Bludit User Management: Roles and Permissions

This section covers user management, roles, and permissions for Bludit and associated analytics tools. Bludit is a simple, fast, flat-file CMS designed for easy blogging and website management without requiring a database.

Overview

Bludit provides straightforward user management capabilities ideal for small teams and individual bloggers. As a flat-file CMS, Bludit stores all data in JSON files rather than a database, making it lightweight and easy to deploy while offering basic multi-user functionality.

User management in Bludit features:

• File-based user storage in JSON format
• Simple role system with Admin, Editor, and Author roles
• Individual user profiles with customizable information
• No database required for user authentication
• Built-in security with bcrypt password hashing

Bludit is ideal for small projects, personal blogs, and teams of 2-10 users. For larger organizations with complex permission requirements, consider more robust CMS platforms with database-backed user management.

Platform User Management

• Roles & Permissions - Understanding user roles
• Adding & Removing Users - User administration

Accessing User Management

To access user management in Bludit:

1. Log in to the Bludit admin panel at /admin/
2. Navigate to Settings in the left sidebar
3. Click Users in the settings menu
4. View the list of existing users and their roles

Only users with Administrator role can access user management settings and create or modify other user accounts.

Bludit User Roles

Bludit provides a simple three-tier role system:

Administrator

Administrators have complete control over the Bludit installation:

• Full access to all settings and configuration
• Can create, edit, and delete all content (pages and posts)
• Can manage all users (create, edit, delete)
• Install and configure plugins and themes
• Modify system settings and security options
• Access to all admin panel features
• Can delete the site or reset data
• Manage categories and tags

When to use: Assign to site owners and technical administrators only. Limit to 1-2 users.

Editor

Editors have broad content management permissions:

• Can create, edit, and delete their own content
• Can edit and delete content from other authors
• Can manage categories and tags
• Can upload and manage media files
• Cannot access system settings
• Cannot manage users or install plugins
• Cannot modify theme or system configuration
• Limited to content and media management

When to use: Assign to content managers who need to oversee and edit team content.

Author

Authors have limited permissions focused on their own content:

• Can create and edit their own pages and posts
• Can upload media files
• Can manage their own user profile
• Cannot edit others' content
• Cannot delete published content from others
• Cannot access settings or manage users
• Cannot install plugins or change themes
• Limited to personal content creation

When to use: Assign to content contributors and bloggers who create their own content.

Adding and Inviting Users

Creating a New User

To add a user in Bludit:

1. Navigate to Settings > Users
2. Click Add a new user or the + button
3. Enter user information:
   • Username: Unique identifier (cannot be changed later)
   • First name: User's first name
   • Last name: User's last name
   • Nickname: Display name for posts (optional)
   • Email: User's email address
   • Password: Initial password (user should change)
4. Select the Role: Administrator, Editor, or Author
5. Click Save or Add

The new user can immediately log in with the provided credentials.

User Profile Fields

Additional user profile options:

• Biography: Short description about the user
• Profile Image: Avatar or photo (uploaded to user folder)
• Social Media Links: Twitter, Facebook, Instagram, etc.
• Website: Personal or company website URL

These fields appear on author pages and post bylines (theme-dependent).

Changing User Passwords

Administrators can reset user passwords:

1. Navigate to Settings > Users
2. Click on the user to edit
3. Enter a new password in the password field
4. Confirm the password
5. Click Save

Users can also change their own passwords:

1. Click on their username in the top right
2. Select Edit profile
3. Enter current password and new password
4. Save changes

Editing User Information

To modify user details:

1. Go to Settings > Users
2. Click on the user to edit
3. Modify any field (except username)
4. Update role if needed
5. Click Save

Note: Usernames cannot be changed after creation. To change a username, create a new user and delete the old one.

Removing Users

To delete a user account:

1. Navigate to Settings > Users
2. Click on the user to delete
3. Scroll to the bottom of the edit page
4. Click Delete or Remove User
5. Confirm the deletion

Important: Content created by deleted users will remain on the site but will show no author. Consider reassigning content before deleting users, or manually update posts to assign them to another author.

User Profiles and Authorship

Author Pages

Bludit automatically creates author pages for each user:

• Accessible at /author/username
• Lists all content by that author
• Displays user biography and profile information
• Shows profile image and social links
• Theme-dependent design and layout

Post Authorship

When creating content:

• Posts are automatically attributed to the logged-in user
• Author name appears in post metadata
• Editors can change post author when editing
• Author pages aggregate all posts by that user

User Profile Customization

Users can customize their own profiles:

1. Click username in top right corner
2. Select Edit profile or Profile
3. Update:
   • Display name/nickname
   • Biography
   • Profile image
   • Social media links
   • Website URL
4. Save changes

File-Based User Storage

Bludit stores users in flat files:

User Data Location

User data is stored in:

/bl-content/databases/users.php

Each user's data is stored as a JSON object with:

• Username and password hash (bcrypt)
• Email and personal information
• Role and permissions
• Profile metadata
• Social media links

Direct File Editing (Advanced)

For advanced users or recovery scenarios:

1. Access the server via FTP/SSH
2. Navigate to /bl-content/databases/
3. Edit users.php carefully
4. Ensure valid JSON syntax
5. Backup before editing

Warning: Direct file editing can break the user system if not done correctly. Only edit files as a last resort for account recovery.

Security Recommendations

Password Security

1. Enforce Strong Passwords: Require minimum 12 characters with complexity
2. Change Default Credentials: Never keep default admin credentials
3. Unique Passwords: Each user should have a unique password
4. Regular Updates: Encourage password changes every 90 days
5. Password Managers: Recommend password managers to users

Access Control

1. Limit Administrators: Only 1-2 users should have admin access
2. Use Editor Role: Most team members should be editors or authors
3. Remove Unused Accounts: Delete accounts for departed users immediately
4. Regular Audits: Review user list monthly
5. Document Access: Keep records of who has access and why

Login Security

1. Hide Login Page: Change default /admin/ login URL using .htaccess
2. Limit Login Attempts: Install plugin to prevent brute force attacks
3. Enable HTTPS: Always use SSL/TLS for admin access
4. Session Timeout: Configure automatic logout after inactivity
5. Monitor Login Logs: Check for suspicious login attempts

Bludit Security Plugins

Consider installing security plugins:

• Login Attempts: Limits failed login tries
• Brute Force Protection: Blocks IP addresses after failed logins
• Maintenance Mode: Temporarily disable site access
• Two-Factor Authentication: Add 2FA if available

Common Issues and Solutions

Issue: Forgot Admin Password

Solution:

• Access server files via FTP/SSH
• Navigate to /bl-content/databases/users.php
• Generate a new bcrypt password hash
• Replace the password hash in the file
• Save and test login with new password
• Alternatively, create a new admin user via file editing

Issue: Cannot Add New Users

Solution:

• Verify you're logged in as Administrator
• Check file permissions on /bl-content/databases/ (should be writable)
• Ensure username doesn't already exist
• Verify no JSON syntax errors in users.php
• Check server error logs for PHP errors

Issue: User Changes Not Saving

Solution:

• Check file permissions on user database files
• Verify sufficient disk space on server
• Ensure JSON files are not corrupted
• Clear browser cache and try again
• Check for PHP errors in server logs

Issue: Author Page Not Displaying

Solution:

• Verify the theme supports author pages
• Check that the user has published content
• Ensure friendly URLs are properly configured
• Review .htaccess rules if using Apache
• Test with default Bludit theme

Issue: Lost Administrator Access

Solution:

• Edit /bl-content/databases/users.php directly
• Change a user's role to "admin" in the JSON
• Or create a new admin user via file editing
• Ensure proper JSON syntax
• Backup file before editing

Limitations of Bludit User Management

Be aware of these constraints:

1. Simple Role System: Only three roles (no custom roles)
2. No Granular Permissions: Cannot customize permissions per role
3. Limited Scalability: Not designed for 50+ users
4. No Built-in User Approval: All users active immediately upon creation
5. No User Groups: Cannot organize users into teams or departments
6. No Activity Logs: Limited tracking of user actions
7. No API for Users: Cannot programmatically manage users via API
8. No SSO/SAML: No enterprise single sign-on support
9. No Email Invitations: Manual credential sharing required
10. No Multi-Site User Management: Each Bludit install has separate users

For more advanced user management needs, consider WordPress, Drupal, or enterprise CMS platforms.

Backup and Recovery

Backing Up User Data

To backup user accounts:

1. Access server via FTP/SSH
2. Navigate to /bl-content/databases/
3. Download users.php file
4. Store securely with other site backups
5. Backup regularly (weekly minimum)

Restoring Users

To restore user data:

1. Access server files
2. Replace /bl-content/databases/users.php with backup
3. Ensure file permissions are correct (writable)
4. Test login with various user accounts
5. Verify all users and roles restored correctly

Plugin Extensions

Enhance Bludit user management with plugins:

Recommended User Management Plugins

• Login Attempts: Prevents brute force attacks
• User Profiles Extended: Additional profile fields
• Custom Login Page: Modify login page appearance
• Email Notifications: Notify admins of new user activity
• Activity Log: Track user actions (if available)

Installing Plugins

1. Navigate to Plugins in admin panel
2. Browse available plugins
3. Click Install on desired plugin
4. Configure plugin settings
5. Activate the plugin

Analytics Tool Access

Google Analytics 4

Manage GA4 access in Admin > Account/Property Access Management:

• Administrator: Full control over account settings and users
• Editor: Can modify configurations and settings
• Analyst: Can create reports and audiences, no configuration changes
• Viewer: Read-only access to reports and data

To add GA4 to Bludit:

1. Install Google Analytics plugin or
2. Add tracking code to theme template
3. Requires Administrator access

Google Tag Manager

Manage GTM access in Admin > User Management:

• Administrator: Full control over container and users
• Publish: Can publish container changes to production
• Approve: Can approve changes but not publish
• Edit: Can edit tags and triggers but cannot approve or publish
• Read: View-only access to container configuration

To implement GTM in Bludit:

1. Edit theme template files
2. Add GTM container code to header
3. Requires Administrator access to themes

Meta Business Manager

Manage access in Business Settings > People:

• Admin: Full control over business settings and assets
• Employee: Limited access based on assigned assets and permissions

Best Practices

1. Minimize Administrators: Only assign admin role to 1-2 trusted users
2. Use Appropriate Roles: Most users should be Authors or Editors
3. Regular User Audits: Review user list monthly and remove inactive accounts
4. Strong Passwords: Enforce minimum password requirements
5. Backup User Data: Include user database in regular backups
6. Change Default Admin: Change the default admin username immediately
7. Enable HTTPS: Always use SSL for admin panel access
8. Install Security Plugins: Add brute force protection and login limiters
9. Document Users: Maintain a record of who has access and their role
10. Test Permissions: Verify each role has appropriate access after changes

Additional Resources

• Bludit Official Documentation
• Bludit Users Guide
• Bludit Security Best Practices
• Bludit Plugins Directory
• Bludit Community Forum