WordPress comes with a user role management system that defines what a particular user can and cannot do on your website. Knowing these user roles and permissions is important as your WordPress site grows. This beginner’s guide to WordPress user roles compares each WordPress user role and permission in an easy-to-understand infographic.
What WordPress user roles are available?
There are five default user roles available out of the box when you install WordPress:
Let’s first look at each standard user role and its permissions.
The administrator is considered the most powerful of the five default users in a regular WordPress installation, as it gives users full control over the homepage. This role is defined when a user installs WordPress. The Administrator user role (known as Admin) is created using the username and password created during installation.
The administrator is the only user authorized to create new users and modify and delete existing users. As an administrator, you have access to all administrative functions such as adding, deleting and editing information of all other users and have complete control over the website content. An administrator can add, delete and modify themes, plugins and core settings at any time.
Since this role has unlimited access to the most important features of the homepage, it is best reserved for users who need full control over all website settings. Since it would be a bad idea if this is in the wrong hands, in most cases a website only has the permission an administrator. Usually, the website owner holds this position. If you have multiple sites installed in WordPress, the super administrator role will have some of the administrator’s functions available to it instead. This is logical because the super administrator manages the site network, while the administrator is concerned with managing a single site.
As you would expect from an editor, the editor role has the highest position in monitoring the content of a WordPress website. The only role that is higher than the Editor in terms of permissions is the Administrator, who can perform site administration tasks as well as manage and delete content according to that role. Users assigned the Editor role have complete control over the content of the home page. Based on their rights, they can manage posts such as writing, editing, and publishing, and delete their own posts and pages, including posts written by other people. The editor can also view comments and moderate, modify and delete them as they see fit.
The rights of an editor go beyond content management. You can also manage categories, add or delete tags, and even upload files. Apart from having open access to all content-related aspects of your homepage, the editor does not have access to your website’s settings, plugins or users.
Considering that editors traditionally review posts submitted by contributors, it is wise to never assign this role to a regular contributor due to their generous permission. Since they can delete published posts, we recommend assigning the editor role only to someone you trust. If you’re still not sure you can give someone that much free reign on your site, limit the role’s permissions. Remember that each user role can be customized to meet your needs.
Users with this author role have complete control over their content, they can add, edit, publish and delete their own posts and upload images. They can also edit and delete their WordPress profile. Authors do not have access to content created by other users. They are also not able to create categories or change anything on the pages of a homepage.
You can see an author on the author pages of a website. They can provide biographical information about themselves, alongside a built-in archive page that displays a list of posts they have written. It is possible to customize the author as displayed to readers to include photos and extras such as their name, location, social profiles and so on.
This role is not often used in practice, as authors can delete their published posts and images and edit their own published articles, which can cause problems for site owners. If you are planning a home page with multiple Authors, you should consider the Contributor role. Assigning users the Contributor role is a safer bet to avoid the risk of miscommunication or having contributors delete their content if you fire them, for example.
The Contributor role is a restricted version of the Author role. A user with this role can write new posts and edit existing posts, but cannot publish or delete them once they are published. A contributor submits their work for review by an editor or an administrator before it is published. It’s worth noting that Contributors do not have access to the Media Library, which means they cannot upload images to their posts without help.
This role is a good choice if you want to allow other people to write for your website, as they won’t have access to the features of the Admin user role, such as changing the design of your homepage, uploading or removing plugins, or creating new categories. However, they can use existing categories to add tags to their posts. A contributor can view comments, including those in moderation, but cannot change, approve, or delete them.
Subscriber is the default role for new site users and has the least privileges. If this role stays with the default features, it is the most limited of all WordPress user roles. A subscriber can create a profile on a WordPress website, read its content and post comments. He does not have access to the settings of the particular homepage and cannot create or modify content.
You can change the basic settings so that users can log in to your site and post comments without having to re-enter their details each time, which is useful for people who read your blog frequently and comment actively, making the whole process much easier and faster for readers. You can also use this feature to deliver additional content to your readers, such as newsletters. It can encourage your users to subscribe if they want to access otherwise blocked content. Anyone subscribed to your website via an RSS feed, mailing list or feature to receive updates from your homepage is a subscriber.
WordPress’ predefined user roles do a good job of providing functionality that meets the needs of most homepage. However, there may be cases where you need a user that doesn’t fit into one of the default role parameter settings. For example, you may want to customize the “Author” user role, which traditionally can delete their posts as soon as they are published, which could cause problems. To combat this, you can modify existing WordPress user roles and create custom users using a plugin or manually via the WordPress admin.
Create custom roles manually
In WordPress, you can remove the default user roles and create custom users. This is simply a matter of assigning limited permissions to specific groups of users. Follow this guide to create a user role manually.
Creating custom user roles with a plugin
You may prefer to use a plugin to control user roles; there are many available to add, modify, and delete user roles and capabilities. The free plugin “Members” gives you full control over your website’s users by extending the permissions of the default roles. With this plugin, you can modify existing user roles as well as create a custom role for your homepage users. You can add this plugin directly from your WordPress plugin directory. Once the Members plugin is installed and activated, you can start creating new user roles:
- Go to your dash, hover over Users and find the new option included in the Members plugin: Add New Role. Click here to open the screen for creating a custom role.
- Start by giving the role a catchy name, for example, you could give the role a name like “Author Pro” to provide advanced functionality to the most experienced authors on your site. Now check the boxes to assign and deny functionality to your new user role. Finally, click “Add Role.” Your new user role is now ready for use.
Customizing user roles with a plugin
Follow these steps to customize an existing user role using the Members plugin:
- On successful activation, this plugin adds two new options to the default users in your WordPress dashboard; Roles and Add New Role. Click on Roles to view all existing user roles available on your site. Click on a role to see what features are available to the user. You will now see the permissions granted to that role. From here you can grant additional rights or deny existing rights, there are many options you can set for each user role with this plugin.
- Check the grant checkbox to add a right, or select deny to block it. For example, if you want to grant an editor access to the create users feature, open the editor role and select the grant checkbox next to create_users. By default, this function was limited to the admin only.
- Click Update to confirm your changes. You have successfully customized a default WordPress role.
This plugin gives you real flexibility. Consider the Author role – you can update this role with a new restriction on deleting posts. To do this, simply click the checkbox next to “Deny” for the “delete_posts” function in the “Author” user role settings. As we’ve shown, the Members plugin offers great value for a free plugin; you get peace of mind that your users aren’t abusing your homepage. This type of plugin is ideal if your homepage is about to grow and you can foresee needing more hands on deck to handle it.
There are many other plugins designed for managing user roles, including the User Role Editor. This free plugin simplifies user rights management. Editing roles with this plugin is a bit easier, and it has some advanced features. Not only does it support core capabilities, but it also lists capabilities for any additional features you have defined through your website plugins and themes
Other notable plugins include Capability Manager Enhanced, a simple tool for managing WordPress user role capabilities, the Cimy User Extra Fields plugin lets you add predefined fields to user profiles.