Search for answers or browse our knowledge base.
How to configure different login security policies for different WordPress user roles
Once you install Melapress Login Security, you can configure and enable password and login security policies in the Site-wide policies tab. All the password and login security policies configured in this tab apply to all users, regardless of their WordPress role.
However, you can apply different policies for specific roles. To do so:
- Navigate to Login Security > Login Security Policies
- Hover over the Role-based policies tab and choose the role
- Uncheck the option Inherit password & login security policies
- Configure the policies for that role in the role’s tab
- Click Save to save the new policies
The newly configured policies will apply to the users with that role. To force the users to change their passwords, click the Reset All Users’ Passwords button.
Assigning login security policies to users with multiple roles
When a user account belongs to multiple roles, we must set the. policy priority option, which allows you to tell the plugin which roles take priority. Using this system, any user with multiple roles will effectively receive the policy configured for the role that’s higher in the priority order.
To set user role priorities for enforcing password policies:
- Navigate to Login Security > Settings
- Scroll down to the Policy priority for users with multiple roles
- Enable the Configure the priority of each user role’s password policies by ticking the checkbox next to it.
- Click, drag, and drop the roles in their order of priority
- Click on Save
In the above screenshot, you can see the five standard roles that are available in a default WordPress configuration – you may or may not have additional options available depending on your personal setup. The further up the list a role is, the higher its relative priority to the others.
Example
To illustrate how this works with an example, suppose you have a user who belongs to the Subscriber and Editor roles. While you have password policies for both roles, you would like the password policy assigned to the Editor role to apply.
In this case, simply ensure that the Editor role sits above the Subscriber role. This ensures that the Editor’s policy takes precedence and, as such, is the one that’s applied.