WordPress has specific default user roles and permissions that help to specifically design the capabilities that users can access on your website. With the help of user roles and permissions, you can gain total control over your WordPress website and improve your website security.
In this article, we’re going to discuss WordPress user roles and permissions management. Understanding WordPress’s certain roles and permission and level of access will help you manage your website more effectively and keep it more secure.
What are WordPress User Roles and Permissions?
Shortly, WordPress roles and permissions are users with specific capabilities. Therefore, WordPress permissions are the capabilities.
There are 6 previously defined roles in WordPress:
- Bonus: Super Admin Role
Below you can see the User management roles and their privileges.
Administrators can modify the entire WordPress website. The administrator role is the most powerful one in WordPress. Users with the administrator role can create new posts, edit and publish them, and delete any type of content. They can also manage plugins and themes, edit the website and perform website updates. Moreover, they get full access to all backbend codes and can easily add or delete users on the platform.
The administrator role is mostly for website owners as it provides total control of the WordPress blog. However, if you have a multi-user WordPress site you need to choose attentively your administrator users.
Below you can find an administrator’s sample dashboard.
WordPress Editors have total control over the content sections of a website. They are free to add, design, publish and delete any website post. They can even make changes regarding posts written by others. Editors have an allowance for moderating comments, too. However, users with the editor role aren’t allowed to change the website settings, install, and manage plugins and themes.
This role is excellent for content managers with a broad strategic view of the produced content.
Below see the editor role’s WordPress dashboard example.
WordPress users that have an Author role are able to write, design, edit, and publish their own posts. They can even delete already published posts written by themselves.
In fact, authors face some limitations. For example, they are not allowed to create new categories but are free to use the existing ones. Additionally, they can include different tags in their posts.
Authors are eligible to read all of the comments even those that are not reviewed yet. However, they cannot approve or delete any comment.
Besides, authors cannot access the setting section, plugins, or themes. Thus it is a low-risk user role.
Basically, authors’ permissions only extend to the content they design by themselves, not to posts created by other users in the platform.
Above you may see the demonstration of a regular author’s dashboard.
The next comes the contributor role. Users in this role are responsible for adding new posts and editing posts created by themselves, but they cannot publish any post.
The permissions of this role include choosing from previously created categories and creating new tags. However, a huge disadvantage is that contributors can’t upload files. Thus, adding images to posts is not permitted.
Another equally important permission is that contributors can view all the comments on the website, but are not allowed to approve or delete any of the comments. In addition, they can’t make changes regarding a certain WordPress plugin and theme or website settings.
This role works productively for outsourced content creators who are not full-time members of the content management team. The Contributor role is very popular on WordPress sites with user-submitted content such as Lifehacker.
Below see the Contributors’ dashboard in WordPress.
Finally, subscriber role users can easily log in to your WordPress site, update their own user profiles, and change their passwords. They are not eligible to write posts, view comments, and even make any other changes inside the WordPress admin area.
This user role is most effective if you have online shops, different membership WordPress sites or any particular website where users are required to register and sign in.
Subscriber role is the most limited role in WordPress as no other area of the back is available.
See above the example of a subscriber’s WordPress dashboard.
Bonus: Super Admin Role in WordPress
Now you might ask, why it is called a Bonus role. Well, basically because this role is only available on a WordPress multisite network. A WordPress multisite network is mostly for blogs, educational institutions, and businesses, that want to manage separate websites in only one dashboard.
The permissions of the super admin role include adding and deleting websites on a multisite network. Furthermore, they can install various themes and plugins, add users and conduct some network-wide actions on a WordPress multisite network setup.
Note that this role is mostly useful for designers and network administrators that are assigned to several websites in the same network. Super Admin role basically gives access to all the high-level admin capabilities.
Super Admins’ key capabilities include:
- Creating, managing, and deleting network websites
- Managing already existing network users, plugins, themes, and options
- Upgrading all the websites on the Multisite network
- Setting up a Multisite network
- Assign Admins to the network’s individual websites
Above picture demonstrates a Super Admin’s dashboard in WordPress.
How to Customize Default User Roles and Permissions in WordPress
Let’s start from the beginning. When a website is firstly created, WordPress automatically assigns the Administrator role to the user that creates it. From there you can use the standard roles and permissions or take some time to customize them.
How to customize a WordPress user role?
In order to customize user rules, you need an external plugin. The most common and famous option is User Role Editor. It basically adds a New option in the Users menu of the WordPress admin panel to customize each of the roles.
During the setup process, you can easily assign each potential capability to a different role. WordPress User Role Editor plugin uses a double-confirmation process to make sure all capabilities are correctly assigned in case of any updates.
User Role Editor provides a chance to create completely new user types for WordPress management. All you need to do is to click Add Role and assign a name to it. Afterward, you can start with a copy of an existing role and customize it or start assigning permissions from scratch.
User Role Permissions For WordPress Multisites
In the case of a multisite setup, the Super Admin automatically acquires some of the responsibilities of the Administrator. Now, only a Super Admin is able to add and edit user roles, regulate plugins and themes, and install the latest updates.
Individual admins are still able to edit their website on the page level and select from the installed themes. Besides, they have the capacity of removing users assigned to their websites specifically, however, their permissions will be more limited otherwise.
This system is very similar to a strict hierarchy among the user roles. In other words, the Super Admin is at the top and directs Administrators at each website. Each of the Administrators has its website-level control, however, can’t make any changes that might conflict with the general plan for the multisite network.
4 Best Practices To Manage And Maintain Your User Roles
1. Avoid Over-Assigning Responsibilities
Each user role has its own responsibility. WordPress websites work productively when each of the users recognizes its own responsibilities needed to do their job tasks. For example, a content manager won’t need administrative privileges.
2. Review and Adjust User Roles Regularly
Conducting a review on regular basis can guarantee that your roles remain strictly within the global plan and in the best interest of the website and business. Also, it allows removing user roles when responsibilities have changed.
3. Customise Roles Only When Necessary
According to estimations, about 95% of companies do not always need custom user roles. However, if they make customization only because it’s an available option may decrease safety and efficiency. Thus, it is recommended to stick with the standard roles first and customize only in case of feeling the extreme need.
4. Document Your Role Assignments and Layout
Documentation is necessary for keeping everything straight while your team increases in complexity. A good solution is to keep a specific sheet where you can outline each role and its responsibilities. It’s very important for multisite networks and larger teams as there is a big range of team members.
Assigning and managing your WordPress user roles and permissions in a proper way is extremely important. Understanding all the basics earlier may help you avoid further confusion and various security issues. Note, that several user role plugins are available for easy customization but I’ve introduced the User Role Editor plugin as it’s very user-friendly and flexible. You can test it for yourself and write your feedback down in the comments section.
Now I am happy that you have been equipped with the necessary knowledge about the specificities of each WordPress user role and different strategies that will help you customize user role permissions. However, I’m waiting for your comments in case of any further questions.