I am trying to migrate a publishing platform built in Wordpress to Ghost and I am running into the following predicament. We are a small publishing platform associated with a University. There will essentially be one staff user (me) who is creating posts, however all of our articles will be guest contributions, i.e. authored by different people. The set up in wordpress is, whoever emails me the content and I create the post. Some people might contribute multiple articles but we’re talking once every few months and they would not be involved in the website itself. In general, each post will have a unique author. I want to be able to list an author who is not me, even though I am adding it to the website, add a picture, short bio, and collect all of their posts, for the few that have multiple, on one page if they’re clicked on.
How can I do this without creating a staff user given that those are limited by which Ghost Pro plan is selected, and without sending an email invite because after all we don’t want contributors involved in the publishing at all? Is it to do with themes? Do I need a specific integration? Surely, it must be possible?
If you’re looking to not create an account associated with their email address, you can use email aliases with most email providers by adding a +{alias} to the address (e.g. publication+contributor_name@gmail.com
Actually, I have a follow up question. So after creating an email alias, logging out of the profile on ghost associated with the unaliased email address, and then following the link to create a profile - it asks for a password.
Effectively, I’m tricking Ghost into thinking there is this new contributing person who might log in but never will. And while it seems like a bit of silly thing to do with extra steps and so on, my main concern is does this process introduce any security issues? Do I need to create unique passwords for each of these fake users? Can I use the same password for each of them?
Since you won’t be logging into these users ever again, you can just use 1 secure password across all the aliases, but make sure it’s only used for dummy accounts. If you’re planning on allowing the contributor to log in, update the email address in the user settings page, and have the contributor reset their password.
To answer your question about security risks, they would be effectively none, as even if a contributor account was taken over (which is highly unlikely in Ghost as all staff accounts have the same protections), they wouldn’t be able to modify any existing or publish any new content.