User Management

Create, edit, and delete user accounts from the Users panel.

Changes : 2.2.x to 2.3.x

Banning Users

Administrators can ban users from the user edit page. Click Ban User and optionally provide a reason. Banned users cannot log in and see a "banned" message. The user list shows a banned badge and can be filtered by ban status.

To unban a user, click Unban User on the same page.

TL;DR

Go to Admin → Users. You can create new users, change a user's email, username, or role, and delete accounts. Roles available: Super Admin, Admin, Editor, Author, Subscriber.

Details

User List

The Users page shows a table of all registered accounts with the following columns:

• Username — the user's login name
• Email — the user's email address
• Role — the assigned group (Super Admin, Admin, Editor, Author, Subscriber)
• Status — Active or Banned
• Actions — Edit and Delete buttons

Creating a User

Click Add User. Fill in:

Click Save to create the account. The user can immediately log in.

Editing a User

Click Edit on any user row. You can update:

• Email address
• Username
• Role (group)

Passwords are not shown in the edit form. If you need to reset a user's password, the user can use the "Forgot Password" flow on the login page.

Deleting a User

Click Delete on any user row. A confirmation prompt appears. Deletion is permanent and cannot be undone.

The site owner (first Super Admin) cannot be deleted by other administrators. This protects against accidental lock-out.

Password Security

Shield handles all password operations:

• Passwords are hashed using password_hash() (bcrypt by default).
• Repeat login failures trigger automatic throttling to slow brute-force attempts.
• Remember-me tokens are stored as secure hashes, not plaintext.

Required Permission

Managing users requires the users.manage permission. Only Super Admins and Admins have this permission by default.