This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
WordPress is one of the simpler Content Management Systems. Despite its clean user interface, WordPress can be daunting for those who use it infrequently or have basic IT skills. It also offers considerable power; it’s easy to install a malicious plugin or wipe a database if you’re not careful.
Fortunately, WordPress can be configured and customized to save users from themselves! That includes the person in every organization who vastly over-estimates their technical prowess…
1. Grant Appropriate User Roles
WordPress offers a range of roles and capabilities. In most cases, users should either be:
- an Editor: someone who can publish and manage their own and other people’s posts.
- an Author: someone who can publish and manage their own posts.
- a Contributor: someone who can write and manage their own posts but cannot publish them.
None of these roles can install plug-ins, change themes, approve updates, edit files or perform other dangerous tasks available to Administrators. Of course, some users will claim they need full rights — that’s fine if they’re prepared to take the risk and pay the cost of losing everything!
2. Create Shortcodes for Advanced Functionality
Users often demand advanced functionality such as Twitter widgets, stock price trackers, affiliate links, etc. Rather than let them add arbitrary third-party code, allow them to call your code via a shortcode defined in a plugin or the theme’s functions.php file:
// include a specific PHP file
function customIncludeFile($params = array()) {
extract(shortcode_atts(array(
'file' => 'contact-form'
), $params));
ob_start();
include(get_theme_root() . '/' . get_template() . "/$file.php");
return ob_get_clean();
}
add_shortcode('include', 'customIncludeFile');
This shortcode allows users to enter [include myfile]
in the editor to include myfile.php from the template folder.
3. Remove WordPress Update Notifications
A WordPress update notification may be useful to you but could worry your users. Disable it in a plugin or the theme’s functions.php file:
// remove update notifications
<?php
function no_update_notification() {
if (!current_user_can('activate_plugins')) remove_action('admin_notices', 'update_nag', 3);
}
add_action('admin_notices', 'no_update_notification', 1);
4. Remove Unnecessary Menus
Few sites use every WordPress feature. For example, your installation may not need commenting functionality. Unnecessary items can be removed with the following code in a plugin or functions.php:
// remove unnecessary menus
function remove_admin_menus () {
global $menu;
// all users
$restrict = explode(',', 'Links,Comments');
// non-administrator users
$restrict_user = explode(',', 'Media,Profile,Users,Tools,Settings');
// WP localization
$f = create_function('$v,$i', 'return __($v);');
array_walk($restrict, $f);
if (!current_user_can('activate_plugins')) {
array_walk($restrict_user, $f);
$restrict = array_merge($restrict, $restrict_user);
}
// remove menus
end($menu);
while (prev($menu)) {
$k = key($menu);
$v = explode(' ', $menu[$k][0]);
if(in_array(is_null($v[0]) ? '' : $v[0] , $restrict)) unset($menu[$k]);
}
}
add_action('admin_menu', 'remove_admin_menus');
Set the following variables accordingly:
- $restrict — a comma-delimited list of menu items which will not be shown to any users, including administrators. In the example above, we’re hiding Links and Comments.
- $restrict_user — a comma-delimited list of menu items which will not be shown to non-administrators. The example above disables everything except the Dashboard, Pages and Posts. Appearance and Plugins would also be hidden by default for non-administrators.
5. Remove Unnecessary Page and Post Meta Boxes
Few people — even administrators — require all the options available to pages, posts and custom posts. These can be hidden using the Screen Options menu at the top-right of the editing screen but users can still re-enable options. You can remove the boxes permanently by adding the following code to a plugin or functions.php:
// remove unnecessary page/post meta boxes
function remove_meta_boxes() {
// posts
remove_meta_box('postcustom','post','normal');
remove_meta_box('trackbacksdiv','post','normal');
remove_meta_box('commentstatusdiv','post','normal');
remove_meta_box('commentsdiv','post','normal');
remove_meta_box('categorydiv','post','normal');
remove_meta_box('tagsdiv-post_tag','post','normal');
remove_meta_box('slugdiv','post','normal');
remove_meta_box('authordiv','post','normal');
// pages
remove_meta_box('postcustom','page','normal');
remove_meta_box('commentstatusdiv','page','normal');
remove_meta_box('trackbacksdiv','page','normal');
remove_meta_box('commentsdiv','page','normal');
remove_meta_box('slugdiv','page','normal');
remove_meta_box('authordiv','page','normal');
}
add_action('admin_init','remove_meta_boxes');
Add or remove remove_meta_box
lines as necessary. The first argument is the ID assigned to the metabox’s div
element — locate that in the HTML source or using Developer Tools.
6. Remove Unnecessary Dashboard Widgets
Similarly, the dashboard can offer a bewildering array of options to some users. Remove dashboard widgets with the following plugin or functions.php code:
// remove unnecessary dashboard widgets
function remove_dashboard_widgets(){
global $wp_meta_boxes;
// only remove "Right Now" for non-administrators
if (!current_user_can('activate_plugins')) {
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_right_now']);
}
// remove widgets for everyone
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_plugins']);
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_recent_comments']);
unset($wp_meta_boxes['dashboard']['normal']['core']['dashboard_incoming_links']);
unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_primary']);
unset($wp_meta_boxes['dashboard']['side']['core']['dashboard_secondary']);
}
add_action('wp_dashboard_setup', 'remove_dashboard_widgets');
This can be configured as necessary. The dashboard widget’s ID is assigned to its div
element — locate that in the HTML source or using Developer Tools.
7. Remove the Administration Bar
WordPress shows a dark grey administration bar at the top of your live site when logged in. You may not find it useful. Or perhaps your users think all visitors can see the bar? You can remove it with a line of PHP in your plugin or functions.php code:
// remove admin bar
add_filter('show_admin_bar', '__return_false');
Do you have other recommendations for simplifying WordPress?
Craig is a freelance UK web consultant who built his first page for IE2.0 in 1995. Since that time he's been advocating standards, accessibility, and best-practice HTML5 techniques. He's created enterprise specifications, websites and online applications for companies and organisations including the UK Parliament, the European Parliament, the Department of Energy & Climate Change, Microsoft, and more. He's written more than 1,000 articles for SitePoint and you can find him @craigbuckler.