If you run a multi-author site or simply need to allow other people to access and manage your site, it’s crucial that you assign each person an appropriate role. Thankfully, WordPress comes with 5 default user roles, each of which has its own set of permissions. Those user roles can help your users understand what their role is and they also ensure that no unauthorized user can perform actions that can harm your site.
In this post, we’ll explain WordPress user roles so you can use them correctly.
WordPress User Roles
The role management system in WordPress defines what actions certain users can and cannot do. By default, WordPress comes with the following user roles:
Understanding the permissions of each role is crucial if you want to invite contributors or hire someone to help you maintain your site. Let’s take a closer look at what each role can do.
The administrator is the most powerful user role. It’s usually assigned to a site owner automatically when they install WordPress and it allows them to do everything on their site. As an administrator, you can install, edit, and delete plugins and themes as well as create, edit, and delete new and existing posts and pages.
Administrators can also upload new media and manage users in terms of adding and deleting new users, changing user information such as their name and password. They can also delete other administrators.
Considering the extent of permissions of the administrator role, it’s clearly not meant for every user on your site. You need to be careful who you assign this role to and have the utmost trust in that person so you can be sure they won’t do anything that could hurt your website in the long run.
The editor role has complete control over anything related to your content, which includes your posts, pages, media, and comments.
Anyone with an editor role assigned can add, edit, publish, and delete posts on a WordPress site that were written by them as well as those written by others. They can also review, edit, delete, and approve comments and upload and delete images or any other media to your site.
An editor, however, cannot change your site settings, install, activate or deactivate plugins and themes nor can they add or delete new users.
As a security measure, it is often suggested to create a new user on your WordPress website with the editor role, even if you’re the only person publishing content on your blog.
In most cases, hackers and anyone else who visits your site can see Posted by username below every post on your site. Using that information, they can attempt to perform a brute force attack to gain access to your site. If you post content with the editor role and your site gets compromised, hackers won’t be able to get access to the vital parts of your site.
The author role allows users to write, edit, and publish their own posts. They can also delete their own posts but they cannot delete posts written by others. Unlike authors, they cannot create new categories or tags but they can assign existing ones to their posts. They can also upload images and other media files.
They cannot moderate comments and don’t have access to settings, plugins, themes, or user profiles other than their own.
Users who have been assigned the contributor role can post and edit their posts but they do not have the permission to publish or delete them. Likewise, they cannot create new categories and tags nor can they upload media files to your site which is a major drawback if you have regular contributors to your site since they will need a user with an editor or author role to upload those files for them.
They can choose from existing categories and tags to assign to their post. They can also view comments but cannot moderate them.
Contributors cannot manage the settings page, change, upload, edit, activate or deactivate themes and plugins.
The subscriber role is the default role each user is assigned if you enable site registrations. This role has the least amount of permissions which include updating their own user profile and read the content on your site and leave comments.
They do not have the ability to write posts, view comments, manage other users or manage your site’s settings.
Special Role: Super Admin
If you’re using WordPress Multisite Network, then there is another role you need to know. The super admin role is assigned to multisite owners and they can add and delete sites on a multisite network, install plugins and themes, manage users, perform network upgrades and updates, and perform the same actions as regular administrators.
Control User Access With Collaborate Tool in ManageWP
We’d also like to mention that if you’re using ManageWP to update your sites, there’s a handy way to control user access to each of your sites. You can use the Collaborate tool to add other people in your company to help you maintain the site and grant them full access or read-only access as well as decide which sites they can access.
This feature is also useful if you’re a WordPress developer or designer and manage client sites. You can give your clients access to your ManageWP dashboard to keep them in the loop without the fear of them breaking something.
Understanding and using the default user roles can go a long way towards improving your site’s security and keeping all the registered users organized. However, if you need more control or want to define new user roles with custom permissions to better suit the needs of your website, consider the Capability Manager Enhanced plugin. It allows you to manage existing WordPress roles, change the capabilities of any role, add new roles, and more.
And if you just need to bring on another person to maintain your site or want your clients to know what you’re doing, consider signing up for ManageWP and using the Collaborate tool to control user access to your site.