If you’re the only person running your website, you’ve probably never had to think about WordPress user roles. However, if you ever need to give other people access to your WordPress site, WordPress user roles are essential for controlling what actions the various users at your site are permitted to take
By smartly applying WordPress user roles, you ensure that no one has more “power” than they need. And this helps make your site more secure and streamline your workflow.
In this guide, we’ll explain what WordPress user roles are and why they matter. Then we’ll walk you through each default role before offering some tips on how to apply them effectively. Let’s begin!
- 1 What WordPress user roles are (and why they matter)
- 2 The six default WordPress user roles
- 3 How to apply user roles effectively on your website
- 4 Conclusion
What WordPress user roles are (and why they matter)
WordPress user roles define what actions each user at your site is allowed to perform. These actions are called capabilities. For example, the ability to publish a WordPress post is one “capability”, while the ability to install a new plugin is another “capability”.
So at a simple level, user roles are just a collection of different actions (called capabilities) that a user with that role is allowed to perform.
WordPress user roles are important because they:
- Help secure your WordPress site by ensuring that users don’t have access to things they shouldn’t have. For example, you don’t want an untrusted user to have the ability to install new plugins on your site.
- Can help you define your workflows. For example, WordPress has pre-made user roles that you can apply to authors on your site to give them access to only the functionality they need to write WordPress posts.
The six default WordPress user roles
Out of the box, WordPress includes six different user roles. Understanding each one is key if you want to protect your site and ensure your team works more effectively. Let’s take a look at each of these roles in turn.
We’ll also show you what the WordPress dashboard looks like from the perspective of each role.
This is the role assigned to you when you create a website. The administrator is at the very top of the hierarchy (unless you’re running a Multisite installation, which we’ll discuss soon). In most cases, there is only one, and they are able to access all the functions of the WordPress backend.
Administrators are able to do everything. This user role can, in part:
- Create, edit, and delete any content
- Manage plugins and themes
- Edit code
- Delete other user accounts
Administrator is the most powerful user role and should rarely be assigned to any other account. If you give someone else this user role, you’re essentially giving them the keys to the castle. So be careful!
As the name of this user role suggests, an editor is generally responsible for managing content and thus has a high level of access. They can create, edit, delete, and publish both pages and posts – even those belonging to other users.
An editor can also:
- Moderate comments
- Manage categories and links
However, they cannot make site-wide changes such as adding plugins and themes or installing updates. Instead, they are responsible for overseeing the work of authors and contributors.
An author has far fewer permissions than editors. They cannot edit pages and are unable to alter other users’ content. In addition, they lack any sort of administrative capabilities.
What they can do is create, edit, delete, and publish their own posts (and upload media files). This makes their role pretty clear – authors are responsible for creating content, and nothing more.
The contributor role is essentially a stripped-down version of the author role. A contributor is only able to perform three tasks – reading all posts, as well as deleting and editing their own posts. This role is quite limited since it doesn’t enable users to publish posts or upload media files. However, it’s ideal for one-time and new content creators.
Subscribers have only one main capability and their WordPress dashboard is usually incredibly bare. They can read all posts on the site (as well as manage their own profiles). Normally, anyone can read posts without being assigned a role, so not all sites will use this option. However, it comes in handy for subscription-based sites, where you want to enable access to content only for certain people.
6. Super Admin
Finally, we’d be remiss if we didn’t mention the super admin role. This role only applies to Multisite installations – networks of connected WordPress sites. The super admin is responsible for the entire network and can make high-level changes such as adding and deleting sites. They can also manage the network’s users, themes, plugins, and more. As such, their dashboard looks similar to a regular Administrator.
When there is a super admin, the regular administrator role is somewhat modified. For example, regular admins on WordPress Multisite networks can no longer install, upload, and delete themes and plugins, nor can they modify user information. These capabilities are reserved for the super admin.
As an example of how these roles interact, the super admin can decide what plugins to install on the network, and individual site admins can only choose whether or not to activate them.
A deeper look at what the WordPress user roles can do
If you want a deeper, but less beginner-friendly, summary of what each WordPress user role can do, we recommend that you view the Capability vs. Role Table at the WordPress Codex. It lays out the specific actions that each default user role can take on your site.
How to apply user roles effectively on your website
Understanding the various user roles is important, but so is knowing how to apply them correctly.
Every site is a little different, but here are a few tips for making the best use of this feature:
- Give each user only the level of access they need. This is key for security, so no one can make unapproved changes or delete content accidentally.
- Keep the number of user roles at the top limited. A solid rule of thumb is to stick with one administrator and a few trusted editors. The Author role can be assigned to regular content creators who have proven themselves, and new or one-time writers can simply be given the contributor role.
- Try using plugins to customize your user roles. The default system is effective, but you may benefit from a plugin to enhance its functionality. User role plugins enable you to create your own specialized roles, alter the existing ones, and more. We recommend starting with the aptly-named User Role Editor.
And always remember – when in doubt, it’s better to assign too few permissions than too many.
The key to managing an effective team is clearly defining each person’s role and responsibilities. Fortunately, WordPress offers a built-in way to do this. Through careful use of WordPress user roles, you can enhance security and efficiency on your site.
First, you’ll want to make sure you understand the five (sometimes six) basic user roles in WordPress, and what each is capable of. Then, you can follow a few simple techniques to take advantage of this feature. For example, consider keeping your pool of top-level users small, only assigning what permissions are necessary, and using plugins to customize your roles.
Do you have any questions about how WordPress user roles work? Ask away in the comments section below!