Website architecture for client login area

Greetings!
Not so good with programming used for secure logins (PHP, JavaScript, etc) and feel kind of stuck.
I have a staffing company that provides temporary workers to different business. In some sectors, people need some certificates so I have to send the manager their staff profile. I thought it's easier for me to create an online staff profile page.
My idea and things I want to achieve:
A login section where a manager can log in (no registration form as I will give them the credentials) and view (preferably search) profiles and each profile will have some scans attached.
Problems:
1. What's the best way to go that does not imply tons of coding?
I've read about Wordpress plugins that can create a membership area and are easier to implement.
2. Not necessarily I would like to give access to each user to only some profiles, not all of them.
Eg: Manager 1 will be able to see only Profile A and B.
Manager 2 - C and D.
Manager 3 - A and D.
3. What about security? Is Wordpress used together with Login plugins secure? Some certificates will contain personal info.
Another thing I have read is about blocking access using .htaccess. Can I go with both solutions for better security?
Any other idea or solution is more than welcome.
PS: Read about Buddypress - but don't know how much can help me as I don't need users to interact. It's only like a database.
Thanks, everyone.

 

While you can probably solve this using WordPress with plugins, I wouldn't recommend it, really. What I would recommend is to use a in-house system if it's built by someone who knows what they're doing! The point being that an in-house system will probably fit better with your needs, as you could code it to fit your requirements exactly, and avoid a lot of unnecessary bloat. You can also make sure that access and such are coded so it will work with different managers / users.

As for the "giving out credentials", I would discourage something like that. What I would suggest is that you (or managers) register users, and when they're registered, you have a way to make them managers (changing the user's role) - the user will then receive an email, with a unique link to create a password, which will then be stored in hashed configuration in the database, and checked when the user logs in. That way, the only person who knows that password, is the user - not you, not anybody else, and you can create specifics to make sure the passwords adhere to minimum requirements. If a user forgets his/her password, they can request a new, unique password link, which they can click, and then set up a new password.

Creating a user-page, or manager-page where you can assign which managers have access to which users is not very hard - you can even make a searchable list, so you can search for users and assign them to specific managers.

 

In the meantime, I have done a test with WordPress and managed to sort of implement my idea. Using Membership Plugin. It displays a login form on the main page and after login a page with 3 test links where - Link 1 and 3 can be accessed by user1 and Link 2 and 3 by user2. If they try to access a link not available for them it displays a custom message like "You don't have access".
Regarding credentials: let's say business x has manager 1. I will create a user: manager1 and give access to certain links I want. The user class is "subscriber" so he will be able just to view the content. No user bar is shown at the top of the page. Once I finish my contract with business x, I will remove the user.
There is no registration form as for some of them will make things more complicated instead of old fashioned way where people send scans as emails. Easing the process is one of the things I want to use to stand out of the crowd.
What do you think about this solution?Is secure enough?

 

Wordpress is by definition not secure, so if you have any type of sensitive information registered, I would say no. In general I would say no, but there are ways to increase security by changing login-methods, apply backend security plugins, etc. I would suggest, if you decide to go with Wordpress, to read up on increasing security on a Wordpress installation.