How to Add Images to WordPress Posts and Pages

In this WordPress Guide, you will learn how to add images to the majority of your WordPress content using the WordPress visual editor. We will cover various methods you can use to add images to your content. The process is extremely simple and straight forward.

The Drag and Drop Method

1. Place your cursor where you want your image(s) to appear.
2. From your desktop, drag and drop the image file to your WordPress editor.

Once the image is dragged to your WordPress editor, you should see what we are showing in our screenshot with a message to Drop files to upload. Once you release the click on your mouse, WordPress will upload the image to your Media Library.

Add your title, alt text, caption and alignment settings then click Insert into post.

The Add Media Method

Another popular method that people continue to use (including me)  is to use the Add Media button. The process is very similar to the drag and drop method.

One advantage to using this method is an upload is not required if you already have a suitable image uploaded already. You can select the image, customize the description and then Insert into post.

1. Place your cursor where you want the image(s) to appear.
2. Click the Add Media button.
3. Drag and drop the image to the add media screen.

Or, if you already have an image ready to be used, click the Media Library tab and click the image you want to use in the post. If you already have thousands of images, you can also use the search function to find the image.

Add an Image Gallery

Now that WordPress has been upgraded to include native galleries, you no longer need a plugin. Here’s how to add an image gallery into your posts.

1. Place your cursor where you want the gallery to appear.
2. Click Add Media.
3. Click Create Gallery.
4. Choose the Upload Files tab to add new images or choose Media Library to use existing uploaded images.
5. Select the images you want to appear in the gallery (check mark will appear).
6. Click the Create a new gallery button.
7. Customize your gallery appearance.
8. Click the Insert gallery button.

Regarding customizing your gallery appearance in step 6, on that screen you can drag and drop the images to change the order of appearance. On the right under Gallery Settings, you can choose how you want the media to appear in your post, how many columns, randomize order and the image size you want to use.

Here’s some recommended settings:

• Link To: Media File
• Columns: 3 or 4 (If you have 6 images, use 3 to make it display evenly)
• Size: Thumbnail

The actual appearance of your gallery will depend on the theme you are using. With Thrive Themes, here’s a live example of how the gallery appears which adds a really neat carousel effect when clicking on an image.

Image credits for these images are available here.

Afterwards, you can click the gallery within your WordPress editor and click the pencil icon to edit the gallery if needed.

Adding an Image From a URL

1. Click Add Media.
2. Click Insert from URL.
3. Paste direct image link.
4. Add link text.
5. Click Insert into post.

Some Image Tips

Make sure you have copyright permission to use images in your posts.

Consider optimizing your image sizes. If you are running a photography blog, then by all means use the full high-resolution images, but if you are running a standard site with traditional images, resize the images to fit your content. It makes no sense to upload an image that is 4,000px wide when your content area can only fit a 750px width image. This will help drastically reduce download times on your pages.

If you are uploading a JPG or PNG, consider using a web service like TinyPNG or using an image optimization plugin. Anything you can do to speed up page loading times on image-heavy pages will help the overall user experience and potentially help you rank higher in search engine indexes.

Don’t add images “just because.” Your ultimate goal should be helping the user with the topic you are writing about. Consider using images to help the user visually understand what you are referencing in your content. In our case, this post includes multiple screenshots with arrows to help you through the process of adding an image along with an example image gallery so you can see one in action.

5 Big WordPress Mistakes Beginner Users Make

We were all new with WordPress at one point and had to learn the hard way. With WordPress being the most popular content management system on the planet, we’ve found from our clients a short list of major mistakes that always seem to come up when we optimize their WordPress installations.

Thankfully, with all of the awesome WordPress resources including here at Top Five Advisor, beginner WordPress users now have the ability to discover and fix these problems faster than ever before.

So, what are the most common mistakes that beginner WordPress users make?

Discouraging Search Engine Visibility

When you create your first website and set up WordPress, the site will be live and online. After the installation, most people skip the reading and dive right in to the WordPress settings. That’s fine, in fact, it is a great way to learn, however, when they go to Settings > Reading, they see the above option to Discourage search engines from indexing this site and enable it.

That’s something we’d also recommend, however, we’ve found that our clients will change this setting when they are beginners to WordPress and forget to change it back after they go live.

We’ll give you $1,000 if you can get our site listed in Google search. Anywhere. Nothing we are doing is working!

This was the easiest money we’ve ever made with a digital marketing client, however, we were honest, told them what the problem was and applied a large chunk of that money towards improving their website.

When your site is live and ready, don’t forget to uncheck this box so that Google and other search engines are permitted to index your site in their search engines. There’s nothing more frustrating than working for months on end building a ghost town.

Who Needs to Set Up Permalinks? You Do!

Find it here: Settings > Permalinks

By default, when you first install WordPress, your permalink settings will be set to Default with your links using the p=123 setting. This setting is not human or search engine readable and tells nobody what your post topic is about.

The sooner you change this setting to a human-readable format, the better. Preferably, you will change this before launching your website.

The most common structure that most sites should consider using is the Post name option, however, we chose to use the custom structure option to enable the category to come before the name of the blog post because we cover a massive amount of topics in several categories. Of course, you will have problems using /%category%/%postname%/ without reading our guide on this subject.

Previously, the Post name option was known to cause problems with website performance which you may have read about online from older blog posts on this subject. Thankfully with the release of WordPress 3.3 and beyond, this problem was corrected and does not cause these issues.

For most, you will be able to update your permalinks right from the dashboard. This will automatically update your .htaccess file (on your host server) and you’ll be on your way. If you happen to see an error that states If your .htaccess file were writable, we could do this automatically…, then you will need to update the .htaccess file manually using an FTP software like Filezilla (free) or ask your host or administrator to make these changes.

Ignoring WordPress Updates

Another huge mistake we see is clients ignoring important updates. WordPress does an excellent job keeping their content management system secure when potentially severe security problems present themselves.

With the latest versions of WordPress, it will automatically update and keep your site secure from these threats, however, WordPress will not automatically install the latest major versions of their software and it will also not automatically update your plugins which could also have critical exploits that need updates.

We strongly recommend logging in to your WordPress dashboard at least weekly to apply updates. You should not be afraid to update your plugins and WordPress core. It’s as easy as checking each item that has an update and clicking the update button. In fact, you should be more afraid to ignore updates because this is the most common reason WordPress websites get hacked / exploited.

You Have Way Too Many Plugins

We get it, WordPress plugins do so much to add functionality to your website and it is addicting. However, if you add too many plugins to your website, you’ll start noticing problems with pages loading slowly, bad page speed scores on Google PageSpeed Insights, server performance issues and more.

Any plugins that are not being used should be deactivated and uninstalled. Beginner WordPress users commonly will try tens, if not hundreds, of plugins on their website but they forget to uninstall the ones they didn’t like.

Approach plugins with a minimalist mindset and only use plugins that are crucial to your website’s success.

Leaving Default or Incomplete Pages Live

This is another huge one because it tells search engines and readers of your website that you are a BEGINNER. Many new WordPress website owners will create a bunch of content pages that they will “update later” and post them live just so they can visualize their site structure.

The big mistake these beginners make is leaving these “coming soon” or “we’re updating this” pages up after going live. There’s nothing more frustrating to your readers than clicking on an article they are interested in only to find a blank page with no content. As for search engines, they all have algorithms in place to detect sites that use these temporarily pages and mark them as a “low quality site” which will massively hurt your potential rankings.

Other Tips

• Keep local backups of your WordPress website. Update them weekly.
• Don’t change the URL (permalink) of older blog posts when reviving / updating them.
• Don’t ignore the basics. Get a contact us, terms of service, about and disclosures page live.
• Don’t keep the default admin username for security reasons.
• Use a strong password. Try keypass to remember your gSLs@5^*Ku style encrypted passwords.
• You aren’t Just another blog. Go to Settings > General and add a proper tagline.
• Don’t over-complicate your categories and tags.

How to Add a Link or Hyperlink to Your WordPress Content

Back to the WordPress basics in this post which will show you how to create a hyperlink in your content. This is a WordPress visual or text editor feature that is simple to use, once you know where to look. Any place that has the WordPress editor will allow you to add a link to another post or page on your website.

Of course, the first thing is to create or edit a post, page or custom post type. Once you do, you’ll get the traditional WordPress editor that allows you to create your content.

Use this button in your WordPress editor to activate the add a link option.

Linking to Internal Content

This is a GIF showing you how to add a link in WordPress.

Let’s say I want to link to my how to fight WordPress spam blog post, all you need to do is highlight the text that you want to be linked, click the link button on the toolbar, search for your post, click the post and then click add link.

Of course, you don’t have to highlight the text first, you can also click the link button, find the post you want, click that and then add the text you want linked in the Link Text box. Highlighting just makes it a little easier (for me anyway).

One option you have is to Open link in a new window/tab. What this will do is add a target=”blank” to your link HTML so that it opens in a new window. Click here to see my WP Engine review and to see this link open in a new tab/window.

Linking to External Content

It’s the same exact process except this time, you simply copy the URL you want to link to (from your browser’s address bar) and then paste that into the URL field.

1. Copy URL to your clipboard. Windows: Control + C. Mac: Command + C.
2. Go to your post and highlight the text you want linked.
3. Click the Insert/edit link button.
4. Click the URL box and paste. Win:Control + V or Mac: Command + V.
5. Click the blue Add Link button.

Linking an Image

You can also hyperlink an image that you’ve uploaded to your content. All you do is use the Add Media button, drag your image to your browser to upload and then on the right, look for the section shown in the screenshot.

Look for Link To and switch that to Custom URL which will present the http:// box where you can enter the URL that you want to link to. It’s that simple.

How to Add, Edit or Delete a User in WordPress

Once you are established with your new WordPress website, you will likely want to add new users so that they can help you write new content or manage your existing content. Thankfully, WordPress makes this extremely easy. In your WordPress Dashboard, hover your mouse over Users then click All Users.

Once you do that, this page will appear.

Click “Add New”

From there, everything is straight forward.

Username: This is used by the new person to log in to your website.

Email: Make sure this is their real email address that way if they forget their password, they can do a password recovery.

First / Last Name: This can be used and displayed on your website depending on your theme.

Make sure you create a very secure password for them to use.

Send Password? This is an option you can use to send the username and password to your new user. We typically do not use this function opting instead to craft our own email that explains how to add new content to the site.

Role: Need help understanding user roles? Click that link to learn about the default user roles to help you understand what they are and what role you should assign.

Then click the “Add New User” button.

Editing a User – Access Additional Options

Head back to Users > All Users and click on their username or the edit link below their username. On this page, you can edit the profile name, nickname and as we’re showing here in our screenshot, the Display name publicly as option which is how the name will appear on your front-end pages.

Visual Editor: You may disable the visual editor which is the traditional editor that you use to style your content. If you want to provide an environment for your writers to simply copy / paste text that you will then style yourself, that’d be a great example of why you’d disable the visual editor.

Admin Color Scheme: There’s 8 color schemes for your users to choose from.

Keyboard Shortcuts: Certain user roles allow comment moderation which allows for keyboard shortcuts to be used. You may disable keyboard shortcuts to help prevent your authors from styling comments and to prevent accidental actions like marking a comment as spam with the s key.

Toolbar: The black floating toolbar when viewing your website’s front-end is enabled by default on all logged in users. If you wish, you can disable that toolbar if needed.

There’s a new section here called About Yourself that you or the new user will be able to add or edit their Biographical Info. Depending on the theme you use, you may or may not see this information on the approved content they share.

You may notice that there is an “About Scott Buehler” at the bottom of this page that shares a little information about me. This is all done in the edit profile area in WordPress and you can even add text links using simple HTML as shown below.

He offers <a href="http://www.scottbuehler.com">digital marketing services</a> to any local business

Simply edit the HTML and text and it will be transferred to a text hyperlink that people can click.

Other Profile Editing Options

Depending on the theme you use and plugins installed, you may notice that there are additional options on this page to fill out for each user. For instance, WordPress SEO, a recommended SEO Tool, will add a WordPress SEO Settings area that will allow you to customize the author page title, meta description and more.

Deleting a WordPress User

Users > All Users.

Hover your mouse over the user and then click the red “Delete” link. This will always take you to the screen shown here where you will have final options to complete before deleting the user.

Delete all Content: For most (with a few exceptions), you should not delete all content because it will remove content from your website causing 404 errors and other issues. If a writer has left your website and you simply want to remove the user while keeping their content, you’d choose the other option.

Attribute All Content to: This will change all of the content under the user being deleted to be attributed / assigned to a different user that you select. While most will simply assign content to the main admin account, you may also consider a <Sitename> Staff username that you assign these posts to so that it doesn’t appear that you, the admin, wrote the content. In our case, this would be our Top Five Advisor Staff account.

Once done, click the Confirm Deletion button and the user will be removed from your website.

Top Five Free Social Media Integration Plugins for WordPress

Right after launching your first WordPress website, you will likely want to integrate some sort of social media functionality to make it easy for your viewers to share your content on social media. So, you hop on the WordPress Plugin Directory, do a few searches for social media plugins and instantly get that overwhelmed feeling.

There are hundreds of options to choose from and each one has their own pros and cons.

You might even be a great researcher and decide to start reading the reviews and support forums for each social media integration plugin, however, you’ll find yourself spending days deciding and testing various plugins to find the one that is right for you.

Our goal with this guide is to help you save all of that previous time, do the research for you and report our findings. This isn’t your average top list, we’ve downloaded the plugins, installed the plugins, checked how they effect page loading speed and more.

The below plugins are all free to use. Although there are some awesome premium social sharing plugins out there, we’ve kept this guide’s focus on the best FREE social media sharing plugins.

Mashshare Share Buttons

Tested Version: 2.3.5
Configure: Mashshare > Settings

Front-End Payload:
mashsb.min.css: 28.2KB
mashsb.min.js: 3.35KB
Total Payload: 31.55KB
* Does not include monetization options.

Supports: Only Facebook and Twitter on the free version (see monetization below).

Note: Not seeing the share icons on your website? Here’s how to enable it right away, go to Mashshare > Settings > Visual Tab > Location & Position Tab. Under post types, check post and page to enable the share options on all posts and pages. Once saved, go to the Social Networks tab and place a check under Facebook, Twitter and Subscribe as desired. Remember to save.

Server Considerations

There’s going to be a larger performance hit when using this plugin because it is collecting statistics on your database. You can opt to switch from MashEngine (local data collection) to SharedCount to offload the hit, but this only allows 10,000 free requests before a payment is required.

The other option is to disable the Sharecount option which requires no SQL queries at all. Enable cache expiration of at leasdt 30 minutes to reduce server load as well, they have a 5 minute setting as default which we wouldn’t recommend.

Other optimizations include the ability to force the JavaScript to load at the bottom of your HTML.

An interesting feature of this plugin is that they allow you to fake your statistics by adding a number you specify to the total tally. Shady at best.

For Facebook, you can configure the count to include shares, likes, or all shares, likes and comments on your content.

Customizing Options

Under Visual > Customize you will find a lot of options available to customize how your sharing will appear. You will be able to round the share count to the nearest 1K or 1M, animate the share count, change the share count title, add Twitter handle, change share count color, add a border radius to your share icons (rounding effect), add gradients, change the default button width, enable small buttons and customize the Subscribe button link and behavior.

Under the Visual > Location & Position tab you can customize the position of the share icons from Top, Bottom, or Top and Bottom. You’ll also be able to customize where your share options appear including any custom post type, post or page. You can also add share icons to your category pages of front page which is a really nice touch.

Monetization

As much as we love Mashshare, the plugin is severely limited in functionality for those looking for a free option. By default, you will only be able to add Facebook, Twitter and a “Subscribe” page link on your content. If you want your users to have the option to share to other networks, that’ll cost you. There’s a lot of things that’ll cost you, so here’s the options.

Mash Networks: Want Google+, Whatsapp, Pinterest, LinkedIn, Tumblr, Stumbleupon and other networks? That’ll be €19.00 for one site.

VideoPost Popup: At the end of your embedded video playback, this optin allows a popup to appear to encourage sharing of the video. You can also set this to popup after a specific period of time on the video playback. That’ll be €39.00 for one site.

Facebook Likebar: A sticky mobile-optimized bar that encourages viewers to like your Facebook page. The bar disappears when a user likes the page and offers an X to close the sticky bar should the reader not want to like the page. Mobile optimized and offers many customizations for €19.00 on one site.

Sticky ShareBar: Add a sticky bar that plasters to the very top of the browser window that offers share options. That’ll be €18.00 for one site.

Realtime Pageview Counter: Show how many times your page has been viewed from the point this feature is activated. That’ll be €18.00 for one site.

Google Analytics Integration: €19.00 for one site.

Mashshare Responsive: Be default on the free version, the share icons do not shrink and instead stack on each other. If you want this functionality for your mobile viewers, that’ll be €9.95 for a single site. Come on guys, seriously? This should be a default feature!

URL Shortener: A free enhancement option that allows you to use goo.gl links in Twitter. Mashshare does not recommend this feature currently due to performance issues.

Mashshare LikeAfterShare: Ok, this is actually really cool because when someone clicks your Facebook share button and shares your page, they will be taken back to your site with a new popup that asks for a LIKE on your page as well. A hefty €29.00 pricetag for one site.

Open Graph: Add open graph options to your social sharing. We wouldn’t recommend this because if you’ve installed WordPress SEO, you already have it. This is free to use if needed and allows for your featured images to be used on Facebook and other social media when your content is shared.

They have also added a $24 social locker enhancement that links to CodeCanyon which allows you to encourage sharing on your content to reveal a special download or offer.

Get the Core Add-On Bundle: If you elect to purchase any of the above add-ons, you might want to claim the bundle which includes 7 add-ons for €39 for one site (VideoPost not included). For €99 you can get this for 3 sites and it includes VideoPost.

Share Buttons by AddToAny

Tested Version: 1.5.8
Configure: Settings > AddToAny

Front-End Payload:
addtoany.min.css: 1.19KB
page.js (external): 23.08KB
Loads external social media integration files on page load.
Payload: At least 25KB.

Want more social sharing options? The AddToAny plugin lives to its name with 100 social media sharing options to choose from. Of course, with great choice comes great responsibility.

For every social media integration you add as a Standalone button, you increase the page load time. The files requested are loaded asynchronously, however, they are always loaded and not loaded upon user request / hover like other plugins listed here.

Our recommendation? Select just a few of the major social media networks you’d like to have as a Standalone button and utilize the integrated + button that will allow your users to choose from the 100 options available.

Share Buttons by AddToAny Notes

Placement Options: You can select to disaply the social media icons at the bottom, top, or top and bottom of your posts, pages, front page, archive pages and on custom post types.

Menu Styler: One thing unique to AddToAny is the Menu Styler. This links out to AddToAny’s website but allows you to customize the main color, border color, link text, hover text and background. Once done, you can click “Done, get code” and it will give you code that you can add to the “Additional Options” area of the configuration page.

Floating: AddToAny also features a “Floating” tab on the configuration page which allows you to add a left or right hand vertical floating bar. You can configure this floating element to only display on desktop with XXX pixels width (you customize) and position the element XXX pixels from the top of the screen (allowing for larger headers).

If vertical floating isn’t your glass of beer, then scroll down to the Horizontal Buttons area where you can configure horizontal floating buttons that are docked to the browser window.

This is a very ugly option in our opinion because it docks the floating bar at the bottom of the browser window on the far right or left. If the reader is viewing your content on a maximized window on a large screen, the bar may appear way outside of your content.

Monetization

We reviewed the plugin and found no attempts at monetization. There’s no advertisements or requests for donations. The only thing the author asks for at the bottom of the configuration page is a positive rating and to share it to others.

We hope that the above list will help narrow down your social media integration plugin decision and get you on the important path of creating valuable content that people want to share.

Be careful out there. You will find old lists of recommended social media plugins that recommend plugins that haven’t been updated in over a year. At the time of this review, the popular sharing plugin Digg Digg, with almost a million downloads hasn’t been updated since July of 2013. If you look over their reviews, there’s a lot of complaints which can be expected from an abandoned plugin.

If you’ve found this guide useful, please consider sharing this page on social media using our integration.

5 Reasons You Should Be Using a VPN Service

Confused on why you should be using a VPN service? There’s several reasons why you should use one, starting today. Here’s a quick top five listing of reasons why they should be a high priority.

Maintain Your Privacy

When connected to the Internet, your IP address is a personal identifier that can easily be viewed by 3rd parties in order to identify you and your location. When using a VPN, you’ll receive a new IP address that is owned by the VPN provider. This new IP address will only show the geo-location of the VPN server you’re connecting to rather than your true location.

Additionally, with the encryption that a VPN provides when connecting to the Internet, you can maintain your privacy and speed by keeping your ISP from inspecting, prioritizing, and throttling data sent to and from your device.

Secure Your Devices that Access the Internet

Using a VPN is a great way to increase and maintain your security whenever you are connected to your Internet. By connecting your online device to a VPN, you’ll encrypt the data sent to and from your device. Encryption scrambles the data so it cannot be deciphered by your Internet Service Provider, the web-servers you’re trying to reach when browsing online, or any nefarious 3rd party who is trying to intercept your data.

Accessing the Internet at your local coffee shop over their public access WIFI? Your Internet usage can be spied on over their air by someone in the same room and you won’t have any idea it is happening. All they have to do is pretend to be on their phone while they use a snooping tool to spy on all Internet activities happening in the room. If you use encryption provided by a VPN, they won’t be able to decipher what you are doing.

By using a VPN with top-tier encryption, you’ll ensure that your personal and business communications are private and out of the hands of 3rd parties who would normally have access to your information.

Accessing Geo-blocked Content

Unfortunately, popular sites and services online are often blocked in certain regions based on a user’s IP geo-location. For example, Netflix is inaccessible in many countries around the world, and in countries where it is available, many of the shows and movies in the American Netflix library are unavailable unless you have a US IP address.

By using a VPN with server locations all over the world, you can connect to servers and receive an IP address that is geo-located within that region. This will allow you to access content and services that would normally be blocked based on your IP address. This also allows you to access your favorite sites and services from home when travelling or living abroad!

Bypass ISP Foolery

It’s no secret that large ISPs are not always interested in what is best for their users. This has been seen in the past for example when American ISPs throttled users’ connections when accessing Netflix. One individual noted that his Netflix speeds were significantly faster when using a VPN.

When using a VPN service provider, you are routed through the VPN provider’s network. Larger providers often have bigger networks with more peers, which allow your traffic to take the optimal, fastest route to the destination you’re trying to reach. Golden Frog, the team behind VyprVPN, in particular owns and maintains its own network in addition to its own DNS service, VyprDNS. Due to the scope of their network and the large number of servers they offer, users can bypass ISPs’ congested networks and take one of any optimized routes on their network in order to deliver the best speeds when browsing or using online services.

Defeat Censorship and Government Restrictions

Unfortunately, 4/5 people in the world do not have access to an uncensored Internet. In places like China, Turkey, Southeast Asia, and the Middle-East, online censorship is pervasive and popular services like Google, Twitter, Facebook, and western news sites are often banned outright and inaccessible. Even in other nations with less pervasive censorship laws, they still censor select sites, content, and services that they deem unfit for the general population.

With a VPN, you can take back your Internet freedom. Simply connect to a VPN server located in a country with no online censorship and access the unrestricted web as if you were actually located in that country. So for individuals that live in or travel to regions with a restricted Internet, they can use a VPN in order to access a true, uncensored Internet.

Get a VPN from a Top Five Advisor Award Winner!

Here at Top Five Advisor, we recommend VyprVPN. VyprVPN is run by Golden Frog, the team that has been fighting for an open Internet since 1994. With VyprVPN, Golden Frog offers a premium VPN service with 50+ server locations, top level encryption, and a network that is 100% owned, operated, maintained by the Golden Frog team.

Understanding User Roles and Permissions in WordPress

The goal of this WordPress Guide is to help those who have decided to create a new user in their WordPress installation. This is not a comprehensive and exhaustive list of features of each default user role, but this is a quick reference that can be used to answer the common question What user role should I assign this user account I am creating in WordPress?

There are 5 default user roles that ships with your WordPress installation. In this guide, we will quickly cover what these roles mean to your new user, what they can do on your WordPress dashboard (permissions) and help you decide which role to select.

With no further delay, let’s get started.

Subscriber User Role

This user has no additional rights to your WordPress dashboard. They can only read your posts which is also traditionally available to unregistered users as well. Typically, this role is often assigned and used by membership plugins and, if you so choose, will also be assigned to users when you open registrations under WP Dashboard > Settings > General > Membership (check) Anyone can register.

If you want a higher degree of control on your website, you can disable commenting to unregistered users and require registration which would also take advantage of the subscriber role. We recommend keeping commenting available to everyone and use our guide to help control comment spam should that be an issue.

If you are manually setting up a user on a WordPress site that doesn’t have additional membership software, you’ll likely not need this role.

Contributor User Role

This would likely be the default role you’d assign to a new writer on your website. They can write and manage their own posts but can only submit those posts for review by an Administrator or an Editor.

When a Contributor creates a new post on your website, they will see a blue Submit for Review button instead of a Publish button. There will be no illusion that what they write will automatically appear on the site without first going through an approval process.

Author User Role

• Can write posts.
• Can publish their own posts.
• Can edit their own posts.
• Can manage comments received to their own posts.

If you plan on establishing a review and approval workflow that all authors will submit content and then get approved by an Editor, you do not want to use the Author user role, instead, you’d place all authors under the Contributor role.

Otherwise, if you do not want an approval process and allow your writer(s) to directly publish content on your website without editorial control, you’d set them up under the Author user role.

Editor User Role

• Has no control over your WordPress site configuration.
• Cannot create users.
• Has complete control over all content including administrators and all contributors.
• Can edit, approve, deny, or delete posts or pages.
• Full comment administration control.
• Can manage categories, links and use HTML markup or JavaScript inside posts.

As you can see, the Editor role has a lot of power over your website and should only be assigned to people that you trust. You would assign the Editor role to someone as part of a review and approval workflow with the Editor being the one who approves all content submitted by Contributors.

Administrator User Role

• Typically the blog owner.
• Has complete access to all WordPress features.
• Can be assigned to trusted technical partners.

If you are currently running your WordPress website (which is likely why you are on this guide in the first place), you are already familiar with the Administrator role because that is exactly what your access login is.

If you add another user as an administrator, they will have the exact same rights as your account including the ability to delete any users (including your own administrator account).

There is another role that most won’t see or have access to and is the Super Administrator. This is an administrator of a WordPress Multisite / Network setup that has multiple sites installed under a single WordPress database. The large majority of WordPress sites do not use or need WordPress Multisite and is beyond the scope of this guide.

How to Customize User Roles and Permissions in WordPress

Now that you are getting the hang of WordPress, your site is live, you’ve started adding content and then it happens, you want to scale it up and bring on additional staff to help you write content and do various tasks to help your site grow at an even faster pace.

When you start looking into it, you find out about User Roles and access it by going to WP Dashboard > Users. Inevitably, you’ll start adding test users into the system, log out, log in under the new users and see what they can do on your site that you’ve worked so hard on.

Then you discover that the default user roles are great, but it isn’t perfect. You like X role but you can’t setup new accounts under it because it allows them to do Y, which you only want administrator accounts to manage.

Enter User Roles Plugins

For both options below, we strongly recommend reviewing the WordPress Codex for Roles and Capabilities to have a full understanding of the roles and capabilities before making changes. On that page, consider scrolling down to the Capability vs. Role Table section and have a look at their visual representation of the default roles that WordPress ships with. Just to save a little confusion for you, “Super Admin” is a role that is only offered on WordPress Network / Multisite install which allows you to run multiple “sites” in one WordPress website.

Additionally, consider copying the default roles and modifying those to your liking. Then you can set your users to those roles and never use the WordPress defaults. This way, you can reference the default roles and capabilities at any time.

Option 1: User Role Editor

The above screenshot is exactly how User Roles Editor works within your WordPress and is accessed by going to WP Dashboard > Users > User Role Editor. Of course, you can check the box that says Show capabilities in human readable form if you wish, that will just remove the underscore and make the options plain text (we don’t recommend this because then it is a little harder to cross reference the roles and capabilities codex linked above).

From this screen, you can easily “Add Role,” “Rename Role,” and even do more advanced things like add or delete capabilities for these roles. As we show you on the right, adding a new role is straight forward. Enter the role name, what it displays and select what default role you’d like this role to mimic before you begin editing its capabilities.

From here, you can quickly reference the capabilities enabled (checked) and modify how that role works on your website when they log in.

If you’d like to have your senior writers have advanced access to your website, like publishing posts created by junior writers but you don’t quite trust them enough to be a full “Editor” on your site, you can quickly create a Senior Writer role by making a copy of the “Author Role,” reference the codex and enable a few select Editor capabilities and call it a day.

The same thing with your editors. You can create a new editor role and create a “Super Editor” role that would have a select few administrator rights.

Or, go the other way (like what we do) and create an Author role but remove certain default features we don’t want them to have, such as the ability to delete posts.

What We Don’t Like

Immediately after activating this plugin, it will create new capabilities inside of your database, even if you do not make a single modification or change. The above screenshot was taken right from our localhost install when using Capability Manager Enhanced (below) which shows obvious entries added by User Role Editor using the name ure_ as the capability name. Unfortunately, the developer doesn’t offer a way to remove these newly added references upon removal or with the “Reset” function which resets all user roles back to default. If you Reset > Deactivate > Uninstall User Role Editor, the ure_ references remain. Just something to be aware of, which may or may not bother you as an administrator.

Option 2: Capability Manager Enhanced

Capability Manager Enhanced is, for the most part, the same as the User Role Editor plugin we showed first. The difference here (and why it is included) is the fact that it is a bit more user friendly in the way it portrays the capabilities in an easier-to-understand format.

Of course, the downside with this is also that you are going to have a harder time cross-referencing the codex page to learn exactly what some of these Other WordPress Core Capabilities do exactly.

After the plugin is installed, you can access this plugin by going to WP Dashboard > Users > Role Capabilities.

One thing nice about this plugin is you can completely disable capabilities within a role using the red X without having to delete the capability (which is how URE works).

What We Don’t Like

No revert option available. One of the features mentioned on this plugin’s description page is the ability to revert roles and capabilities to WordPress defaults, however, we thoroughly searched the support threads, reviews and looked over the plugin and do not see a way to do this within the settings. In fact, we had to load URE and use their reset function to remove all the changes we made in this plugin.

Copying roles is a little less user friendly and less obvious compared to URE above. In order to accomplish copying a role, you will need to “Load” a role, like Author and then under Copy Author Role, you type in the name of the new role that you want created. In URE, you simply click “Add Role” then it asks for the name as well as a drop-box to select the user role you want to copy, which is way more straight forward and less confusing.

How Has Modified / New User Roles Helped You?

We’d love to hear how you are using modified or new roles in your WordPress setup. Leave a comment below to help our readers understand the benefits of creating specific roles.

How to Deal with Comment Spam in WordPress

There’s nothing worse than building a successful WordPress website only to attract spamming robots that leave hundreds, if not thousands, of spam comments all over your posts and pages. Lately, I’ve been having several conversations with people on Google+ about the issue which triggered this WordPress Guide.

This guide will cover a wide range of options and solutions that can be used to combat spam along with a my personal recommendations based on years of experience working with WordPress websites.

Stage 1 – Akismet

The BB Gun. It helps but lacks the power you need to go for the kill.

Every WordPress website comes pre-installed with Akismet, which is a free spam-fighting WordPress plugin that uses an algorithm to check if a comment is spam based on many factors. All you need to do is go to your WordPress Dashboard and click Plugins. From there, you will see Akismet and Hello Dolly on a default WordPress installation. First of all, delete Hello Dolly, ‘nuf said.

Under Akismet, you will see a blue “Activate” link. Click that then click the blue “Activate your Akismet account.” From there, click the blue Get your API key. Once again, you’ll click “Get An Akismet API Key” on their website which will then take you to a WordPress.com signup page. If you have a WordPress.com login, click I already have a WordPress.com account! and log in. Otherwise, enter your email address, desired username and password and click Sign Up.

Once you authorize your WordPress.com account with Akismet, you’ll finally be taken to this screen with pricing options.

From here, you can opt for the $5/mo plan or use the Basic sign up which allows you to name your price with a pricing slider, one of which is FREE. As long as your website is not a commercial website, you can slide the slider all the way to the left so that it is $0.00/year (free) which will remove the credit card payment options and allow you to enter your first and last name.

Finally, you will get the required API key that you can then use on your website.

Head back to your WordPress Dashboard and find the Manually enter an API key section. Paste your key in there then click Use this key to activate Akismet on your site.

Now that you are active, Akismet will begin scanning comments and marking spammy comments as spam and place these comments in your Comments > Spam section.

All set right?

Here’s the problem. If you are getting thousands of robot spam submissions on your website, your database will continue to be filled up because the comments are being accepted into your database but are being placed in your spam folder. If you ignore your spam folder long enough, you’ll rack up a massive database size in no time at all which can cause your site to become more and more sluggish in page loading and administrative response times.

Stage 2 – Replacing Your Commenting System

The handgun. It definitely takes care of bots looking for a WordPress commenting form but you’ll be fighting spam in a different way.

You’ve fought a long and hard battle with comment spam and decide, that BB Gun just isn’t doing the job to kill off the spam. What other options do I have to combat this seriously distracting issue? You take to the Internet and look at what popular WordPress websites are doing and realize, Oh! They switched their comment system and outsourced it to a third party!

Great idea! How do I do that? It’s pretty simple. Here’s a few of the most popular options that are available to you.

Disqus Comment System

Discus is the most popular WordPress comment replacement system that exists. Disqus allows you to moderate and control your filters, control anonymity preferences and is very easy to install. Disqus also integrates social media to share comments and reactions on Facebook or Twitter. They system is based on real time commenting which allows users to see the latest comments first (which may or may not please your readers).

The problems with Disqus is you are forcing your viewers to register on a separate site just to have the ability to make a comment. They will have to register by associating one of their social media accounts or will need to setup an account which requires them to provide an email address which may turn them off from commenting on your site.

Of course, if you decide to switch to Disqus from your WordPress, since the service is linked to your WordPress website, you will be able to transfer your old comments to the Disqus system. If you decide down the road that Disqus isn’t right for you and want to move back to the traditional commenting system, you can ensure all of your comments are synced under Comments > All Comments then deactivate / delete the plugin. Therefore, you won’t lose comments by switching then switching back, a really nice bonus.

Direct Social Media Commenting

Another popular approach that some sites use is integrating and using Facebook or Google+ comments to replace the regular WordPress comment system. What this allows is for people to quickly and easily comment on your posts as long as they are registered on and using the social network integration you choose. One benefit is it will help increase the sharing of your content on these social media platforms and traditionally, people will use their real names in their comments, especially Facebook users.

Of course, not everyone uses social media or they have used it in the past and, for whatever reason, decided to delete their accounts and never use their platform again. For these users, you will have completely alienated them and they will not be able to comment (expect nasty contact form submissions for this decision on established websites).

Another major issue you’ll face is the comments themselves belong to Facebook or Google+. When switching to this type of system, you will lose all of your old comments. If you decide that social media commenting isn’t working out like you wanted, any comments received while social media commenting is integrated will be lost (and only available on the social media posts).

I’ve tried going this route on a new blog before and the biggest red flag is the fact that users can dig up your old content and leave links and spam that you will likely never see or be alerted towards. This is especially a big problem in Google+ integration with no resolution because Google+ doesn’t officially support comment integration. In Facebook, you can take advantage of the Facebook comment moderation tool to monitor comments received through your website’s app, however, you’re still left with dealing with spam on a daily basis, just in a different location.

Although Comments Evolved is the most popular WordPress plugin for Google+ comments, it should be noted that this plugin will also integrate Facebook, Disqus and the traditional WordPress commenting system as an all-in-one solution.

Stage 3 – Removing the URL Field in Comments

The Assault Rifle. Now we’re talking. The handgun definitely helped pick off the spammers that are close in range but we’re having problems hitting those pesky long targets. Let’s not mention the fact that some spammers invoke The Matrix and are able to dodge our handgun bullets.

We’ve discussed the potentials of switching your commenting system and the integrated Akismet plugin which helped but some spambots are persistent and are able to spam even though you’ve switched. Even if the integrated systems have virtually eliminated spambots, there’s still ways for spammers to manually attack your content with links that will have to be moderated.

Question: How can we attack those persistent spambots where it hurts the most?

Answer: Remove the URL field in your traditional WordPress commenting system.

If you remove the URL field from your WordPress commenting system, manual spammers will not be able to submit spam because there is no URL field to complete. However, if you do this the wrong way, spambots will still be able to submit spam because they use a long URL string to form-submit to your website (the spambots do not actually use your form, they bypass it).

Hint: Do not use the widely-publicized CSS trick to hide the URL form. The spambots will continue submitting spam to your website even though your website doesn’t show the URL field.

Now that you’ve removed the URL field, you’ll make it known that you are not a URL-friendly website to spammers looking for target sites to attack.

The Downsides

Of course there’s always a downside to doing this. First, webmasters like myself enjoy researching people who comment on their website to learn more about them. Without the URL being submitted, you will find it harder to discover their latest projects. Most people who fill out the URL field on their comments will naturally link to their latest website, latest article or their latest project because that is what is freshest on their mind.

Secondly, a huge portion of people who comment on blog posts and articles are bloggers themselves. They enjoy commenting to add value to the conversation but they also enjoy getting a few backlinks to their site(s) here and there to attract traffic. If you remove the URL field, you are also removing some people’s willingness to comment.

Stage 4 – The Anti-Spam Plugin

The Nuke (name your deadliest weapon here?). That assault rifle approach did the trick! You were able prevent most of the spambots and manual spammers from submitting spam, but can we take it a step further? What if I don’t want to remove that URL box?

Introducing Anti-Spam, a free plugin that will help thwart spambots, doesn’t use a required captcha, but still allows the URL field on your website.

I’ve tried several spam prevention plugins available but this one is my favorite by far.

It. Just. Works. There’s nothing to configure which feels too good to be true, but isn’t. Pure magic.

Once you install and activate the plugin, you will notice a drastic, if not complete, reduction is spam ending up in your spam moderation queue. The plugin blocks spambot spam at the source by checking the user agent using JavaScript.

One awesome thing about this is the fact the bulk of the spam your site receives will not even reach your WordPress database. That’s one of the biggest reasons why I love this plugin so much. Best of all, it continues to remain free but the ability to support the author is there with an upgrade to Anti-Spam Pro which adds additional features (a more powerful automatic spam protection, a manual spam protection algorithm and a settings page) for a one-time purchase of $14 on codecanyon.

It’s important to note here that Anti-Spam (free version) stops the automated spambots but it doesn’t prevent manual spam submissions from real people using real browsers.

That’s Not a Nuke Then!

You’d be correct in saying that. However, what if you installed/activated the Anti-Spam plugin and deleted the URL field (the assault rifle approach above)?

Now you’ve got a site that uses the default WordPress commenting system that completely blocks most spambots and prevents manual spammers from spamming your site with URLs. Welcome to the solution we use on all of our WordPress projects. We have yet to see a need to even use Akismet because the spam doesn’t reach our database in the first place.

If you really want to keep your URL field for reasons we’ve stated above, your other solution is to upgrade to Anti-Spam Pro. This will add a manual commenting “spam-points algorithm” which will help you keep the URL field in tact but tackle most of the manual spammers.

Ugh – Anti-Spam Adds a Notification to My Comments Page!

Yep, I didn’t like when Webvitality added this notification flag and actually voiced my displeasure about it on their WP plugin support forum. Due to the complaints, he quickly added a new feature that allows us to remove this flag from the comments page, but it’s buried and you’ll have to know where to look.

Use the above GIF to see exactly how to remove the Anti-Spam notification flag. On your Dashboard > Comments page, click Screen Options, uncheck Anti-spam info, click Apply. Done.

How have you handled your WordPress spam issue? Did this guide help you? Please leave a note in the comments below and let us know!