When you install WordPress, it comes with a user role management system with five default user roles. Each user role has defined action & tasks to perform on the site.
If you are the only person running the site, you do not need to worry about it. As the site grows, you need help to run your website. You have to give the team permission to edit & customise your site.
That’s why knowing about the user role management are essential while sharing your site with other users.
In this article, I will explain all the user roles you need to know.
Five default user roles are:
Why are User Roles Important?
WordPress user roles set the limitation to the action a user can perform on your site.
In simpler terms: you do not want every user to have complete access to your site, so you assign them a user role. That user role has permission to perform limited functions.
These functions are also known as capabilities. Each new function is a new capability.
A user role means a person can perform only the action that is assigned to that user role.
WordPress user roles are important:
Security purpose: Not everyone can enter and have access to all the parts of your site.
For example, you would not like to allow a Guest Author to install plugins on the WordPress site.
Work management: Focusing the users to do the task they need to do, and removing the other options from the dashboard.
Even if the user is trustable, you would not like to give them access to the file editor of your WordPress. They can harm the site by touching the coding, accidentally and unintentionally.
User roles allow you to provide the users with only the necessary element of WordPress so they can complete their task without any hassle.
Now let’s understand all the user roles and their capabilities.
The administrator is the level A role, with all the accesses to the site.
Admin can download, install or delete plugins and themes. They can do major changes in designing, and even change the author of articles.
Admins have access to all the users, user roles, permission, passwords, and they can change, edit or delete them if they need to. An admin can even delete other admins accounts too.
Basically, admin can do everything on the site.
- Create, edit, delete posts and pages
- Deletes, install & uninstall plugins and themes
- Edit, and change codes
- Delete other user roles, accounts, and edit the permission
Security Tip: Giving admin role to another person is like allowing them to do anything on your site. They can delete your admin account and can have the entire site to themselves.
However, you can get it back from your cPanel or hosting panel. But still, you should not share the admin privileges with everyone.
An editor has permission to manage all the content of your site. Users with editor roles can add, edit, publish, update, and delete any posts, or pages on a WordPress site.
Editors are allowed to edit the content written by others, and they can even change the authors of the content.
Besides posts and pages, editors are responsible for replying and moderating the comments.
However, editors cannot make any site changes. They cannot install or uninstall plugins, or make any major changes to the design.
- Moderate comments
- Manage categories and links
- Create and delete pages and posts
- Manage the content of the site
Security Tip: Editors don’t have access to the other part of the site, but they can delete the content of your site. So, don’t give this role to a sketchy or new person.
As editors can manage all the content, users with Author roles can only write, edit and publish their posts.
Authors have even fewer permissions than editors. They are not allowed to edit pages or posts that other users have created.
Their responsibility includes writing posts, uploading media, and publishing it. Though they have permission to delete their post, they cannot remove it from the trash.
Authors have to use the given categories, as they cannot create it. Editors create categories. But Authors can add Tags.
Comments are viewable by the Authors, but they cannot edit, or approve them.
Authors have limited access to the site, as their only role is to create, edit and publish their blog post.
An author can:
- Create, edit, delete and publish their post
- Add Tags to the Post
- Upload the media to their blog post
Security Tip: It is a low-risk user role. Admins give Author roles to the Guest Authors occasionally.
Contributors are Authors with no permission to publish the post.
They can create, edit or delete their posts. But they can’t publish the posts.
Contributors make a post and submit it, and then Editors or Authors approve the post to publish it.
Similar to the author, contributors cannot add new categories and choose from existing categories. But they can add tags to the posts.
Another difference between author and contributor is that contributors can’t upload media files to their post.
Contributors are allowed to see the pending comments, but they cannot approve or edit them.
Security Tip: If you do not trust the guest author or the content that he could publish to the post, you should give him a contributor role. This way, you can approve or reject the post they want to publish.
Finally, there are subscribers. Their primary capability is to read all the posts on the site.
Subscribers can make changes to their profiles, such as changing email id, password, about or pic.
But, generally, anyone is allowed to read blog posts on the site, so this user role is not assigned to anyone.
However, the user role is useful if the site is subscription-based. You can provide the content or blog post only to subscribers.
Many news sites ask users to become a subscriber to continue reading the articles. Then subscribers can comment, and they have an account where they can make changes.
But that is beyond the scope of the simple subscriber option of WordPress. We are not covering that in this article.
#6 Super Admin
A network of connected WordPress sites is called Multisite. It is a type of installation where you can create and manage multiple WordPress websites from a single dashboard.
Super Admin is a user role for such Multisite Networks.
The super admin has complete access to the entire network and is responsible for making superior level changes. Super admin manages the network’s users, themes, plugins, and edit & delete them.
In the presence of Super Admin, the roles and responsibilities of Admin changes. Admin cannot install or change themes and plugins; however, Super Admin can give permissions to Admin to activate or deactivate plugins.
Making best use of User Roles
Now you know each of the user roles, let’s see how you can use them effectively and safely.
Though each site is different and needs a different way of working, still, there are few common tips I can give.
Need to Work Basis:
Do not allow any users to visit the part of the site that is not in his domain. The user roles should be distributed strictly according to the tasks they do.
An author does not need the Editor user role, and an Editor does not require Admin capabilities.
Don’t add users just because you can add. For example, if you are sharing a guest post, you do not need to give Author access to the person. You can create a separate account with his name, and post it yourself.
Keep Hosting with You:
In case of hacking, or someone removing you from the admin area, it is better to contact your hosting provider as soon as possible.
They can block the site, and reassign you as admin again.
When the business grows, you have to have a team to manage the WordPress site. Doing everything alone will hurt your productivity.
That’s why understanding the user roles are necessary, so you do not give the wrong roles to the wrong people.
The good thing is that WordPress has an inbuilt function for this. Various plugins enable more functions for distributing the capabilities among the user roles.
You can even make custom roles with the help of plugins.
Using user roles effectively can protect your site from notorious people who are looking to infect your site with hacking code.
I hope this article helps you in understanding the WordPress user roles.
If there are any questions, please leave them in the comment box.