Do you want to learn more about the WordPress User Roles and Permissions? WordPress has a built-in user role management system that spells out what a user can and cannot do on your website. When your WordPress site grows, it is essential to understand these WordPress user roles and permissions.
To help you administer your site more effectively, we'll discuss WordPress User Roles and Permissions in this blog post.
Table of Contents:
- What are WordPress User Roles
- Six Different WordPress User Roles
- How to assign and change WordPress User Roles
- How to Edit an Existing User Role in WordPress
- How to Create Custom WordPress User Roles
- How to Delete WordPress User Roles
- Tips for Setting WordPress User Roles and Permissions
If you manage your website alone, you've probably never had to consider WordPress user roles. However, WordPress user roles are crucial for managing what activities the various users at your site are permitted to take if you ever need to grant others access to your WordPress site.
WordPress user roles specify the tasks each user on your site can complete. These operations are known as capabilities. For instance, one "capability" is the ability to publish a WordPress article. At the same time another "capability" is the ability to install a new plugin.
Therefore, at their most basic level, WordPress user roles are simply a list of several actions (often referred to as capabilities) that a user with that position is authorised to carry out.
- Assist in the security of your WordPress site by ensuring that users do not have access to information they should not have. For instance, you wouldn't want a user you don't trust to be able to add new plugins to your website.
- It can support defining your workflow. WordPress, for example, includes pre-made user roles that you can assign to authors on your site to grant them access to only the functionality required to produce WordPress posts.
WordPress user roles come with six different user roles pre-configured. Understanding each one is essential if you want to protect your website and make sure your team operates more productively. Let's sift through each of these roles.
When you build a website, this is the role that is given to you. Unless you're managing a Multisite installation, the Administrator is at the absolute top of the hierarchy. In most situations, there is only one, and they have access to all of the WordPress backend functionalities.
Administrators have total control. This user role may be used to:
- You can create, modify, and remove any content.
- Organize your plugins and themes
- Edit Code
- Delete other user accounts
The most privileged of WordPress user roles, Administrator, should rarely be given to any other account. Giving someone else access to this user role is comparable to handing them the keys to the castle. So take better care!
An editor in the User Role typically manages the content and has a high level of access, as the name of this user position implies. They can create, edit, delete, and publish posts and pages, including those written by other users.
A good editor can also:
- Moderate comments
- Control the categories and links.
However, they cannot make site-wide modifications like installing updates or adding plugins and themes. Instead, they are in charge of assessing the authors' and contributors' work.
An author in a user role has significantly less permission than an editor. They cannot edit pages or change user-generated content, and they also have no administrative skills.
They are able to write, modify, remove, and publish their own posts (and upload media files). This explains their function; the authors' only responsibility is to produce content and nothing more.
In general, the contributor role in the user role is a simplified form of the author role. Only three actions are available to contributors: viewing all posts, deleting, and editing their postings. Because users cannot submit posts or upload media files, this job is highly restricted. It's best for first-time and beginner content creators, though.
Subscribers typically have a straightforward WordPress dashboard with just one primary function. The person with this WordPress user role may view every post on the website (as well as manage their profiles). Not all sites will use this option because often, everyone can view postings without being given a role. For subscription-based websites, when you wish to restrict access to material to specific individuals, it is functional.
Last but not least, the super admin role deserves mention among all the user roles. Only networks of related WordPress sites - Multisite installations - are covered by this role. The super admin is in charge of the entire network and has the authority to make significant adjustments like adding and removing sites. They can also control the users, themes, plugins, and other elements of the network. As a result, their dashboard resembles that of an ordinary Administrator.
The usual administrator function is slightly altered when there is a super admin. On WordPress Multisite networks, for instance, regular admins can no longer upload, install, and uninstall themes and plugins, nor can they change user information. The super admin is the only person with these abilities.
The super admin can choose which plugins to install across the network, whereas individual site admins can determine whether or not to activate them. This shows how these roles interact. This clearly explains that among the wordpress user roles, the super admin role plays an integral part.
Only administrators can modify user roles. This role is automatically assigned to the user who starts the WordPress site, and they can then give this role to new users.
Follow the steps outlined below to assign a role to a new user:
Step1: Click on Users in your dashboard, then click +Invite. You should see this screen:
Step2: Enter the email or WordPress.com username of the user you want to invite, select their role, and click Send Invitation.
Step 3: If you're going to change user roles, navigate back to the Users tab, click on the user whose role you want to modify, and make the change.
Pro Tip: Once you provide a user with the administrator status, they can make changes to other accounts, including yours, so make sure you pick them carefully.
If you want to change an existing user role in WordPress, installing a plugin like a User Role Editor is the simplest option. In practice, this looks like this:
Step 1: Select Users > User Role Editor in the left panel. You’ll be taken to the plugin’s main interface.
Step 2: Select the user role you want to modify from the top dropdown menu. You’ll see a list of all capabilities currently allowed for this role. Check the box next to Show capabilities in the human-readable form to list these functions more clearly.
Step 3: Select/deselect the capabilities you want to add to/remove from the role.
Step 4: Click Update, then Yes in the Confirm window. The list will refresh with updated permissions.
If you want to create a custom user role in WordPress using the User Role Editor, follow these steps:
Step 1: Select Users > User Role Editor in the left panel.
Step 2: In the right-side button pane, choose Add Role.
Step 3: Create an ID and Display the Role Name.
The Display Role Name is what appears for users in the WordPress dashboard. Administrators can change the Display Role Name by selecting Rename Role from the main interface.
The ID only shows in the User Role Editor Plugin, which can be the same as the Display Role Name, or different for systematic labelling purposes. You cannot rename the ID once the new role is created.
Step 4: If you want to clone an existing role, select it from the Make copy dropdown.
Step 5: Click Add Role.
Step 6: Select the capabilities you want to add to the new role.
Step 7: Click Update, then Yes in the Confirm window. The list will refresh with updated permissions.
Using the User Role Editor Plugin to remove a user role in WordPress, first reassign new roles to all users currently assigned to the role you wish to remove. Go to Users > User Role Editor after that. From the top dropdown, choose the role. Select Delete Role from the right pane, and then click Delete Role in the pop-up box.
Here are a few tips for setting user roles and permissions.
1. Set the default user role as low as possible.
By default, it is set to Subscriber. It is not advisable to modify it unless it's necessary for your website's needs, such as a custom post type. Even then, I advise using the minor role you can.
Select the role in WordPress for each user based on the level of access they need.
Provide the most basic level to users. As a result, fewer users will have access to more data, streamlining their work and boosting security.
Additionally, this prevents users from making unauthorised changes like deleting content, altering the code, switching themes, adding or removing plugins, etc.
Giving users a lower position in the WordPress user role and then raising it as necessary is far safer than giving them a greater role and then regretting it due to an error or worse. Only entrust those with higher roles.
2. Have the fewest number of Administrators possible
When there are fewer people who have access to themes, plugins, and other configuration options, it is better. A WordPress website should ideally have just one Administrator among the user roles.
Add a few editors, and designate the remainder as authors or contributors. The author's job is fantastic for somebody you've worked with long enough to trust their work. For new content creators, the Contributor job is an excellent choice.
3. For a one-person website, create an Editor role for yourself
Among the WordPress user roles, the administrative chores are kept apart from the daily blogging activity by assigning an editor role. Because the Administrator login would be less evident, the website would be safer from hackers. The Administrator role is protected even if the Editor role is hacked.
4. Fine-tune WordPress user roles with code or plugins
For most websites, the default user rights are helpful, but you might need to modify an existing role or establish new ones. As an illustration, you might want someone to be allowed to upload media but not publish or delete it.
Although this can be accomplished with code, plugins make it as simple as possible. It is advised to examine the plugins to see which qualities best suit your need.
Only use code if you are familiar with PHP. The benefit of code is that it can be simplified to include only the capabilities you need. As a result, the code is more straightforward. Additionally, you never have to worry about a plugin being updated, having its features changed, or not being supported.
The settings for your website include key elements like WordPress User Roles and permissions. Thanks to them, you have more control over who gets access to which functions. This makes it easier for you to manage your team and allows it to expand so that more people may carry out specific tasks, produce content, etc.
WordPress user roles streamline each user's work since they restrict the features each user can access. Due to the limitations placed on each user, these restrictions also increase the security of your website.
With the help of plugins or code, you may alter the user roles and permissions, giving you even more control over each user.
User roles are simple to use and comprehend. Your website will be more effective and secure if you understand the different user roles and carefully select the roles you want to utilise. WordPress user roles should be configured if your website has many users.
If you decide to use WordPress for your website, check out WPBlazer, a WordPress management tool.