WordPress is the most popular Content Management System (CMS) we have today. It gives its users complete freedom over their sites hence creating magnificent websites with no limitations. WordPress supports different user roles that control who has access to your site and what functions they can perform on the backend of your website. The user role management module is flexible and straightforward, and as your site grows, it’s critical to understand these user roles and permissions. Here is a complete guide of user roles in WordPress for you to understand all the aspects to handle users on your site effectively.
User Roles in WordPress
You can quickly manage the user roles of your website after installation using the basic WordPress user roles administration. Implementing user roles is essential, especially if you are running a blog managed by multiple users. You can allow other people to contribute to your website without fear of breaking it, corrupting the content, or doing anything they shouldn’t.
Below are the user roles available in WordPress single site installation include:
The image below illustrates users with their roles;
Note: There is a Super Admin role available only for multisite installation. Since, most bloggers use single site WordPress installation, we do not include that role in this article. Super Admin can create and manage network sites and will have all capabilities of administrator.
Roles and Capabilities
User Roles and Capabilities are the two most essential aspects of WordPress user management. The role demonstrates the capacity of multiple people with access to a website to complete the same action, whereas capability grants permission or access to accomplish a task(s) assigned to a specific role.
Here will look at each of these user roles, their purpose, capabilities, and the differences in their roles.
In WordPress, the Administrator (or admin) is the primary user. That simply means that whoever sets up the site automatically becomes the administrator. Almost everything on the website is under the admin’s control. This job is mainly for site owners and grants you complete authority over your WordPress site. If you’re running a multi-user WordPress site, you’ll want to be cautious about who you give the Administrator user position because of security issues.
The Administrator can perform the following tasks on a site;
- Changing other user’s roles by adding permissions.
- Admins are capable of changing the website’s theme.
- They can add or remove plugins.
- They are capable of adding pages and posts.
- An Administrator can add new users to the site, edit existing user information, including passwords, and delete any user.
- The Administrator can take the website down or put it into maintenance mode when need be.
Administrators have the ultimate power and capabilities to do anything whatsoever on the site. They can do things that other user roles don’t have access to hence not doing them. The image below shows how the Administrator’s dashboard looks like;
Users with the Editor role in WordPress have complete access to your website’s content sections. They won’t modify how the website works, but they will significantly impact how visitors interact with it. Their roles are;
- Editors work on the website’s pages and postings by simply editing them where necessary.
- Editors are in charge of your site’s categories and links.
- They can add, modify, publish, and delete any user-written posts.
- An Editor also has power over comment moderation, editing, and deletion.
- They can also add, change or remove Images and media from posts and pages.
It is outside their users’ permission to create a theme, install plugins, or add another user. The Editor’s dashboard looks like this;
The Author position is the third of the WordPress roles accessible to you. As the name implies, this role is responsible for WordPress permissions such as composing, editing, and publishing posts. Authors can delete both published and draft posts. Authors are only allowed to change their work. From the WordPress dashboard, they will usually only see their work. Their roles include;
- Authors can upload, change, or remove media files of their own work to the website.
- They can tag their posts and have access to all comments, even those awaiting approval; nevertheless, they cannot moderate, approve, or delete any comments on posts, even if they are their own.
- They can change internal and external links in their articles and pages. Have complete control over their posts and pages, including the ability to create, amend, and delete them.
- Authors of WordPress website, on the other hand, are unable to change or delete the content of other authors on your site.
- They cannot establish categories while writing entries, but they can choose from existing ones.
When it comes to the author’s capabilities, they won’t be able to change any of your WordPress website’s themes, plugins, or other settings. That means that the author only has control over the post they’re writing and posting; they don’t have any administrative powers. See the Authors dashboard below:
The Contributor WordPress user roles have relatively limited access, as they can only create new posts and change their own. The function of the contributor is relatively similar to that of the author. The distinction is that a contributor, unlike the author, cannot publish a post. Their role is to write posts and submit them for evaluation before the editor publishes them. Contributors are unable to publish any posts, including their own.
They can’t make their own categories, so they have to choose from pre-existing ones. This WordPress user position is best suited for visitors who, of course, contribute material to your site.
- Contributor users can easily create new posts and update existing ones, but they can’t publish them.
- They can tag their posts.
- They can read comments but not approve or delete them.
A contributor is unable to upload files, leave alone putting images in their articles. Contributors do not have access to settings, plugins, or themes when it comes to capability. That means that they won’t be able to make any changes to the WordPress site. The dashboard of the contributor below:
The subscriber role has the most significant restrictions of any WordPress role. Subscribers are only allowed to complete one task: they must subscribe to your website. These are usually your website visitors that want to sign up for an account. This role is frequently seen on subscription-based WordPress blogs.
Writing posts, seeing comments, and pretty much everything else in your WordPress site settings and admin section is not available to the subscriber. They can only alter their login information and profile images at best. This user status is primarily utilized on subscription websites, Learning Management Systems (LMS), and other websites that include member areas. This user role is super helpful if you require people to log in before reading or commenting on an article. See the Subscribers dashboard;
Comparison of WordPress User Roles Capabilities
Below is the summary of all user roles available in single site installation along with their capabilities.
|Edit Theme Options||✅||❌||❌||❌||❌|
|Edit Others Posts||✅||✅||❌||❌||❌|
|Edit Others Pages||✅||✅||❌||❌||❌|
|Edit Published Pages||✅||✅||❌||❌||❌|
|Delete Others Pages||✅||✅||❌||❌||❌|
|Delete Published Pages||✅||✅||❌||❌||❌|
|Delete Others Posts||✅||✅||❌||❌||❌|
|Delete Private Posts||✅||✅||❌||❌||❌|
|Edit Private Posts||✅||✅||❌||❌||❌|
|Read Private Posts||✅||✅||❌||❌||❌|
|Delete Private Pages||✅||✅||❌||❌||❌|
|Edit Private Pages||✅||✅||❌||❌||❌|
|Read Private Pages||✅||✅||❌||❌||❌|
|Edit Published Posts||✅||✅||✅||❌||❌|
|Delete Published Posts||✅||✅||✅||❌||❌|
In general, users will register on your site as per the roles setup by you as an admin. For example, you can use membership plugins to create custom roles and offer personalized content for different user roles. If you want to offer a subscriber role for users then follow the below instructions.
- Login to your WordPress admin panel and navigate to “Settings > General” section.
- Enable the checkbox for “Anyone can register” against “Membership” option.
- Select “Subscriber” for “New User Default Role”.
- Scroll down and click “Save Changes” button.
Users can access your registration page using the URL https://www.yoursite.com/wp-login.php?action=register.
After successful registration, you can view the users under “Users” section in admin panel. Since all other roles have higher privileges, make sure to only offer “Subscriber” for new users.
Manually Adding Users with Role
The problem with registration is that you will receive large number of spam emails and you have no control on restricting them. If you do not want to use additional plugin for role management, then the option is to manually create users and assign appropriate roles for them. This is best way to add authors, editors and contributors in your site.
To do this;
- Log in to your site, go to your WordPress dashboard and navigate to “Users > Add New” menu.
- Fill in the required user information and check the “Send User Notification” checkbox.
- Assign them the designated role by clicking on the dropdown against “Role”.
- Finally click on the “Add New User” button to apply your changes.
You can also manually create an administrator user. Since, installing and editing themes/plugins need administrator role in WordPress, developers may ask admin access for troubleshooting purposes. In such cases, avoid providing your own administrator credentials. You can create a new admin user and offer the credentials to the developer of your plugin or theme. However, make sure to provide your details to reliable person as admin can copy or delete entire website’s content. In case of any problem, use your own admin credentials to login and delete other admin or change role/password to prevent unauthorized logins.
Note that you can also use this technique to change the role of a user who has already been assigned to another role. Navigate to “Users” section and find the user you want to change roles for. Click on the “Edit” option and change the user’s role.
Custom User Roles in WordPress
Default WordPress roles allow you to manage the content creation process seamlessly. However, they are no more sufficient to handle different types of tasks. Fortunately, there are plugins to manage membership registration and other stuffs for you. Here are some of the example plugins that will create custom user roles in WordPress.
- WooCommerce – this plugin will create Customer and Shop Manager roles.
- Yoast SEO – it will add SEO Editor and SEO Manager roles.
- bbPress – it will add Participant, Moderator, Spectator and Keymaster roles for your forum.
You can view the available roles from “Users” section and change the assignment if needed.
On other hand, many plugins have configuration to restrict the access for non-admin users. For example, WPBakery page builder plugin has a “Role Manager” that allows you to setup the editor access for different user roles.
To conclude, you will realize that at some point, you’ll need the assistance of others to administer your website efficiently. After you’ve assembled your team, the next step is to assign roles to each member. User roles and capabilities are practical tools for limiting what users can do on your site; thus, there’s no need to be concerned about people messing up your website when it’s at the point where it needs assistance. You may do so knowing your website is secure if you assign the appropriate user role or alter an existing one to match your needs.