WordPress User Authority

WordPress keeps the users’ data in two tables: wp_users and wp_usermeta. If we look into the schema of these two tables, we can conclude that wp_users is used to hold a limited and finite amount of data about each user. Some of them are required and mostly used by the WordPress core, themes or plugins like the login, password, email and nice name (also nickname). But it’s not the case for the user_url field, for example. This field could fit in the wp_usermeta table since it’s not required.

Some required fields are stored in the wp_usermeta like the nickname. Well, actually I’m only aware of this one. However, some critical information like the user capabilities, user level and SSL mode are stored in the wp_usermeta table as well. This makes it no less important than the wp_users table (especially when permissions and security are a huge concern).

See more on http://wp.tutsplus.com/tutorials/creative-coding/wordpress-roles-and-capabilities-the-basics/

Below is the diagram of example of wp_user and wp_usermeta I took from my phpmyadmin page.


Note. These two charts are captured from table wp_user and wp_usermeta.


fist-hand experience

So when I first got logged in. I will check my authority to see if I can change the appearance, edit post and etc. But as a developer, I prefer to have a super admin authority to make as much operations as I want. First, I tried to use admin user to log in. The password is encrypted by MD5 algorithm. And it’s not hard to get a generated password as I like and replace admin password with new one. However, for some reason, this won’t work. When you log in, the system will remind you to reset your new password. And the older password will be changed back. Then I decided to grand my user with admin authority. What I did is copy the value of admin’s value of wp_capabilities to mine. And that works.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s