WordPress User Roles and Permissions

WordPress User Roles and Permissions offer access controls and privileges for your website. From Super Admin to Subscriber, every WordPress user who logs in to your website has a specific set of permissions or capabilities assigned. A website owner must be familiar with WordPress default user roles and capabilities to provide access to the specific dashboard areas/admin panel to specific users.

WordPress comes with a complete user role management system with a variety of types of user roles. A website owner can easily limit a user to specific tasks such as installing a plugin, creating a page on the website, editing posts by other authors, moderating comments, and more. Preventing other users from having administrative access ensures the site’s security. This also keeps the website safe from any accidental changes that could result in the breakdown of the site.

What are WordPress User Role and Permissions?

What is a user role? A user role describes permissions established for selected users to accomplish a group of tasks. In a default WordPress installation, there are predefined roles with different sets of pre-defined permissions. Every user role has a specific number of tasks that they are allowed to perform.

Permissions or Capabilities refers to a specific set of activities that a user is allowed to perform on the site. Every WordPress user role is well-defined. There are no misunderstandings about the areas that each user role can access and the actions that they can perform.

There are a variety of permissions, including “moderate_comments”, “publish_posts”, “edit_posts”, and “edit_users”. Although every user role has a pre-defined set of capabilities, new capabilities can be added and/or removed from each user role. The user roles make it possible for WordPress websites to have several authors and hundreds of registered users. This accessibility has converted WordPress from a simple blog publication platform to a public platform that is skilled in operating membership sites, online publications, and many other kinds of sites that host many users.

Types of WordPress User Roles

There are six pre-defined user roles are available in WordPress:

Super administrator

The super administrator role in WordPress has been created for the multisite network capability of WordPress. This role has complete responsibility for all of the websites within one network, and they can manage all of the features of the sites.

Super administrators have complete authority to delete or cancel other users, even the administrators. Because of this, it is very important to only assign this role to trusted team members. A super administrator can control many parts of your business, your network, and other users both negatively and positively.

The super administrator role can create new websites and manage their plugins and themes. They can also add, delete and manage content on a multisite network. This role controls the networks, all of their settings, and security matters. The very first user who sets up a multisite network is known as the default super administrator.

Administrator

This role is assigned to the most powerful user. The administrator role is assigned when a website is created. The administrator is at the top of the pyramid as it is assigned to the owner or to the main developer of the site. They have access to all of the settings, features, and options of WordPress.

The WordPress administrator role can update WordPress, including all of its plugins and themes that are installed on the website. Administrators can add new users to the website. Administrators also have the authority to assign user roles and permission to others.

In short, an administrator can do almost anything on their website.

Editor

The editor user role allows you to edit or view any content on the WordPress site. Editors can read posts, leave comments, edit and delete posts, publish posts, upload files to the media library, edit and delete pages and content from users higher than themselves such as administrators, manage categories, and they can also moderate comments.

Editors are only one level behind the Administrator. They have full access to the post screen, so they can delete and edit anyone’s posts, add categories and tags, upload media, go to pages, and edit or delete anything in the area of the pages. When it comes to comments, editors can approve, spam or trash any comments. However, the editor doesn’t have permission to add widgets, plugins, and WordPress settings. An editor also cannot add or remove users.

Author

The author role can log in to the WordPress Admin area. Compared to the editor role, they have a minimal set of permissions.

The author role can read posts, comment on posts, edit and delete their posts and publish their own posts. Authors cannot create new categories. They have to choose from the existing categories. The author can see comments but cannot approve or delete them. They can’t add widgets or create any sort of plugins on the site. This role is designed to be for someone who creates the right kind of content for your website and is trusted to manage and publish their own content.

Contributor

The Contributor user role can add and edit new posts, but they cannot publish any of their posts. This user role can write blog posts and articles, but it doesn’t have permission to publish them. This means that after they write a post, it is moved to draft, and an administrator or editor will review it. Also, while writing their posts, they are not allowed to create new categories, and they have to select categories from the existing ones. However, a contributor can add tags to their posts. The main disadvantage of this role is that the contributor cannot add any images to their posts. They also can’t upload any of the files.

The contributor role can view comments, including those pending moderation, but they are not allowed to approve or delete any of the comments. They don’t have any access to settings, themes, or plugins. The contributor user role has very little permission in WordPress, and the ability to submit content for review is its default permission.

Subscriber

The Subscriber user role has very limited capabilities and remains so unless the default capabilities are changed. Users who are assigned the subscriber user role can log in to the WordPress website, can update their profile info, change their password, and have a very limited ability to modify the WordPress dashboard.

Subscribers are not allowed to write or publish articles. They can’t touch the administration area. This user role is important for those people who often read blogs or comment actively. It makes it easy and fast for people to comment on a blog. The subscriber role is also assigned to users who have subscribed to any website using mailing lists, RSS feeds, or other features to receive updates from the website.

How To Add a New User in WordPress?

Adding a new user in WordPress requires that you be an Admin user. From there, adding a new user in WordPress is a pretty straightforward process. This is where you will initially assign the user a role and permissions. Of course, as an Administrator, you can always change the user’s role later on if it better suits your needs.

The steps to add a new user to your WordPress site are as follows:

1. log in to the WordPress Admin dashboard (https://examplesite.com/wp-admin).

2. In your WordPress Admin dashboard menu, click on the Users menu item, and then click Add New.



3. Enter the new user’s name, email address, first and last name, and website.



4. Select the user role as defined above.



5. Click the checkbox in front of “send the new user an email about their account.”

6. Click the Add New User button and the new user is added.

Repeat these steps for each new user, paying close attention to the user roles and permissions you assign to each.

How To Find User Roles in WordPress?

For existing users, you may want to look into the user roles that are currently assigned. After all, some of these roles may have been assigned before you had a thorough understanding of WordPress user roles and permissions. Now is the time to verify your currently assigned user roles.

To do this, simply follow these steps:

1. log in to the WordPress admin dashboard.

2. In your WordPress admin dashboard, click on the Users section, and then click All Users.



3. View the list of all of your current users.

4. Next to the Email column, you’ll see Role. This is the user role assigned to each site user.

Now that you’re aware of the role assigned to each user, perhaps you want to make a few assignment adjustments.

How To Change User Roles in WordPress?

A WordPress user role change is immediate and the user will be notified by email of their new role on your site. To change a WordPress user role, follow steps 1-4 above. Once you’re viewing the list of all of your site users, you’ll want to:

1. Hover over the name of the user you want to update. Upon hovering over the selected user, you’ll get edit options presented to you.



2. After clicking to edit, you’ll be able to change fields such as name, email, and website. You cannot, however, change a username here.

3. At the bottom of the user profile, you’ll see a dropdown menu that allows you to change/select the user role.



4. Choose the new user role.

5. Save the user profile.

The role and permission changes are implemented by WordPress the instant you save them.

How To Delete An Existing User?

There will probably be times when a user needs to be removed completely from your site. Perhaps you hired a temporary freelance Editor to provide editing services for your site over the course of two months. When the two-month time period expires and the contract is up, you no longer want the freelancer to have access to your site.

To delete this user and remove all of their permissions to your website, follow steps 1-4 listed above for finding a user.

After you locate the user that will be deleted, hover over their name and click on the delete option.



After you confirm the deletion, the user will be notified via email that they have been removed from your site. They’ll no longer have any credentials to log in.

It’s important to note that you cannot delete yourself or other Administrators (unless you’re a Super Administrator on a multi-site account).

How To Manage User Roles in WordPress?

The way you choose to manage user roles and permissions on your WordPress site is completely up to you. After all, who knows your team members’ abilities and limitations as well as you do? Before you choose the roles that are appropriate for each user on your site, step back and ask yourself a series of questions about them.

• Can the user be trusted to fully manage your WordPress dashboard?
• Do you have trust in the user to properly organize the content on your site?
• Do you need to review the user’s posts before they get published? Or do you trust their judgment?
• Should the user have the capability of editing and publishing posts from other users?

Before assigning a new user to the Administrator role, it’s important that they have a thorough understanding of the WordPress platform.

Conclusion

In this article, we have explained WordPress user roles. When it comes to users and their roles, WordPress is very flexible. Along with the pre-defined user roles, you can easily create or customize user roles with your desired set of capabilities. However, be cautious when assigning capabilities to a user, as someone with too much power and knowledge can damage your site. For this reason, it’s a good idea to keep a close eye on the WordPress user roles and capabilities allocated to the users on your WordPress site.