The management of any large group of users on any web platform presents a number of challenges, not least of which is the management of user passwords. Our default setup for all Creative Blogs sites is that children do not have access to their user profiles to enable them to change passwords. This is because, in our experience the first thing that children do when logging in to a new computer system is change their password, and the second thing they do is forget what they changed it to.
This presents some issues: all passwords in Wordpress are encrypted - we cannot decrypt any passwords for you. Wordpress is a secure web platform and even hosting providers such as ourselves cannot find passwords. When requested we send spreadsheets of user accounts and passwords when we set up new systems, however, it is very important to note that once the school is in receipt of these spreadsheets we will delete them from our computers for data protection reasons. It is essential that schools keep copies in a secure place.
There are circumstances in which passwords might wish to be changed:
- A child's password has become compromised (perhaps shared with other children) and needs changing;
- Children started off in KS1 with simple or identical passwords to their classmates and now need new passwords;
- The original spreadsheets have been lost and children do not recall their passwords.
1. Changing an individual child's password
A network admin needs to do this. Go to Network Admin > Users and locate the child's username (use the search bar at top right). Click Edit under the user's login to edit their profile. At the bottom of the profile is a "Generate Password" button. Click this, delete the random password presented and replace with a suitable password. Tick the "Confirm use of weak password" box if presented.
If you are in possession of the spreadsheet of usernames and passwords for the class, edit it to reflect the new password.
2. Changing a set of passwords in year 3 or 4
On the assumption that in year 2 children all had the same password for their blogs, once the children have moved into keystage 2 they will need individual passwords. If you do not wish to allow children of this age to have access to their user profiles (see 3, below) then the only option is to manually reset user passwords for the class. Go to Network Admin > Sites > All Sites and locate the class blog required. Underneath the blog click Edit, then click on the Users Tab. You will be presented with a list of all users on that blog. Underneath each username click Edit and set a new password in the same way as 1, above. Make sure you note all usernames and passwords.
3. Bulk changing a set of passwords and allowing children to edit their profiles
We are not aware of any plugin that allows the bulk reset of individual passwords to new individual passwords.
A plugin called Bulk Password Reset allows you to change a class set of passwords to a standard password for the whole group. This is useful in two circumstances: firstly, to change a standard password for a keystage 1 class; secondly for an upper keystage 2 class in order to allow them to login prior to accessing their user profile and setting their own passwords.
The Bulk Password Reset plugin is not installed as a default plugin in our sites at present but if you need to use it, submit a support request and we will install it for you. Once installed it can be found on every blog dashboard under the Users menu.
How to use the Bulk Password Reset Plugin
This can be run by the class teacher.
After installation go to Users > Bulk Password Reset on the class blog that you wish to reset passwords on then follow these steps:
1. Select the group of users you want to reset by role (select "Contributors" for the children's logins).
2. Tick Advanced settings.
3. Tick Direct Password reset.
4. Untick email notifications and password nag.
5. Set a custom password for the whole class.
6. Click Save settings and reset passwords
Do this on each blog that you wish to reset passwords on.
Note: it only works on each blog but cannot be done for all contributors at once from the network admin menu.
How to set Easy Blogging to allow children access to their profiles
This section must be done by a Network Administrator.
Once you have completed the bulk password reset for each class, you will need to allow the children access to their user profiles in order that they can set their own password. This is done by changing settings in Easy Blogging.
Go to Network Admin > Easy Blogging > Menu Items
You will see a list of possible menu items that the children may access. Only two will be ticked: New Post and My Posts. These are the only two menu options that we allow children to have access to on login in our standard setup. Locate Profile, tick to select it and click Save changes at the bottom of the page.
The children now have access to their user profiles on login (it will be on their user menu). They can click Profile and then Generate Password to set their own user password as in 1, above.
Important Note: Don't forget to go back to the Easy Blogging settings and revoke access to their profiles once the procedure is complete.
- Test the procedure with a couple of children prior to trying to do it in a lesson in order to familiarise yourself with it.
- Make sure the children logout and login to test their new passwords;
- Make sure that passwords set are appropriate to the individual. Where possible the use of capital letters, numbers and punctuation should be encouraged;
- Make sure that the class teacher creates a new list of user logins and passwords;
- Use this as part of an e-safety lesson on password security;
- Install the WP-Use Avatar plugin and allow the children to add their own user avatar to their profile as part of your e-safety curriculum (no photos of children). Submit a support request to ask us to install this plugin on your site.
Step 1: Get Bulk Password Reset plugin installed on your site (network admin);
Step 2: Reset all passwords for the class (class teacher or network admin);
Step 3: Set the Easy Blogging permissions to allow children access to their profiles (network admin);
Step 4: Get children to reset their passwords and make a list (class teacher);
Step 5: Revoke access to profiles (network admin).