Complete guide to onboarding and offboarding users in WordPress, including manual addition, bulk imports, role changes, and safe user removal.
Adding Users to WordPress
Method 1: Manual User Creation (Dashboard)
Best for: Adding individual users, small teams
Step-by-Step Process
Access User Management
wp-admin → Users → Add NewEnter User Information
Required Fields:
- Username - Permanent, cannot be changed (lowercase, no spaces)
- Example:
john.doeorjdoe
- Example:
- Email - User's email address (must be unique)
- Example:
john@company.com
- Example:
Optional Fields:
- Username - Permanent, cannot be changed (lowercase, no spaces)
Set Password
Option A: Manual Password
- Click Show Password
- WordPress generates strong password
- Edit if needed (not recommended - use strong password)
- Uncheck "Send User Notification" if you'll provide password separately
Option B: Email Invitation
- Keep Send User Notification checked
- User receives email with password reset link
- User sets own password (recommended)
Assign Role
Select appropriate role from dropdown:
- Administrator - Full site control (use sparingly)
- Editor - Content management
- Author - Publish own posts
- Contributor - Submit posts for review
- Subscriber - Profile only
- Shop Manager - WooCommerce store management (if WooCommerce active)
- Customer - WooCommerce purchaser (if WooCommerce active)
See Roles & Permissions for detailed breakdown.
Click "Add New User"
Email Invitation Process
When "Send User Notification" is checked, user receives:
Subject: [Site Name] Login Details
Username: john.doe
To set your password, visit the following address:
[Password Reset Link]
Best Practice: Always use email invitation for:
- External contractors
- Client access
- New team members
- Any user you don't manage in-person
Method 2: Programmatic User Creation
Best for: Developers, automated onboarding, custom registration forms
Basic User Creation
// Simple user creation
$user_id = wp_create_user(
'johndoe', // Username
'SecurePassword123!', // Password
'john@example.com' // Email
);
if (is_wp_error($user_id)) {
// Error handling
echo 'Error: ' . $user_id->get_error_message();
} else {
// Success
echo 'User created with ID: ' . $user_id;
}
Advanced User Creation with Metadata
// Create user with full profile
$user_data = array(
'user_login' => 'johndoe',
'user_email' => 'john@example.com',
'user_pass' => wp_generate_password(12, true, true), // Random strong password
'first_name' => 'John',
'last_name' => 'Doe',
'role' => 'editor',
'display_name' => 'John Doe',
'user_url' => 'https://johndoe.com',
'description' => 'Content Manager'
);
$user_id = wp_insert_user($user_data);
if (!is_wp_error($user_id)) {
// Add custom meta
update_user_meta($user_id, 'department', 'Marketing');
update_user_meta($user_id, 'hire_date', date('Y-m-d'));
// Send password reset email
wp_new_user_notification($user_id, null, 'both'); // 'both' sends to user and admin
}
WooCommerce Customer Creation
// Create WooCommerce customer
$customer = new WC_Customer();
$customer->set_username('johndoe');
$customer->set_email('john@example.com');
$customer->set_first_name('John');
$customer->set_last_name('Doe');
$customer->set_billing_first_name('John');
$customer->set_billing_last_name('Doe');
$customer->set_billing_email('john@example.com');
$customer->set_billing_phone('555-1234');
$customer->set_billing_address_1('123 Main St');
$customer->set_billing_city('New York');
$customer->set_billing_state('NY');
$customer->set_billing_postcode('10001');
$customer->set_billing_country('US');
$customer_id = $customer->save();
Method 3: WP-CLI (Command Line)
Best for: Server administrators, bulk operations, automation scripts
Create Single User
# Basic user creation
wp user create johndoe john@example.com --role=editor --porcelain
# With additional fields
wp user create johndoe john@example.com \
--role=editor \
--first_name=John \
--last_name=Doe \
--display_name="John Doe" \
--user_pass=SecurePass123! \
--send-email
# Generate random password (recommended)
wp user create johndoe john@example.com --role=editor --send-email
Create Multiple Users from CSV
CSV Format (users.csv):
user_login,user_email,role,first_name,last_name
johndoe,john@example.com,editor,John,Doe
janedoe,jane@example.com,author,Jane,Doe
bobsmith,bob@example.com,contributor,Bob,Smith
Import Script:
# Import users from CSV
while IFS=, read -r user_login user_email role first_name last_name; do
wp user create "$user_login" "$user_email" \
--role="$role" \
--first_name="$first_name" \
--last_name="$last_name" \
--send-email
done < users.csv
Method 4: Bulk User Import (Plugin)
Best for: Large teams, migrating from other platforms
Recommended Plugins
Import Users from CSV with Meta
Install Plugin
Plugins → Add New → Search "Import Users from CSV with Meta" Install and ActivatePrepare CSV File
user_login,user_email,role,first_name,last_name,user_url johndoe,john@example.com,editor,John,Doe,https://johndoe.com janedoe,jane@example.com,author,Jane,Doe,Import
Tools → Import Users from CSV Choose file → Upload Configure: ✓ Send notification emails to new users ✓ Update existing users Import
WP All Import (Premium)
- Advanced mapping
- Schedule imports
- External data sources (Google Sheets, API)
Modifying User Roles
Change User Role (Dashboard)
Navigate to Users
wp-admin → Users → All UsersEdit User
- Hover over username → Click Edit
- Or click username directly
Change Role
- Find Role dropdown
- Select new role
- Click Update User
Bulk Role Changes
Select Multiple Users
- Check boxes next to usernames
- Or use Select All (top of table)
Apply Bulk Action
- Bulk Actions dropdown → Change role to...
- Select new role
- Click Change
Programmatic Role Changes
// Change single user role
$user = new WP_User(123);
$user->set_role('editor');
// Add role (keep existing)
$user->add_role('shop_manager');
// Remove specific role
$user->remove_role('subscriber');
// Remove all roles
$user->set_role(''); // Empty string removes all roles
// Add capability without changing role
$user->add_cap('edit_theme_options');
// Remove capability
$user->remove_cap('edit_theme_options');
WP-CLI Role Changes
# Change user role
wp user update 123 --role=editor
# Change role by username
wp user update johndoe --role=author
# Bulk change roles
wp user list --role=subscriber --field=ID | xargs -I % wp user update % --role=customer
Removing Users from WordPress
Pre-Removal Checklist
Before removing a user:
- Identify content ownership - How many posts/pages does user own?
- Plan content reassignment - Who should inherit their content?
- Review custom data - WooCommerce orders, custom post types, user meta
- Backup - Export user data before deletion
- Notify stakeholders - Inform team of access removal
- Document reason - Keep audit trail
Method 1: Delete User (Dashboard)
Standard User Deletion
Navigate to Users
wp-admin → Users → All UsersDelete User
- Hover over username → Click Delete
- Or check box → Bulk Actions → Delete → Apply
Content Attribution Decision
WordPress will ask what to do with user's content:
Option A: Delete all content
- Removes all posts, pages, comments by user
- Caution: Permanent deletion
Option B: Attribute content to another user
- Select existing user from dropdown
- All content reassigned to selected user
- Recommended: Preserves content
Confirm Deletion
- Click Confirm Deletion
Bulk User Deletion
1. Select multiple users (checkboxes)
2. Bulk Actions → Delete → Apply
3. Choose content attribution (applies to all selected users)
4. Confirm Deletion
Method 2: Programmatic User Deletion
// Delete user and reassign content
$user_id = 123;
$reassign_to = 1; // Reassign to user ID 1 (usually admin)
require_once(ABSPATH . 'wp-admin/includes/user.php');
$result = wp_delete_user($user_id, $reassign_to);
if ($result) {
echo 'User deleted successfully';
} else {
echo 'Error deleting user';
}
// Delete user and all content (dangerous)
wp_delete_user($user_id); // No reassignment
WooCommerce Customer Deletion
// Delete WooCommerce customer (preserves order data)
$customer = new WC_Customer(123);
// Option 1: Delete user but keep orders
// Orders remain attributed to deleted user (shows as "Guest")
wp_delete_user(123);
// Option 2: Reassign orders to another user
// Not directly supported - requires custom logic
$orders = wc_get_orders(array('customer_id' => 123));
foreach ($orders as $order) {
$order->set_customer_id(1); // Reassign to user 1
$order->save();
}
wp_delete_user(123);
Method 3: WP-CLI User Deletion
# Delete user and reassign content
wp user delete 123 --reassign=1
# Delete user and all content (dangerous)
wp user delete 123 --yes
# Delete multiple users
wp user delete 123 124 125 --reassign=1
# Delete by username
wp user delete johndoe --reassign=admin
Method 4: Disable User Without Deletion
Alternative to deletion: Disable user account but preserve everything.
Using Plugin
Disable Users Plugin:
1. Install "Inactive Logout" or "Disable Users" plugin
2. Users → All Users → Edit user
3. Check "Disable this user"
4. Save
Manual Disable (Custom Code)
// Disable user (remove all roles)
add_action('init', 'disable_user_account');
function disable_user_account() {
$user_id = 123;
$user = new WP_User($user_id);
$user->set_role(''); // Remove all roles
// Add flag to track disabled status
update_user_meta($user_id, 'account_disabled', true);
update_user_meta($user_id, 'account_disabled_date', current_time('mysql'));
update_user_meta($user_id, 'account_disabled_by', get_current_user_id());
}
// Prevent login for disabled users
add_filter('authenticate', 'block_disabled_users', 30, 1);
function block_disabled_users($user) {
if (!is_wp_error($user) && get_user_meta($user->ID, 'account_disabled', true)) {
return new WP_Error('account_disabled', 'This account has been disabled. Contact administrator.');
}
return $user;
}
Benefits:
- Preserves all user data
- Can be re-enabled easily
- Maintains content attribution
- Audit trail intact
Multisite User Management
Add User to Multisite Network
Method 1: Dashboard
Network Admin → Users → Add New
Username, Email, Check "Add user"
Select sites to add user to
Select role for each site
Method 2: Programmatically
// Add existing user to site ID 2 as Editor
add_user_to_blog(2, 123, 'editor');
// Create user and add to multiple sites
$user_id = wp_create_user('johndoe', 'password', 'john@example.com');
add_user_to_blog(1, $user_id, 'administrator'); // Main site
add_user_to_blog(2, $user_id, 'editor'); // Site 2
add_user_to_blog(3, $user_id, 'author'); // Site 3
Remove User from Multisite
Remove from specific site:
// Remove user 123 from site 2 (keeps user on other sites)
remove_user_from_blog(123, 2);
Delete from entire network:
// Delete user from all sites in network
wpmu_delete_user(123);
User Data Export (GDPR)
Manual Export
Tools → Export Personal Data
1. Enter user email address
2. Click "Send Request"
3. User receives email with confirmation link
4. User confirms → Download link generated
5. Export includes:
- Profile data
- Posts/comments
- WooCommerce orders
- Plugin data (if supported)
Programmatic Export
// Export user data
$exporter = new WP_Privacy_Data_Export_Requests_Table();
$email = 'user@example.com';
// Create export request
wp_create_user_request($email, 'export_personal_data');
// Generate export file
$user = get_user_by('email', $email);
if ($user) {
$exporters = apply_filters('wp_privacy_personal_data_exporters', array());
// Export logic...
}
Best Practices
User Onboarding
Use Strong Passwords
- Let WordPress generate
- Or use password manager (1Password, LastPass)
- Minimum 12 characters, mixed case, numbers, symbols
Send Email Invitations
- User sets own password
- Reduces password sharing
- Creates audit trail
Principle of Least Privilege
- Assign minimal role needed
- Content creator? Author, not Editor
- Store manager? Shop Manager, not Administrator
Enable Two-Factor Authentication
- Required for Administrators
- Recommended for Editors
- Use authenticator app (Google Authenticator, Authy)
Document Access
- Why does user need access?
- What role do they need?
- Review date for temporary access
User Offboarding
Content Reassignment
- Never delete all content
- Reassign to appropriate team member
- Maintains SEO, internal links
WooCommerce Considerations
- Orders remain associated with customer email
- Consider anonymizing personal data
- Keep order history for accounting
Audit Trail
- Log deletion date
- Document who performed deletion
- Note reason for removal
Application Passwords
- Revoke API access
- Check for active application passwords
- Remove webhook integrations
Backup First
- Export user data before deletion
- Save to secure location
- Keep for compliance period (GDPR: varies by data type)
Troubleshooting
Can't Add User - Email Already Exists
Error: "Sorry, that email address is already used!"
Solutions:
// Check if email exists
$user = get_user_by('email', 'user@example.com');
if ($user) {
echo 'Email already used by: ' . $user->user_login;
}
// Multisite: User might exist on another site
// Option 1: Add existing user to current site
add_user_to_blog(get_current_blog_id(), $user->ID, 'editor');
// Option 2: User uses different email for this site
Can't Delete User - No Reassignment Option
Cause: User has no content, or you're the only administrator.
Solution:
- Ensure at least one other Administrator exists
- Or delete user without reassignment (if truly no content)
Bulk Import Fails
Common Issues:
- CSV formatting (use UTF-8 encoding)
- Special characters in usernames (use lowercase, no spaces)
- Duplicate emails
- Missing required columns
Debug:
// Enable WordPress debug mode
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
// Check debug.log for errors
// /wp-content/debug.log
Next Steps
- User Roles & Permissions - Understand role capabilities
- WordPress User Management - Overview and best practices
- WordPress Security - Secure user accounts