it’s worth thinking about what your multi-authored site looks like to visitors. How can they browse the work of specific authors, or find out more about the writers they like best?
The first issue—reading the work of a specific author—is the easiest to resolve. Just as you can view all the posts in a particular category or all the posts that have the same tag, so you can browse all the posts by a specific author. The easiest way to do that is to click the author’s name, which appears just before or after the post content, depending on the theme (Figure 11-14).
The name WordPress uses to sign posts is the author’s display name, which might be the person’s WordPress user name (the standard setting), her full first and last name, or a nickname. Users can configure their display names by editing their profile settings (Users→My Profile).
Figure 11-14. By clicking an author’s name (in this case, lisachang), you can dig up all the posts that the author wrote.
WordPress uses special web addresses to make it easy to browse posts by author. For example, if you click lisachang, WordPress adds /author/lisachang to the end of the site address, like this:
This is essentially the same way that category web addresses work (Browsing Categories and Tags Using a Web Address).
Now that you know how to get the posts for a specific author, you can make it easier for visitors to get them as well. For example, you could create a menu that has a link for each author, and then display that menu in the main navigation area of your site (Figure 11-15), or in a sidebar, with the help of the Custom Menu widget (The Custom Menu Widget).
Figure 11-15. This menu includes a link to each author’s posts, making it easy for readers to browse content by author.
PLUG-IN POWER: MORE WAYS TO BROWSE AUTHORS
The custom menu approach gives you a great way to create author post links. But if you’re building a self-hosted site, you may want to check out one of the many author-browsing plug-ins, which give you more display options and may save a bit of effort.
The Authors Widget (http://tinyurl.com/authorswidget) is a basic but effective example. It offers two display options. The first is a list that’s not much different from what you get with the Custom Menu widget, just slightly more convenient, and it gives you the option to show the post count next to each author’s name. The second display setting is an author cloud that works like the Tag Cloud widget (The Tag Cloud Widget), creating a jumbled mass of author links, with the most prolific authors’ names the biggest.
The Author Avatars List plug-in (http://tinyurl.com/authoravatars) is one of many author-browsing widgets that use avatars, the tiny headshots that you can pair up with any email account (The Gravatar Service). As with the more pedestrian author list, you can click an author headshot to start browsing the author’s posts.
Adding Author Information
Ordinarily, WordPress keeps author information to a minimum. Even though it stores a few key details in each user’s profile—including a basic “Biographical info” box—none of these details show up in a post. All your readers see is the author’s name.
In some cases, you might prefer to showcase your author. For example, you might want to add a more detailed byline or include a brief bio that highlights the author’s achievements. The low-tech solution is to add this information to the bottom of the post (consider setting it in italics to make it stand apart from the rest of the content). But if you run a self-hosted site, this is one more challenge you can tackle with the right plug-in.
The WordPress plug-in repository is overflowing with author info widgets and bio boxes. One decent starting point is the WP About Author plug-in (http://tinyurl.com/wp-about-author), which automatically adds an author box to the bottom of every post. It also adds several new text boxes to every user’s profile, where authors can enter links to sites where they have public pages (like Facebook, Twitter, and Pinterest). The author’s bio will then include these links (Figure 11-16).
Figure 11-16. The WP About Author plug-in creates an author box that includes a bio and picture (from the Gravatar service described on page 263). The box also includes links to other sites, if the author supplies them. In this example, Lisa Stanfeld added her personal website, Facebook page, and Twitter feed to her profile, so the WP About Author plug-in creates links for all three sites.
Another good author footer plug-in is the Fancier Author Box by ThematoSoup (http://tinyurl.com/authorbox). It uses a slightly smaller version of the author picture, fewer links, and a neato two-tab view that lets you see the author’s recent posts without leaving the current page (Figure 11-17).
Figure 11-17. If you use the Fancier Author Box plug-in, you get two tabs of author information at the bottom of every post. The first has the author’s bio (top), while the second lists the author’s most recent posts (bottom).
Alternatively, you can use one of several plug-ins that puts author information into a widget. That way, you can take the author details out of a post and tuck them into a sidebar. One such plug-in is Author Spotlight (http://tinyurl.com/authorspot). Of course, this idea works only if your theme includes a sidebar in its single-post view. Most themes do, but the older Twenty Eleven theme limits its sidebar to the main post list, so author box widgets aren’t much use.
Finally, some themes include a ready-made author information page that you can drop into your site. Twenty Fourteen is an example—it includes a contributor page that shows information for every author (Figure 11-18).
Figure 11-18. As long as you have at least one published post, the Twenty Fourteen theme adds you to the contributor page, complete with a brief bio, a picture, and a post-browsing button.
Here’s how to create a contributor page if your site uses Twenty Fourteen:
1. In the dashboard, choose Pages→Add New.
Type in a title for your contributor page. The example in Figure 11-18 uses the title “Canton School Staff.”
Don’t bother typing in any page content, because none of it will appear in the contributor page.
2. In the Page Attributes box, change the Template setting to Contributor Page.
WordPress infuses the Contributor Page template with the magic code you need. It prepares a list of all your site’s authors and builds a page that describes them.
3. Optionally, alter the permalink for your page (Create Permalinks That Include the Category).
For example, you might want to use a short, meaningful address like http://cantonschool.org/staff.
If you don’t see the permalink (and the Edit button) under the page title, click in the empty content box underneath. That makes WordPress save a draft of your page, which forces it to create the permalink.
4. Click Publish to add the contributor page to your site.
The contributor page uses a few key details for each author. If you run a self-hosted site, it’s up to you (and your authors) to make sure this information is available, or you’ll end up with a distinctly drab contributor page.
Here’s what each author needs:
o A proper display name. You specify that using the “Display name publicly as” setting (Adding New People to a Self-Hosted Site).
o A descriptive biography. You enter this in the Biographical Info box when you edit a user’s profile (Adding New People to a Self-Hosted Site). In Figure 11-18, Peter Bradley lacks a biography.
o A Gravatar picture. If you want a cute head-and-shoulders shot to appear next to your author details, you need the help of WordPress’s Gravatar service, which attaches a personal picture to any email address. The Gravatar Service explains how to set it up.
Removing Authors (and Other Users)
As your site evolves, the group of people you work with may change. You already know how to add users, but at some point you may decide to remove one. To do that, you first need to view your site’s user list by choosing Users→All Users.
If your site is on WordPress.com, the list includes all the administrators, editors, authors, and contributors registered on your site (it doesn’t include followers). To remove someone, point to the person’s user name and then click Remove. That person’s WordPress.com account remains intact, but she no longer has privileges on your site. If you remove a person who’s published posts on your site, the posts will remain (although you can delete them by going to the Posts→All Posts list).
If you run a self-hosted site, the user list includes everyone who can publish on your site. Unlike a WordPress.com site, you don’t merely remove authors, you delete them by clicking the Delete link. Deleting someone’s account is a fairly drastic step, because it completely wipes the traces of that person off your site. WordPress will ask you what to do with any posts that belong to the newly deleted author (Figure 11-19). You can either delete her posts or assign them to another person.
Figure 11-19. When you delete an author from a self-hosted site, WordPress asks you what to do with her posts. (If you have a last-minute change of heart, click somewhere else in the dashboard, and WordPress abandons the delete operation.)
If you don’t want to take such a drastic step, you can demote a user, so that he remains on your site but has fewer privileges. For example, you could change a contributor to an ordinary subscriber. That way, his existing posts will remain on your site, but he won’t be able to create any new ones. And if, sometime in the future, you decide to reenlist this person’s help, you can simply change his status from subscriber back to contributor.
To change a role, find the person in the user list and click Edit. Then pick a new role from the Role list and click Update User.
Building a Private Community
So far, you’ve used WordPress’s user registration features to open up your site to new contributors. Ironically, those same features are also an effective way to close the door to strangers. For example, you can prevent unregistered guests from reading certain posts, or even stop them from seeing any content at all.
Before you build a private site, however, make sure you have enough interested members. Transforming an ordinary site into a members-only hideout is a sure way to scare off 99.9 percent of your visitors. However, a private site makes sense if you already have a locked-in group of members. Your site might be the online home for a group of related people in the real world—for example, a team of researchers planning a new product, or a local self-help group for cancer survivors. But if you hope that people will stumble across your site and ask to sign up, you’re in for some long and lonely nights.
The goals of a private site are very different from the goals of the average public site. A public site aims to attract new faces, gain buzz, and grow ever more popular. A private site is less ambitious—it allows certain types of discussions or collaboration in a quiet space.
Hiding and Locking Posts
You don’t need to make your site entirely private; WordPress gives you two ways to protect individual posts, so the wrong people can’t read them.
The first technique is password protection. The idea is simple—when you create a post, you pick a password that potential readers need to know. When someone tries to read the post, WordPress refuses to display it until the reader supplies the right password (Figure 11-20).
Figure 11-20. WordPress adds the text “Protected” to the title of every password-protected post. To read the post, you need to type in the correct password.
The nice part about password protection is that it’s straightforward: You either know the password or you don’t, and the password is all you need—protected posts don’t require that a reader be registered with the site. Of course, administrators and editors can edit any post, so password protection doesn’t affect them.
Use password-protected posts sparingly. If your site includes a mix of public and password-protected posts, frustrated readers are likely to give up on you altogether. Password-protected posts make sense if your site isn’t really on the Web, but hosted on an organization’s internal network (a.k.a. an intranet).
WordPress’s second post-protection technique is private posts, which are hidden from everyone except logged-in administrators and editors. When other people visit the site, WordPress scrubs every trace of your private posts. They won’t appear in the post list, show up in searches, or appear when you browse by category, tag, date, or author.
To see your options, click the Edit link next to a post’s Visibility setting (see Figure 11-21).
Figure 11-21. You can choose from three Visibility options for posts: Public (the standard), Password protected (the post’s title is visible to everyone, but only people with the right password can read the content), or Private (the title, post, and comments are hidden from everyone except editors and administrators). Once you choose, click OK.
You can also add a password to a private post or make it private using the familiar Publish box, which appears in the Add New Post and the Edit Post pages.
PLUG-IN POWER: CREATING MORE SPECIFIC PRIVACY RULES
The problem with private posts is that they’re too private. You need to be an editor or administrator to view them, and that may be more power than you want to give other people.
If you’re developing a self-hosted site, a good plug-in can provide a solution. One is Page Security by Contexture (http://tinyurl.com/page-security-c). It lets you create groups of users and then give them permission to read specific posts or pages. For example, you could create a group called Managers, add several people to that group, and then give the entire group permission to read your “Tax Evasion Secrets” post.
Be careful about going too far with the Page Security plug-in, however. If you need to set security rules for dozens of pages, WordPress might not be the right tool for the job—you might be better off with a content management system like SharePoint or Alfresco. And although Page Security does a good job of grafting on some basic security features, things can get messy, and there’s no guarantee that the complex security rules you set up now will continue to work in future versions of WordPress.
Creating a Private Site
A completely private site is one that forces visitors to log in to view anything. If they don’t sign in, they can’t read a single post or page.
You can turn a WordPress.com site into a private site by flipping a single setting. Choose Settings→Privacy, turn on the “I would like my site to be private, visible only to users I choose” checkbox, and then click Save Changes. Now visitors will encounter the WordPress login page, no matter what they try to read (Figure 11-22).
Figure 11-22. Left: WordPress asks visitors who try to view a private site to log in.Right: This is what a visitor sees if he’s logged in to WordPress.com, but not registered on your private site. Clicking “Request access” sends an email to the site owner, who decides whether or not to add the hopeful new guest.
Oddly enough, self-hosted sites lack the private site feature that WordPress.com offers. However, several simple plug-ins can fill the gap. One is Page Restrict (http://tinyurl.com/page-restrict), which lets you prevent people from accessing specific pages—or your entire site—until they log in.Page Restrict also lets you pick a suitable message that explains the issue to anonymous visitors, such as “This content is private. To view it, you must log in.”
You’ve reached the end of the line for WordPress.com sites in this chapter. The following sections cover a few more plug-ins and features that self-hosters can use. So if you run a WordPress.com site, you may as well skip ahead to the next chapter).
Letting People Register Themselves on a Self-Hosted Site
If WordPress hosts your site, WordPress.com is in charge of registering your users. But if you run a self-hosted site, you’re in control, and that gives you a unique ability. If you’re feeling a bit daring, you can open the floodgates to your site and let your readers register themselves.
This strategy might seem a bit dangerous—and if you don’t think it through, it is. Giving random web visitors extra powers on your site is an extreme step for even the most trusting person. However, there are several scenarios where self-registration makes a lot of sense. Here are the most common:
§ You’re creating a private blog and you want to prohibit anonymous contributors, but you don’t want to make your restrictions onerous—you simply want to deter spammers and other riffraff. Often, the process of signing up is enough to keep out these troublemakers. And if you let readers sign themselves up, you save yourself the task of doing so, and save visitors the need to wait for your approval.
§ You’re creating a site that welcomes community contributors. You’re ready to let anyone sign up as a contributor, but you want to approve their content before it gets published (The Post Approval Process for Contributors). Be aware, however, that this is no small task—reviewing other people’s content and sniffing out spam makes comment moderation seem like a day at the spa.
§ You’ve restricted comments to people who have registered and logged in to the site (Facebook and Twitter Comments), but you’re willing to let people comment if they go through the trouble of creating an account. Sometimes, site owners take this step to lock out spammers, and typically it works well, although it also drives away legitimate commenters who can’t be bothered signing up. In most cases, it’s better to allow Facebook and Twitter authentication (Facebook and Twitter Comments), and to use Akismet to fight spam (Understanding Akismet).
§ Your WordPress site isn’t really on the Web; it’s on the internal network of a business or organization. Thus, you can assume that the people who reach your site are relatively trustworthy. (Of course, you still shouldn’t grant them any privileges more powerful than a contributor account without your personal review.)
Flipping on the self-registration feature takes just a few seconds. In the dashboard, choose Settings→General. Add a checkmark next to “Anyone can register,” choose a role in the New User Default Role box below, and then click Save Changes.
You should set the role for new users to subscriber or contributor—subscriber to welcome new readers to a private blog, and contributor to let potential authors sign themselves up. Never allow new people to sign themselves up as authors or editors, unless you want spammers to paste their ads all over your site.
When you turn on self-registration, WordPress adds an extra link to the login page (Figure 11-23).
If you allow self-registration on a public website, you’ll eventually have spammers creating accounts. Usually, the offender is an automated computer program called a spambot. It searches the Web for WordPress sites and attempts to sign up on every one it finds, in the hope that the site will grant the spambot author or editor permissions. If a site is unwise enough to do so, the spambot immediately gets to work spewing spam into new posts. As long as you limit new users to the role of contributor or (powerless) subscriber, the spambot won’t be able to do anything.
(To make sure your site is clean, periodically review your user list and delete bad accounts.)
Figure 11-23. This blog lets people register themselves. They simply click the Register link (left), enter an email address and password (right), and then wait for an activation link to arrive by email.
Creating a Network of Sites
So far, you’ve learned how to transform your site from a lonely one-man-band to a collaborative workspace full of authors, editors, and contributors. This transformation keeps you in control of your site but allows new recruits so you can expand your content, extend your reach, and attract new visitors.
Now you’ll take a step in a different direction. Instead of looking at adding multiple people to a crowded site, you’ll see how to create multiple WordPress sites that coexist on the same web server. Think of it as a way to empower your users to do even more. Now, each author gets a separate site, complete with its own web address, dashboard, theme, and reverse-chronological list of posts. Your web server hosts all these sites alongside your own, much like children living in their parent’s home.
For example, say you create a WordPress multisite network at http://EvilCompanyOfDoom.com. An employee named Gareth Keenan might create a site at http://EvilCompanyOfDoom.com/garethkeenan. Similarly, another employee might add a site athttp://EvilCompanyOfDoom.com/dawntinsley. Of course, you don’t need to create sites based on individual people—you can just as easily create sites that represent departments, teams, clubs, or any other group of people who need to blog together.
The multisite feature works well if you have a community of people who need to work independently, keep their content separate from everyone else’s, and have complete control over the way their content is organized and presented. For example, the Canton School site might use the multisite feature to give each teacher her own site. Teachers could then use their sites to post assignments and answer student questions. The multisite feature isn’t very useful if you want people to team up on the same project, share ideas, or blog together—in all these cases, a single site with multiple users makes more sense.
The multisite feature is particularly convenient when it comes to administration. When you build a network of sites, you become its network administrator—a special sort of administrator with sweeping powers over all the sites in the network. Using these powers, you can choose what themes your users can install and what plug-ins they use. And when a new version of WordPress comes out, you can update all the sites in a single step.
UP TO SPEED: MULTISITES IN ACTION
To really understand the multisite feature, it helps to check out some websites that already use it. Here are some examples:
§ Reuters Blogs (http://blogs.reuters.com). The multisite feature is a great way to handle columnists in a news site. On Reuters, each columnist gets a separate blog that uses the same distinctive theme. But because each site is separate, columnists can create their own categories and tags, and moderate their own comments.
§ Harvard Law School (http://blogs.law.harvard.edu). Harvard Law offers a free WordPress site to anyone in the Harvard University community. They can even sign themselves up and create a site immediately, as long as they have an email address that ends with harvard.edu.
§ Adobe Blogs (http://blogs.adobe.com). Here, different teams of Adobe employees blog about their projects. This example is particularly interesting because it combines the multisite and multiuser features. For example, if you check out just one site, the Adobe Digital Media Blog (http://blogs.adobe.com/digitalmedia), you find a number of Adobe experts weighing in.
§ Best Buy Stores (http://stores.bestbuy.com). The omnipresent electronics store isn’t known for website innovation, but it makes good use of WordPress, giving each store its own WordPress site. For example, visit http://stores.bestbuy.com/577 to see the latest news for the Best Buy in Fairless Hills, Pennsylvania.
§ WordPress.com. The largest and most impressive example of a WordPress multisite network is WordPress.com, the free blogging hub for several hundred thousand people. If the multisite feature works for a network this popular and this big, it’s a safe bet that it will serve the needs of your community, too.
Before going any further, be aware of one thing: Building a network of sites is significantly more complex than adding people to an existing one. Expect to spend more time feeling your way around and relearning how to configure sites and users. Furthermore, be careful with the plug-ins you use, because some won’t work in a multisite network.
By the end of this chapter, you’ll know how to set up a network of sites, add sites, and perform the basic configuration that holds it all together. However, there are significant aspects of the multisite feature that are outside the scope of this book, like using it with subdomains (see the following Note).
There are two ways to create addresses for the sites in a network. You can give each site its own subfolder (as in http://OrilliaBaseballTeams.com/madcats), or you can give each site its own subdomain (as in http://madcats.OrilliaBaseballTeams.com). The latter is the way WordPress.com works. It’s slightly more complicated, because it requires some additional settings on your web host. In this chapter, you’ll stick to the subfolder approach.
Creating a New Multisite Network from Scratch
The easiest way to create a multisite network is to create a new WordPress site from scratch, using an autoinstaller that supports the multisite feature. For example, if you use Softaculous, the installation process is almost exactly the same as the one you used in Chapter 3 (Installing WordPress with an Autoinstaller). The difference is that somewhere in your autoinstaller, you need to find a setting named something like “Enable Multisite” and switch it on (Figure 11-24).
Figure 11-24. To tell Softaculous to create a multisite network, turn on the corresponding checkbox (circled). In this example, you’re creating the network in the root folder of the reboot-me.com domain.
Once you install your site, you can go straight to the dashboard and look around. Skip ahead to the section Your Multisite Network: A First Look on the following page.
If you don’t have an autoinstaller that supports the multisite feature, you’ll need to install a normal WordPress site first and then go through the somewhat awkward conversion process outlined in the next section.
Converting an Existing Site to a Multisite Network
Converting an existing WordPress site into a multisite network is trickier than creating a new network from scratch. If you use subfolders (rather than subdomains) in your network, the conversion process will break any links within posts (see the Note near the bottom of this page to learn why). For that reason, it’s best to convert a newly created WordPress site, rather than one you’ve been using (and that other people have been reading) for some time.
But if you know how to use an FTP program and you’re undaunted by the challenge, it is possible to transition from an ordinary site to a multisite network. WordPress has the full and rather technical step-by-step instructions at http://tinyurl.com/2835suo. The process involves modifying two files in your site—wp-config.php and .htaccess—and changing a few related settings in the dashboard. But because you can’t directly edit the files on your site, you need to download them to your computer (that’s where the FTP program comes in), make your changes in a text editor, and then upload the new, modified files. If you’ve never fiddled with a WordPress installation before, it’s a bit tedious.
Make sure you really want a multisite network before you forge ahead, because there’s no easy way to change a multisite network back to a single site after you make the jump.
Your Multisite Network: A First Look
When you create a multisite network, WordPress starts you out with a single home site in the root of the installation folder. For example, if you install a multisite network at http://prosetech.com, the first site is at http://prosetech.com. This is exactly the same as when you create a standalone site. When you create additional sites, however, WordPress places them in subfolders. So if you add a site named teamseven, WordPress creates it at http://prosetech.com/teamseven. (You might think that it makes more sense to write TeamSeven rather than teamseven, but to WordPress it’s all the same. No matter what capitalization you use, WordPress shows the site name in lowercase letters when you manage it in the dashboard.)
If you’re using subfolders (not subdomains) to arrange your multisite network, you’ll find one quirk in WordPress’s naming system. When you view a post or page on your home site, WordPress adds /blog to the address. For example, WordPress puts a post that would ordinarily be found at http://prosetech.com/2014/06/peanut-butter-prices-spike athttp://prosetech.com/blog/2014/06/peanut-butter-prices-spike. This slightly awkward system makes sure that WordPress can’t confuse your home site blog with another site in the network, because it doesn’t allow any other site to use the name blog.
When you finish creating your multisite network, you find yourself at the dashboard of your home site. But if you attempt to augment your site’s features, you’ll find a new restriction. Even though you can activate an existing plug-in or theme, WordPress won’t let you install new ones. On a fresh WordPress install, you’ll probably get just a single theme (Twenty Fourteen) and two basic plug-ins (the essential Akismet spam-catcher, and the pointless Hello Dolly example).
If you haven’t already guessed, your home site has these new and slightly unwelcome limitations because it’s now part of your multisite network. These rules can be frustrating, but they have sound logic behind them. First, the theme limitations guarantee that your sites share a consistent look. Second, the theme and plug-in restrictions act as safeguards that prevent inexperienced users from uploading spam-filled extensions, which could compromise your entire network.
That said, you’ll probably want to tweak these restrictions to make them better suit your site. For example, you may want the sites on your network to use a different standard theme, or you may want to allow site creators to choose from a small group of approved themes. You might also have trusted plug-ins that you want to run on everyone’s site. You’ll learn how to make these changes shortly. But first, you need to understand how to add new sites to your network.
Adding a Site to Your Network
To add a site, you need to enter network administration mode. This is a step that only you, the network administrator, can take. Other administrators on your network will be able to manage their own sites, but they won’t be able to change the network settings—or even look at them.
In WordPress parlance, a network administrator (also known as a super admin) is the person who manages a multisite network and has full power over all the sites inside. A site administrator oversees a single site—the site you create for him.
To start managing the network, point to the My Sites menu, which sits to the right of the navigation bar (that’s the black bar that stretches across the top of the page). Then click Network Admin (Figure 11-25).
Figure 11-25. The My Sites drop-down menu lists all the sites you own in a network and, most importantly, the Network Admin command that lets you enter network administrator mode.
In network administration mode, the dashboard changes. Because you’re no longer managing a specific site, the Posts, Pages, Comments, Links, and Media menus all disappear. In their place is a smaller set of commands for managing sites, users, themes, plug-ins, network settings, and updates.
You can go straight to the network administration page by adding /wp-admin/network to the end of your home site address, as in http://prosetech.com/wp-admin/network.
Once in network administration mode, you can create a new site:
1. Choose Sites→Add New from the dashboard.
The Add New Site page opens (Figure 11-26).
Figure 11-26. WordPress knows that a network administrator may need to create dozens of sites. To keep your life simple, it asks for just three pieces of information: the site address, the site title, and the email address of the person who will become the site’s administrator. Here, WordPress will create the new site at http://prosetech.com/teamseven.
2. Type the site’s folder name in the Site Address box.
WordPress adds the folder name to the address of your multisite network. For example, if you use the folder name drjanespears and your multisite network is at http://StMarciMarguerettaDoctors.org, the new site has the address http://StMarciMarguerettaDoctors.org/drjanespears.
3. Give the site a title.
The site administrator can change this later.
4. Supply the email address of the person who will own the site.
That person will become the site’s administrator.
Adding people to a multiuser network is different from adding people to a standalone site in one important respect: You don’t need to pick the password for new users. WordPress knows you’re busy, and it generates a random password and emails it to the new administrator.
5. Click Add Site.
WordPress creates the site and adds two links to the top of the Add New Site page: Visit Dashboard (which takes you to the new site’s dashboard) and Edit Site (which lets you change the site’s settings). The dashboard is in its familiar place—just add /wp-admin to the end of the site address to go straight to its front door.
Ideally, you won’t need to visit the new site’s dashboard, because the newly christened administrator will take it from there.
If, sometime later, you need to delete a site, modify it, or assign it to a new administrator, start at the list of sites in the Sites→Add Sites section of the network administration dashboard.
GEM IN THE ROUGH: LETTING PEOPLE CREATE THEIR OWN SITES
Ordinarily, it’s up to you to create every site in a multisite network. WordPress helps you out by automatically creating an account for the new administrator, so you can create a site in one step instead of two. But if you have dozens or even hundreds of users who want sites, manually creating each one is tedious. WordPress gives you another option—you can choose to let people create their own sites.
This isn’t quite as crazy as it sounds. As long as you don’t let people create their own accounts, WordPress allows only registered users to start site-building. If you’re crafty, you can use a WordPress plug-in like Add Multiple Users (http://tinyurl.com/add-multiple) to create accounts automatically, based on a list of email addresses in a text file or spreadsheet. Then you can let people build the sites they need on their own. (There’s no restriction on the number of sites, so if someone can create one, she can also create 12. If you notice a power-drunk author creating too many sites, you need to step in, delete some, and send the miscreant a stern email.)
To allow people to create their own sites, choose Settings→Network Settings in the network administration dashboard. Then, next to “Allow new registrations,” choose “Logged in users may register new sites.” Make sure “Send the network admin an email notification every time someone registers a site or user account” is also turned on so WordPress notifies you about newly created sites. Finally, click Save Changes at the bottom of the page.
New users might not realize that they’re allowed to create sites. WordPress won’t tell them unless they ask for the sign-up page, by requesting wp-signup.php in the root site (as in http://prosetech.com/wp-signup.php). Figure 11-27 shows the page.
Understanding How Users Work in a Multisite Network
You can create as many sites as you want in a multisite network. In each site, you can add as many users as you need.
Sometimes, the same person needs to work on more than one site. For example, one person might need to contribute to different blogs maintained by different people. Or an administrator who manages one site in a network might also want to contribute to another.
To understand how to deal with this, you need to realize that a multisite network maintains a master list of all the users who belong to any site in the network. Each of those people has subscriber privileges on every site. (As you learned on Adding People to Your Site, subscribers are the lowest class of WordPress user—they can’t do anything more than read posts and write comments.)
Figure 11-27. To create a new site, a logged-in user needs to supply the site folder name and the site’s title on the sign-up page, and then click the big Create Site button. The sign-up text shown here is WordPress boilerplate. Once you learn how to edit a theme (Chapter 13), you’ll be able to customize this text.
In addition, you can give people special privileges for specific sites. For example, you might make someone an administrator on one blog and an author on another. In this case, there’s still just one record for that user, but now it’s registered with two different sets of capabilities on two different sites.
Happily, WordPress makes people log in only once. When visitors move from one site to another in the same network, WordPress remembers who they are and determines what privileges they should have on each site.
If you choose Users→Add New on the network administration dashboard, you can add people to the master list (Figure 11-28, top). But WordPress won’t give new users any special privileges for any site.
Life is different for ordinary site administrators. Consider what happens if an administrator named Suzy logs into her dashboard. When she chooses Users→Add New, she’s not given the option to create an account for someone else. Instead, she can invite an existing user to take on a more powerful role on her site (Figure 11-28, bottom).
Figure 11-28. Ordinarily, only network administrators can create new accounts (top) while site administrators can register existing users on their sites, and assign them the appropriate WordPress role (bottom).
One potential problem with the user registration system is that it can create a lot of extra work. For example, if a site administrator needs to add someone new, he needs to ask you, the network administrator, to create the account first. To circumvent this restriction, go to Settings→Network Settings, choose “Allow site administrators to add new users to their site,” and then click Save Changes. Now site administrators can add new people to the master list.
Another problem occurs if one person contributes to several sites. In that case, someone needs to visit each dashboard and invite the user separately to each site. If you’re not the sort of person who likes to spend all weekend tweaking WordPress settings, you may want to enlist the help of a plug-in like Multisite User Management (http://tinyurl.com/multisite-um). It lets you set a default role for each site in a multisite network. Then, when you create a new user, she’s automatically registered on each site with the default role you chose.
Rolling Out Updates
One advantage of a multisite network is that it streamlines certain management tasks. For example, you can update WordPress on all the sites in your network in a single operation from the network administration page.
To get started, choose Updates→Available Updates from the network administration dashboard. You’ll see, at a glance, what themes, plug-ins, and WordPress system updates are available. If you’re not up to date, start by installing your updates on this page.
When you update themes or plug-ins, the changes take effect on all the sites in your network immediately. That’s because a multisite network stores only a single copy of each theme and each plug-in.
When you install a new version of WordPress, you need to take one more step. Choose Updates→Update Network, and then click the Update Network button to upgrade all your sites at once.
Adding Themes and Plug-Ins
In an ordinary WordPress website, the site administrator controls the themes and plug-ins the site uses. But in a multisite network, this approach would be too risky, because a single malicious plug-in could steal sensitive data from any site in the network, or wipe out the database of your entire network.
Instead, multisite networks use a more disciplined system. You, the network administrator, can pick the themes and plug-ins you want to allow. Site administrators can then choose from the options you set.
A typical multisite installation begins with a few standard themes (such as Twenty Twelve, Twenty Thirteen, and Twenty Fourteen), but only one of them is network enabled (Twenty Fourteen). That means Twenty Fourteen is the only theme the sites in your network can use. In fact, site administrators can’t see the other themes at all.
To add a new theme and make it accessible to the sites in your network, follow these steps:
1. Choose Themes→Add New, and search for the themes you want.
If you need a refresher, Visiting the Theme Gallery has the full story on theme searches.
To activate a standard year theme already on your network (but not enabled), such as Twenty Thirteen, jump straight to step 3.
2. When you find a suitable theme, click Install Now.
This downloads the theme to your multisite network but doesn’t actually make it available to any sites.
3. Click Network Enable.
The Network Enable link takes the place of the Activate link you see when you install a theme on an ordinary, standalone WordPress website. You can click Network Enable immediately after you install a theme, or you can view all your themes (Figure 11-29) and then click Network Enable next to the ones you want.
Figure 11-29. When you click Network Enable below a theme title, WordPress makes that theme available to all the sites in your network.
You can also enable a theme for some sites but not others, although it’s awkward. First, make sure your theme isn’t network-activated. Then choose Sites→All Sites and click the Edit link under the site where you want to apply the theme. When the Edit Site page appears, click the Themes tab. In the list of disabled themes, click Enable next to the ones you want to add.
The process for installing plug-ins is similar but subtly different. First, choose Plugins→Add New and then search for the plug-in you want. When you find it, click Install Now. Now you have a choice:
o Make the plug-in optional (don’t do anything). Once you install a plug-in, WordPress makes it available to every site administrator in your network. Each administrator can log in, visit the Plugins section of the dashboard, and choose what plug-ins to activate.
o Activate the plug-in for every site. To do this, click the Network Activate link. When you network activate a plug-in, that plug-in automatically runs on every site in your network. However, site administrators won’t see the plug-in the Plugins section of the dashboard, and they won’t be able to deactivate it. That’s your job (click Network Deactivate to switch off a network activated plug-in).
Not all plug-ins work properly when network-activated, so it’s worth contacting the plug-in maker to ask, or testing a new plug-in the first time you network activate it.
GEM IN THE ROUGH: SETTING A STORAGE LIMIT
Themes and plug-ins aren’t the only restrictions that come into play on a multisite network. You can also set storage limits to restrict how many pictures, documents, and other files people can upload to their sites. These settings prevent space hoggers from swallowing gigabytes of hosting room, leaving your web server starved for space.
Ordinarily, your network has no site restrictions. To put one into effect, choose Settings→Network Settings on the network administration dashboard. Scroll down to the “Site upload space” heading and switch on “Limit total size of files uploaded.” That caps the amount of space for posts, pages, pictures, and uploaded files on a site to 100 MB. However, you can type in whatever maximum you want. You can also change the “Max upload file size” to set the maximum size of an individual file (usually 1.5 MB).
Site administrators can use a dashboard to keep an eye on the size of their sites. Choose Dashboard→Home, and look at the “At a Glance” box. At the bottom, you find the key details: the maximum size allotment, the current size of the site, and the percentage of space used so far.