Understanding how WordPress role permissions work is essential if you have a team of people adding and editing your websites’ content. In the following text, we will explain how WordPress user roles work and why they are useful.
Let us have a look at each default role, and then move to some tips on how to apply them!
WordPress roles explained in less than a minute
As we already mentioned, WordPress user roles are what defines which user is allowed to do what. To paint a picture, besides other WordPress user permissions, an author can publish a post, while an editor can do that and a bit more – publish pages, for example.
So, different WP roles have different WordPress capabilities. That type of hierarchy helps secure your website and its content and can help you define workflow of your team.
Default WordPress user levels
When you install WordPress, you are given five default user roles. We will list them out below, starting with the one which has the least amount of permissions:
WordPress subscriber role
All new users default to subscriber role. They can read your content, write and post comments, and create a profile using your dashboards – and that is it!
Quick tip: If you want your readers to register on your website without too much hassle, go to settings, general, membership, and check “Anyone can register” box. Then, find the Meta widget in appearance, widgets, and add it to your sidebar.
WordPress contributor role
Something more exciting: contributors are allowed to write posts, edit them, and delete their unpublished posts, with a catch. An admin or an editor must review and publish the written post, and they will also have to assist the contributor with images, videos and audio files since they cannot access the media library.
If you think about having a guest blogger, or anyone that does not post regularly, contributor role is for them.
WordPress author role
On a first glance, these roles look similar, but if “WordPress contributor vs author” battle would occur, the latter would win.
Authors can write, edit, delete and publish their own posts, as well as upload files into the media library, but they cannot see anything created by other users on the dashboard. Another plus is the ability to moderate comments on their own posts.
Of course, the role has certain limitations: they cannot delete anything from the media library, and can’t create, edit, or delete pages.
WordPress editor role
Now we are getting to the interesting part.
In addition to permissions that an author role has, an editor can publish, edit, or delete any page or post, including the private ones. They can moderate comments, manage categories and links.
The role is great for anyone that needs permission to access all of the content, without having the ability to change themes, plugins, widgets, and, most importantly, settings.
WordPress administrator role
An administrator lies at the top of the WordPress permissions hierarchy chain.
He watches over other WordPress users and can perform every action available through the dashboard. Administrators can change themes, modify core files, and change other users’ roles, also have complete control over all content.
Bonus: WordPress super administrator role
This role is not available in standalone WordPress sites, but if your website is a part of WordPress Multisite Network, then you will have a super administrator who is watching over the entire network.
Super administrators can do everything an administrator can – but across the entire multisite network. In addition to that, they can add and delete sites from the network.
Editing Existing User Roles
Default WordPress user roles have clearly defined permissions which works for most of the websites, but you can definitely edit those permissions to your liking.
Maybe you think that authors on your website should be able to publish and delete their own posts without having to wait for an editor’s or an admin’s blessing? If you trust your authors, then allowing them to do just that will speed up the workflow.
Of course, the story can be completely different. Having the ability to delete their own posts may spell disaster in case the author leaves the job on bad terms and decides to remove all of his or her posts.
Either way, for the sake of this WordPress user role tutorial, let us assume that you want to remove the permission of authors to delete their own content once published.
The first step is to install and activate WordPress user roles plugin called Capability Manager Enhanced plugin.
Then go to users, capabilities and select the user role you want to change from the top box in the right column, and then click the load button. Uncheck the capabilities that you want to remove from the user, and save changes.
This will load user’s capabilities in the boxes on the left.
How to add WordPress custom user roles?
Using the WordPress user role plugin we just mentioned, you can create custom user roles with their own set of permissions for your website.
Go to user, capabilities and type in the WordPress user role name under “Create New Role”. After that, under “Other WordPress Capabilities” select which permissions you want the custom user to have.
It is simple as that.
How can I effectively apply user roles on my website?
Now that you know how each user role works, it is time to take a look at how to apply them correctly. Here are several tips for making the best out of WordPress user roles which you can use on your website:
- For security reasons, every user should only have the level of access they need.
- Limit the number of top user roles. We suggest having only one administrator and a few trusted editors.
- Assign author role to users which regularly create content for your website, and have earned your trust.
- New and one-time writers and guest bloggers will be more than happy with the contributor role.
- Use a WordPress user roles plugin to customize your user roles. We already talked about Capability Manager Enhanced, but User Role Editor is also a good option.
Ending thoughts on WordPress user roles
If you have a team that you are working with on your WordPress website, defining each member’s roles and responsibilities is mandatory for a productive workflow. Knowing what each WordPress user role does is the first step in creating an efficient and secure website.
Using the plugins to add custom roles and edit each user roles’ permissions is also an excellent way to enhance your workflow.
If you need help with your website, WP Buffs is a 24/7 WordPress website maintenance services for serious website owners & white-label partners. Whether you’re looking after 1 site or 1000, they’ve got your back!
Hopefully, this guide helped you gain a better understanding of WordPress user roles!