How To Allow Guests To Post On Your WordPress Site

Do you need to allow contributions to a site from those with no WordPress experience? Concerned about the extra overheads in training and supporting multiple new authors?

In this Weekend WordPress Project, I’ll show how to set up front-end posting for novice WordPress users that maintains control and won’t overburden you with ongoing training and support.

Composite picture of the Weekend WordPRess Project logo with a guest sign
Make your life easier by allowing contributions to be submitted via the front-end

There are many scenarios where you might want to allow a guest or regular contributor to be able to create a post without having to require them to access the WordPress admin interface.

Any WordPress site that represents a community such as a church, sporting club, school, association or perhaps a local magazine, is likely going to have multiple authors all wanting to submit content.

A simple form embedded in a page is not only a lot easier for novice users to get their head around but also all they need.

That’s exactly what the DJD Site Post plugin does. We’ll work through installing and configuring the plugin and then making the form available. We’ll also consider additional options such as styling the form, creating a specific role for your contributors and managing access to the WordPress admin interface.

But first, let’s install and configure the DJD Site Post plugin.

Installing And Configuring The DJD Site Post Plugin

You’ll find it by searching from the Plugins > Add New screen in the admin area or you can download it from the WordPress Plugin Repository.

After installing and activating the plugin, you’ll need to set up a page with the shortcode before you can properly configure the plugin.

Go to Pages > Add New and create a new page with an appropriate title. In the body of the page, enter the following shortcode:

[djd-site-post]

Click Publish and when the screen refreshes, look at the URL and make a note of the Post ID (post.php?post=XX where XX is the Post ID).

Now go to Settings > DJD Site Post.

The settings are all pretty self-explanatory but we’ll pick out a few that might need some further consideration.

  • Form Title – this is the title to appear at the top of the form. Unfortunately, entering a blank title results in a default title being displayed which is a bit annoying especially for an embedded form. We are going to look at hiding the title altogether a little later.
  • Edit Page ID – this is where you enter the Post ID of the page you just created.
  • Publish Status – the full list of statuses are available. To me, Pending seems the most sensible, allowing you or the site manager to check the post and perhaps assign categories and tags before publishing.
  • Mail on New Post – I think this is worth checking, especially if you don’t use Publish as the Publish Status setting
  • Hide WordPress Toolbar – I’d check this to keep the admin interface out of the picture completely.
  • Hide Regular WP Edit Link – Again, I’d check this so that the only functionality is that provided by the plugin.
  • Allow guest to post – In most situations there is no need to allow guests, that is visitors who are not signed in, to submit items. If you do allow guests to post then you definitely do not want the Publish Status set to Publish.
  • Allow Guests to select Category – This applies to anyone using the form. Again, I’d leave this unchecked and just have the contributors focussing on the content.
  • Category for Guest Posts – Use a holding category (e.g. submissions).
  • Require a Title – Check! We want a title, so if the contributor doesn’t put one in, you’ll have to.
  • Content Field Style – To keep things more manageable, I’d suggest using the Visual – Visual Only setting so that there’s no access to HTML.
  • Allow Media Upload – I think inevitably you are going to need to allow this.
  • Email & Name for Guest Posts – not required if you are requiring your contributors to log in first.

You can also override the labels used by the form which is a nice touch. Use labels that you think will make most sense to your contributors.

Once you’ve completed your settings, click on Save Changes. On visiting the page you set up earlier, you should see something like this:

Screenshot fo the form output by the DJD site post plugin
Perfectly usable but under Twenty Fourteen needs a little visual tweaking

Styling The Form

I wasn’t overly keen on the style of the form out-of-the-box, so I looked for a way to override it.

The CSS file is enqueued by the plugin which makes it difficult to override without creating a child theme and that seemed like overkill (if you are using a child theme already, however, this is exactly where you should add your custom CSS). I also didn’t want to edit the CSS file in the plugin directly as that breaks any update path.

I decided to use the Simple Custom CSS plugin which allows for CSS rules to be inserted that will override both theme and plugin styles. After installing the plugin, and going to Appearance > Custom CSS, I added the following CSS statements to:

  • remove the form title altogether
  • put a bit more spacing around the Add Media button
  • remove the border around the form
  • add a border to the body form field
  • better align the Submit button
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
form#site_post_form legend {
display: none;
}

form#site_post_form {
border: 0px;
width: 100%;
margin: 0px;
padding: 0px;
}

a#insert-media-button {
margin-top: 10px;
margin-bottom: 10px;
}

div#wp-djdsitepostcontent-editor-container {
border: 1px solid rgb(159, 159, 159);
margin-bottom: 20px;
}

button.send-button {
display: block;
margin: 20px 0px;
}

.djd_site_post_form div#field-wrapper {
margin: 0px;
padding-left: 0px;
}

Whether you need to do the same styling may well depend on your theme (I used Twenty Fourteen) but this looks better.

Screenshot fo the styled post submission form
A little styling and now we have a front-end post submission form

Picking A Suitable Role For Regular Contributors

DJD Site Post provides the flexibility to allow guests to submit a post. The upside is that your contributors don’t have to worry about remembering login credentials; the downsides are that file uploads won’t work for guests  (and nor should they) and you’ll potentially spend a lot of time dealing with unsolicited posts.

The approach I’d recommend is to create a specific contributor role, assign the appropriate capabilities and use that for each of your contributors. This is easily done using the Capability Manager Enhanced plugin.

Creating the New Role

Install the CME plugin and then click on Users > Capabilities.

In the Create New Role widget in the right-hand menu, type Guest Contributor and click on Create. You should see the Select Role to View/Edit widget has changed to your new role (if not, use the dropdown to select it and click on Load).

These are the capabilities we want to give the new role:

  1. Posts – Edit
  2. Other WordPress Core Capabilities – read
  3. Other WordPress Core Capabilities – upload files

That’s it. We only want to give the role the capabilities it needs to perform its task.

Do You Need To Remove Dashboard Access?

This is an interesting consideration. By default, when one of your contributors logs in, they’ll be taken to the dashboard and will see Posts (Posts – Edit capability), Media (Upload files capability) as well as having access to their profile.

Now, the whole point of installing the DJD Site Post plugin is to remove the need for this contributors to go into the back-end so I think we need to do something about that.

By installing the Remove Dashboard Access plugin (hat tip to Rae and this post) you’ll have the flexibility to limit access to Administrators only or by capability.

To set up the dashboard access restrictions, go to Settings > Dashboard Access.

Screenshot of the Remove Dashboard settings page
Remove dashboard access but allow profile access. Win win.

I’d suggest limiting by capability and use a capability that your guest contributors don’t have. The default manage_options will be fine in most situations but if you find that this is preventing other users from using the admin interface you can take advantage of the Capability Manager Enhanced functionality to create a specific capability:

  1. In Users > Capabilities, select Administrator in the Select Role to View / Edit widget and click on Load.
  2. Then in the Add Capability widget textbox enter access dashboard and click on Add to role.
  3. Scroll down to Additional Capabilities and click on the checkbox next to access dashboard and click on Save Changes. The Administrator now has this role.

Repeat the last step for all the roles that you wish to have access to the admin interface and exclude those that you don’t.

Go back to the Dashboard Access settings and find access_dashboard in the capabilities dropdown.

Click on the Allow users to edit their profiles in the dashboard (this will mean that users can change their email address without needing to bug you!) and enter an appropriate URL in Redirect URL. This may be the home page or the page that contains the post submission form.

Click on Save Changes and you’re done.

[Update] Restricting Access And Adding A Log-in Form

So, we now have a form that allows logged-in users to create a post which is good but there are two enhancements we can add to make it even better.

The first is to restrict the authority to use the form either further. At the moment, any logged-in user can see the form which may not be what you want especially if you have a number of conventional subscribers.

To restrict the access, use the Capability Manager to add a new capability of front_end_submit to the roles that you want to have access. I prefer adding capabilities as it makes it much easier to check when putting the code together and prevents us creating too many roles.

The second enhancement is to output a login form if the visitor access the page but is not logged in. If you are allowing anonymous submission or you already have the login form in your theme then you won’t want to do this but otherwise it is more logical to provide the login form on the page.

To add both these enhancements, add this code to your theme’s functions.php file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
function site_post_access( $content ) {

$message = '';

if ( !is_user_logged_in() ) {

$message = '<p>You need to log in to submit a news item.</p>' . wp_login_form( array( 'echo' => false ) );

} elseif ( !current_user_can( 'front_end_submit' ) ) {

$message = '<p>You do not have access to this function.</p> ';

}

if ( $message != '' ) {

$content = str_replace('[djd-site-post]' , $message , $content );

}

return $content;
}

add_filter( 'the_content' , 'site_post_access' , 0 );

We are making use of the the_content filter to actually replace the DJD Site Post shortcode with our own content in two circumstances: the visitor is not logged in; and the logged-in visitor doesn’t have the front_end_submit capability.

By using a priority on the filter of 0, this code gets to be executed before the shortcode is processed, enabling it to be removed.

Now the site has a capable post submission form that is only accessible to selected users, who in turn don’t have access to the site’s dashboard.

If you make use of the above code and have your own custom styling then it’s probably worth considering either a plugin or a child theme to add the coding and the stylesheet.

An easy to set up, easy to manage and, perhaps most importantly, easy to support approach to spreading the content load without the need to train anyone in how to use the WordPress admin interface.

Do you manage a site that has regular contributors? How do you manage it? Would this be a workable solution?