Call us 7am - Midnight 0207 855 2055My.tsoHostshopping_basket0 Item(s): £0.00

keyboard_backspaceBack to the Blog

Your complete guide to WordPress user roles

Your complete guide to WordPress user roles

Posted 24th September, 2019 by Sarah

If your WordPress site has grown to the point that you need to give other people access to the dashboard, it’s time to familiarise yourself with WordPress user roles.

WordPress user roles let you control what others can and can’t do on your site. It’s a useful system that lets you assign one of six different roles to users to streamline access to your site and make it more secure.

Whether you’re thinking about hiring a developer or hiring contributors for your blog, there’s a role designed to give users exactly the kind of access they need. And if you need to customise, you can do that, too.

In this guide, we’ll take a look at what WordPress user roles are and what actions they each allow users to do. Then we’ll cover how to assign and edit roles, and how to customise roles with user role editor plugins.

What are WordPress user roles?

The WordPress user management system is based on roles and capabilities.

A role is defined by the set of actions, or permissions, assigned to someone with a particular role. A capability is a specific action that a user is allowed to complete.

For example, the ability to edit a post is one type of capability, while installing a new theme is another.

By default, WordPress provides six different user roles with varying levels of access to the dashboard:






*Super admin

Site owners can use these roles to manage access to tasks such as writing and editing posts, creating pages, creating tags and categories, moderating comments, managing plugins and themes, and managing other users, simply by assigning a specific role to each user.

You can manually add new roles to your site with code or install a user role editor plugin to create and customise your own.

Some other plugins will add custom user roles and capabilities to your site, or assign new capabilities to existing roles. For example, WooCommerce allows shoppers to create an account, which is assigned the “customer” role. It also creates a new “shop manager” role, which you can assign to users who manage your site’s sales.

Why are WordPress user roles important?

If you’re the only person running your WordPress site, you’ve probably never had to think about user roles. But once your site begins to grow and you start giving others access to the WordPress admin, user roles let you control who can make changes to your site.

Here are some of the main benefits of WordPress user roles:

*They create a clear hierarchy of users on your WordPress site, so users know what they are responsible for. This is especially useful if you have a large number of accounts.

*They can help to mitigate security risks by restricting access to site-wide features and settings from all but a small number of trusted users.

*They can prevent ill-intentioned users from making changes to your site. Similarly, they can prevent well-meaning users from accidentally deleting a page or deactivating a plugin.

These are just some of the reasons why user roles are so important, and why it’s essential that you understand how they work, so you can assign appropriate roles to different members of your site.

The six WordPress user roles

Understanding how each of the user roles work is key to knowing which role is the right one to assign to members of your team. To give you a clearer picture of how roles work, let’s look at each of the default roles in more detail.

1. Administrator

User Roles Image 1

This role is the most powerful and has the most capabilities of any WordPress user role. It’s also automatically assigned to you when you create a new WordPress website.

Administrators, usually called “admins,” have unrestricted access. In other words, they can do everything on a WordPress site.

The admin user can:

*Manage other users, add and remove users, update user information (such as names and passwords), and delete other admins.

*Install, configure, and remove plugins and themes.

*Create, edit and delete new or existing pages and posts.

Often, WordPress sites will only have one admin and that will be the site owner. That’s because this role gives complete control over a site and all its settings, including privacy, security and editing code. Still, it’s not uncommon for the admin role to be assigned to developers who require a higher level of access to a site.

Note: On WordPress Multisite networks, the admin role has different permissions. We’ll look at this in more detail below.

2. Editor

User Roles Image 2

As the name of this role suggests, an editor assumes responsibility for managing content, hence the higher level of access.

Editors can:

*Add, edit, publish, and delete any posts, pages, and media, including those belonging to other users.

*Add, edit, delete, and moderate comments.

*Add and edit categories, tags, and links.

Editors have unrestricted access to editing content. Since editors usually oversee writers, this user role allows those with the editor role to manage authors and contributors.

Unlike admins, editors don’t have access to site-wide settings and cannot edit code, plugins, themes, or user information.

3. Author

User Roles Image 3

Authors can create and edit their own posts, and that’s really all they can do. Compared to editors, authors have far fewer permissions.

Authors can:

*Create and edit their own content.

*Delete their own posts, including those that have been published.

*Upload images and other media files.

Authors can’t edit or delete posts written by other users. It’s a fairly low-risk role compared to others, but it’s important to keep in mind that if you want to hire a writer, or have a team of writers, authors can delete their posts, including any that have already been published.

4. Contributor

User Roles Image 4

The contributor role is basically a stripped-down version of the author role. Contributors are able to perform only three tasks:

*Read all posts.

*Create and edit their own posts.

*Delete their own posts.

This role is ideal for assigning to writers, but it does have a couple of major drawbacks: these users can’t publish their own posts and they can’t upload files to the media library. That means if writers can’t add images to their posts to schedule an article for publication, they’ll need to ask someone with a higher-level user role to do it for them.

5. Subscriber

User Roles Image 5

The subscriber role is the default assigned to new users who join your WordPress site if you enable registrations. This role is the most limited of all the WordPress roles.

Essentially, subscribers can read the content on your site, leave comments, and access their user profile.

Since anyone can read new posts on a WordPress site without registering or having a role assigned, the subscriber role is rarely used. However, it might be one you decide to assign to a user if you run a subscription-based site, where you’d like to give access to exclusive content.

6. Super admin

The super admin role only applies to Multisite installations. Super admins have overarching permissions to manage networks, including making high-level changes.

Super admins have WordPress dashboards that look similar to admins. Super admins can:

*Add and delete sub-sites

*Manage the network’s users, themes, and plugins

*Access site-wide settings, and make changes to security, privacy, and code

On Multisite networks, the administrator role is somewhat modified from what we covered earlier. Multisite admins can’t install, upload, and delete themes and plugins, or modify specific user profiles. Only super admins can decide which plugins to install on a network, and individual sub-site admins can choose whether or not to activate them.

Extra option: “No role for this site”

There’s an extra seventh option worth pointing out: “no user role for this site.”

This option essentially strips a user of all permissions on your site and is only useful if you want to keep an inactive user’s profile information rather than delete it.

For example, if an editor or author were to leave your site or business, you may want to downgrade their access to prevent them logging in later and changing settings or content. It’s likely they might have had posts published in their name, so reassigning them the “No user role for this site” option allows you to keep their byline and author profile.

Managing WordPress user roles: how to view, edit, and add roles

Only administrators and super admins can view and edit users and user roles. If you’re an admin or super admin, you can see a list of all users on your site and their roles by going to Users > All Users.

User Roles Image 6

Clicking on a user’s username will take you to their profile. Clicking on your own name will also let you view your own profile.

To edit a user’s information, open their profile. You’ll see options for editing personal details such as their name, contact information and biographical information i.e. author bio, and you can generate a new password. You can also assign a new user role using the dropdown.

As an admin or super admin, you can edit any details as you see fit. Individual users can also view and edit their own profile information, but can’t access the profiles of other users.

How to add and assign roles to new users

There are two ways to add new users to your site: adding new users manually or enabling site registration.

To manually add a new user to your site, go to Users > Add New.

User Roles Image 7

You’ll be prompted to enter information for the new user, including their name, and you must enter at least a username and email. You can also choose to set their password and send a notification to the new user with details of their new account.

Lastly, you can assign any of the five general user roles to the new user — subscriber, contributor, author, editor, or admin.

User Roles Image 8

To finish up, click “Add New User” and the user will be added to your WordPress database. Their username and details will also appear under All Users.

Alternatively, enabling site registration is handy if you run a membership site and want users to register their own accounts.

To enable site registration, go to Settings > General and check the “Anyone can register” option. You can also set a default user role to be assigned to new users.

User Roles Image 9
How to customise and create custom WordPress user roles

The default WordPress user roles are usually all you’ll need to manage your site. However, there may be times when you’ll want to customise roles or create new ones.

There are several user role editor plugins you can use to create custom roles and customise existing ones.

1. User Role Editor

With more than 600,000 active installations, User Role Editor is a popular option for creating and customising roles.

Once installed, go to Settings > User Role Editor where you’ll find a fairly straightforward interface for selecting roles and changing their capabilities. You can also add new roles, rename roles, and add capabilities.

User Roles Image 10

User Role Editor is a powerful plugin and well-worth installing if you need to customise roles on your site, especially since it’s free.

2. Members

Members is a powerful user, role, and capability editor plugin and provides well-designed interfaces to help you manage and customise roles. The plugin adds two menu items, Roles and Add New Role, which you’ll find under Users.

Roles lists the default WordPress user roles and lets you customise each role. You can check various capabilities to “grant” or “deny” permissions for certain roles. Add New Role lets you create new user roles.

User Roles Image 11

**3. User Switching

This isn’t technically a user role editor plugin, but it is an incredibly useful WordPress plugin if you have multiple user roles on your site and find yourself needing to switch between them.

User Switching lets you quickly swap between user accounts. In one click, you’ll be instantly logged out and logged back in as your desired user. This is especially useful for test environments where you regularly log out and switch between accounts, or for admins who need to switch between multiple roles.

User Roles Image 12
Why customise or create custom WordPress user roles?

For the most part, the default WordPress user roles are all you’ll ever need. However, there are several use cases for creating custom roles or customising the existing ones with a user role editor plugin.

Here are some examples of when you might need custom user roles:

*Blogs that regularly publish content might need to enable the author role to access the media library.

*Media and publishing companies, in particular large ones like Wired, TechCrunch, Quartz and News Ltd., which all use WordPress, might require custom roles to better match the responsibilities and day-to-day tasks of editors, sub-editors, and journalists.

*Membership sites might need to create new roles or rename the default ones to match the various tiers of membership available. Some membership plugins may also add roles and capabilities to WordPress sites.

*Online course plugins will usually add new “Student” and “Instructor” roles to your site, together with various capabilities that allow students and instructors to participate in courses, take tests, and access materials.

*Agencies might use WordPress user roles to control the access that clients have to their sites. For example, you may want to restrict access to plugins and themes, and prevent clients from editing code.

In summary

Understanding how WordPress user roles work and the various capabilities assigned to each is key to effectively managing the various people who use your site. Fortunately, the WordPress user management system is simple to access and manage.

Since WordPress doesn’t provide options out of the box for customising user roles, you’ll need to use a plugin or code to modify user roles and capabilities. The free user role editor plugins mentioned above offer powerful features that can help you quickly customise roles as your site grows and evolves over time.

Categories: WordPress

You may also like:

How to integrate Google Analytics into WordPress
5 inspiring homepage designs and why they work
Video tutorial - how to install WordPress plugins
Sucuri setup video tutorial - WordPress website security plugin
Your guide to the WordPress template hierarchy: what you need to know
Complete guide: how to install WordPress locally