Last updated - March 17, 2022
This article is part of the User Management Guide:
- Basic WooCommerce settings to configure accounts
- Know about user roles and capabilities (current article)
- Create a new user
- Ensure security of user data
- Improve user management
On a website, there will be different users who will be doing different tasks and you need to define what they can do or cannot do. If you are a WordPress site owner, you will see a concept called user roles that will help you define what capabilities other users can have or not have on your site. You can assign different user roles to different users, and make your site more organized and systematic. This article gives you a fundamental idea of WordPress user roles along with WooCommerce user roles, and also tries to understand the further customization options.
What are WordPress user roles and why do you need them?
If you own a WordPress site, you may want to define users differently according to the access they should have. You may have users on your site, who would only need to create and manage profiles and view your pages or posts. There could also be different users who would need selective access to your WordPress admin or the backend. You may want to further define varied capabilities for users based on the tasks they are meant to perform on your site. For example, there are different tasks on the WordPress admin such as writing and editing posts, building pages, managing categories, moderating comments, adding and managing plugins and themes, etc.
So you can assign user roles to users on your WordPress site according to the capabilities they should have to perform the task they are intended to do on the site or the admin. The predefined user roles that you see in WordPress are:
- Super Administrator – This is the role that can perform all the possible capabilities of a WordPress user, including multi-site management.
- Administrator – This user role bestows the user with all capabilities for the site administration, including management of other users.
- Editor – As the name suggests, the editor role will be able to manage and publish all posts in a site.
- Author – The author will be able to manage their own posts and publish them.
- Contributor – Contributors on your site will be able to add content to a post, but will not be able to publish them.
- Subscriber – The Subscriber can only manage their own profiles and access the site’s frontend.
Check our article on WordPress user roles to get a better understanding of each role, and how you can customize them.
Additional User Roles in WooCommerce
As you know, WooCommerce is a free plugin for WordPress that will help you convert your website into an online store. WooCommerce has become one of the most popular eCommerce platforms in the world, and is a preferred choice for entrepreneurs around the world. Now, when you install WooCommerce to your WordPress site, it registers two additional user roles to it – Shop Manager and Customer. Furthermore, it gives additional capabilities for the WordPress Administrator role to manage WooCommerce settings and view WooCommerce Reports.
Capabilities of WordPress user roles and WooCommerce user roles
Here is a quick look at the user roles on WordPress and WooCommerce.
Super administrator is the role that will have all the capabilities to manage a multi-site WordPress network. So, it will have a range of capabilities to manage a multi-site network, such as:
- Create and delete sites
- Manage network and sites.
- Manage network users, plugins, themes, options, etc.
- Upgrade network.
- Setup network.
Administrators have complete access to all administration aspects of a single site. They can add, delete and manage plugins and themes on the site. And, the administrators will also have the freedom to modify the details of other users, including passwords. Basically, you can restrict giving administrator access to only site owners, and trustworthy people who can have complete control over your site. Some of the unique capabilities that define the administrator user role include:
- Activate plugins.
- Edit and delete pages, and posts.
- Export and import.
- Manage categories, links and options.
- Moderate comments
- Promote users.
- Publish pages and posts.
- Read private pages and posts.
- Create, edit, read and delete Reusable Blocks.
- Remove users.
- Switch themes.
- Upload files.
- Access Customizer.
- Update plugins, themes and WordPress core.
An editor role allows you to get access and editing rights to other users’ posts. Those with the Editor role can edit or delete any posts on your site. The Editor role would be best for the person who is managing the blogs and other posts on your site. Basically, the Editor role is concerned only with the content aspect of your site. The capabilities of the Editor role are as follows:
- Edit pages and posts.
- Delete pages and posts.
- Create, edit and delete Reusable Blocks.
- Manage categories and links.
- Moderate comments.
- Publish pages and posts.
Authors can create and publish their own posts. However, this role won’t have access to other people’s posts. They can also delete their posts if needed. Also, those with the Author role won’t be able to create new categories. However, they can use the existing categories on your site, and create new tags. Also, those with the Author role cannot moderate or delete comments on your site, even though they can view them. Similarly, they won’t have access to plugins and themes on your site. Here are the important capabilities of the Author role:
- Edit and delete their own posts.
- Publish posts.
- Upload files.
- Create and read Reusable Blocks.
- Edit and Delete their own Reusable Blocks.
A contributor is a user who can write and edit posts on your site. But these users won’t be able to publish posts. Hence, an Editor has to review and publish the posts written by Authors. This is exceptionally useful when you employ freelance writers to generate content for your site. However, one disadvantage is that those with Contributor roles cannot upload files to your site. And as seen above, the Contributor role won’t have access to plugins, themes, or other users’ posts. Here is a look at the capabilities of the Contributor role.
- Create and edit posts.
- Manage their own profile.
- Read Reusable Blocks.
Those in the Subscriber role have only read access on your site. In addition, they can manage their own profiles on the site, such as user information and password. Other than that, they can only read posts and leave comments on your site. You may find it useful if your site strategy requires users to sign in to reading blog posts. The capabilities are:
- Manage their own profile.
- Read posts.
- Leave comments to posts.
Now let’s look into the two specific roles for WooCommerce.
Any user who registers using the checkout or signup option is defined as a customer on your site. Presently, the capabilities of the customer role are as follows:
- Have read access, similar to a blog subscriber
- Can view orders and order history
- Is able to edit own account details
Shop Manager Role
If you hire someone to manage your store, you have to give them access to the operations side of the store. However, you may not want them to access the admin side, like editing files, or managing plugins. This is where the Shop Manager role comes into the picture. This role has the same capabilities as the customer role, along with the option to edit WooCommerce settings and products. In addition, this role is capable of viewing WooCommerce Reports as well. The Shop manager role is actually similar to the Editor role in WordPress, so they will have the general capabilities of the WordPress Editor role. The additional capabilities of the WooCommerce Shop Manager role are:
- Manage WooCommerce settings.
- Create and edit products.
- View Reports section of WooCommerce.
Apart from this, when WooCommerce is installed, the site administrator will automatically gain the capabilities of the Store Manager role.
How to assign a user role to a new user?
WordPress site administrators will be able to create new user accounts on the WordPress site. If you are a WordPress administrator, on the WordPress admin panel, you can go to Users > Add New to create a new user.
While creating a new user, you need to add the user’s first name, last name, email and also a username. You can also specify a password, and optionally send an email to the user about the account creation. As you guessed, there is also a dropdown, where you can assign a role to the user. Please note the username is not editable later, though every other aspect of a user profile (including user role) can be changed later if needed.
You can use the same strategy for new users as well as to change the user role for existing users. Most WordPress sites will have an option for customers or users to register from the site’s frontend. Such users will be assigned the Subscriber role or the Customer role (if WooCommerce is installed) by default. Depending on the website’s requirement, the administrator can easily change their user roles and assign a suitable role.
How to decide what role to assign a user?
You might be wondering about how to assign a role to a user. Depending on your online store’s features and functionalities, you might want to assign specific roles to specific users. This will help you effectively control how different users will be interacting with your site.
By default, any user registering on your site will be assigned the Subscriber role or Customer role. However, if you are registering store administrators or content creators on your site, you may have to provide them additional permissions. Let’s try to figure out different scenarios where you may want to assign different permissions to your users.
Adding users for store management
You can assign someone the Shop Manager role when you want to let them handle aspects related to your store, but not those of the website’s backend. As you have seen above, the Shop Manager role entails different capabilities related to the store. These include being able to manage products, orders, refunds and even to generate reports. However, you don’t want shop managers to be able to change the settings of your site, manage plugins or themes, or modify user capabilities. Basically, you can easily limit the role only for store-related aspects, and not to any other aspects related to your website.
To give access to website management professionals
Sometimes, you might want to provide access to technical experts who are maintaining your site. In order to check different functionalities of the site, they may need complete access. In this scenario, you may need to provide them with the Administrator role. Similarly, external agencies or personnels handling your design and marketing aspects can also be assigned this role, if the situation demands.
For safety concerns, you should grant the Administrator role only to users who need to handle almost all aspects of your site. Even if you are adding a professional user with this access for site maintenance tasks, it is better to change the role after the task is done. In an ideal situation, only the store owners should have this access.
For content creators
For those who create content on your site, WordPress roles such as Contributor, Author and Editor can be assigned. Contributors will be able to create content, but won’t be able to publish it. Those with the Author role will be able to create, publish and delete their own content. Editors can manage the content of others as well. Basically, you can assign these roles according to the way you are publishing content on your site. You can assign the Author role to in-house writers and give the Contributor role to guest writers. The Editor role will be naturally assigned to the person who has control over your entire content.
For WooCommerce Customers
As you know, the Customer role is assigned by default to anyone who registers in your store. Users with this role won’t have any other capabilities except being able to manage their own accounts.
However, you can create custom roles to segment your customers with the help of plugins. This will allow you to selectively offer personalized pricing, discounts, assign purchase capabilities, control access to products, etc. Stores with personalized pricing or wholesale stores can benefit a lot from this approach. We will discuss this in detail later in the article.
Best practices while assigning roles for the safety & security of your WooCommerce store
Now, we know user roles make it extremely easy for controlling how different users will access your site. It is important to follow some best practices while assigning permissions on your site so that your site’s security is not compromised.
Have a policy to assign roles
It is important to have a policy in place to manage how you are assigning roles to users on your WooCommerce store. The crucial part should be that a user should be assigned a role that is relevant to their way of engagement to the site. As we have pointed out above, you can assign Shop Manager, Author, or Editor roles for specific users when there are additional requirements.
Moreover, you need to be extremely cautious on assigning the Administrator role to anyone in your store. Many external vendors might request you to provide them Administrator access from time to time. You need to evaluate these requests carefully before granting access. If a particular action on your site by the vendor can be managed with a lower level of access, provide that. If such requests are a regular occurrence on your site, you can install a plugin that will help you specifically control the capabilities and permissions of each user role.
Make sure the user credentials are secure
You have to make sure that the username and passwords on your store are created according to the suggested best practices. It is important to not use usernames like ‘admin’ for your Administrator role, as hackers will find it easier to attack. Make it a practice that you don’t keep any such usernames that can be easily guessed. Instead, keep specific usernames based on the user’s real name.
Also, ensure you are using strong passwords for all users. WordPress provides a strong password every time you create a new user account on your store. You can use this default option, or if you are creating your own, ensure it is complicated enough. This will help to resist brute force attacks on your site to a great extent. If you need to share passwords occasionally with support teams or hosting service providers, make sure you are doing it through a password management system.
Two-factor authentication is an approach where an additional verification method is employed when a user is trying to sign in to your website. The most common method is to send a code as text or email, which the user needs to enter before they can sign in. Experts advise to apply this at least to Administrator, Editor and Shop Manager roles to ensure better security.
Setting up Google reCAPTCHA is another way to secure user login. This will help you keep spam in control and also reduce hacked login attempts on your site.
Check role assignments regularly
You need to periodically ascertain that all the user roles assigned on your site are relevant. Sometimes, you will assign the Administrator role to a web developer, who was helping you set up a feature. It is important to revoke the permission of that user, after the work is completed. This way if there are temporary role assignments in your store, you need to review them regularly. Similarly, the accounts of employees can also be changed to a lower access or disabled after they leave your company. This will ensure that there is no unauthorized access on your site.
Backups are an important part of a website’s general safety and security. Make sure that you are using a reliable backup tool, and storing it in multiple locations for added safety. Automatic WordPress backup plugins will surely help you worry less in this aspect.
Further customizing user roles and capabilities
Though WordPress user roles are primarily aimed at improving user access and providing better content management options, with WooCommerce it offers more business possibilities. You can create content restrictions using WooCommerce user roles, and also set up personalized pricing and discounts. For all this to be more effective, you need to be able to customize the existing user role structure in WordPress. Selectively adding capabilities, and also the ability to create custom user roles help a lot in this regard. We will explore these possibilities in this article.
Plugins modifying WooCommerce User Roles & Capabilities
There are several plugins that will help you to further enhance user role management on WordPress and WooCommerce. Now, we will take a look at some of the best ones
User Role Editor
This is one of the best plugins to customize user roles and capabilities on your WordPress site. It offers options to selectively assign capabilities and permissions to each user role you may have on your site. It lets you create new user roles and also helps to delete the roles that are not relevant on your site. Another interesting feature of the plugin is that it lets you copy the capabilities of existing user roles while creating a new role. The plugin also allows you to assign multiple roles to the same user.
- Helps you edit capabilities assigned to each user role in your store.
- Create custom user roles and define their capabilities.
- Delete unwanted roles from your site.
- Allow one user to have more than one role.
Check our detailed guide on the User Role Editor Plugin.
Members – Membership & User Role Editor Plugin
This is a powerful option to help you manage user roles on your site. It ensures that you can manage in a friendly interface how each user role in your website is assigned capabilities. The main advantage of this plugin is that you can offer specific capabilities to any role on your site. You can also remove capabilities selectively from any role. The plugin lets you offer multiple roles to the same user without any limits. It offers options to clone roles, and also allows you to restrict content on your store.
- Easily manage custom user roles and capabilities.
- Create content restrictions on your site easily.
- Remove unused roles effortlessly.
- Widgets and shortcodes support for easier management of the plugin.
You can use this plugin to extensively manage users and their roles in your site. You can use the plugin to customize each role and control the capabilities it has. The plugin helps you even customize the post editing screen, and allows you to selectively hide specific items on the editor. It even lets you control the access to WooCommerce-specific aspects of your store.
- Modify the capabilities of any user role.
- Works on all taxonomies and post types.
- Easily create user roles by copying the capabilities of existing ones.
- Control access to WooCommerce area.
Application of custom user roles and permissions in different WooCommerce business models
Primarily, user roles help to control the way users access different aspects of your site. This is mostly applied for store and content management. However, user roles offer great scope in creating and managing different business models. If you are running a membership store or a wholesale store, you will need to segment your customers for different plans and pricing patterns.
User roles and custom permissions have great applicability in different WooCommerce business models, such as:
- Restricted content access – If your site is content-focused, you can use user roles and custom permissions to control the access to your content. Based on the purchase of a product, you can assign permissions to customers to define what content they can access on your site.
- Role-based pricing and discounts – This has great appeal in wholesale and B2B transactions. Based on the roles assigned to your customers, you can control product pricing and discounts that you offer. Wholesale stores that have different tiers of pricing for different customers can use this feature to automate the pricing strategy.
Plugins that will help you make use of WooCommerce user roles
- ELEX WooCommerce Catalog Mode, Wholesale and Role Based Pricing – Create different pricing plans for various user roles on your WooCommerce store. Also helps to disable the eCommerce capability and simply run the site in catalog mode.
- ELEX Dynamic Pricing and Discounts Plugin for WooCommerce – This is a comprehensive plugin to set up diverse discount rules on your store. You can set up discounts specifically for certain user rules using this plugin.
- Roles and Permissions for WooCommerce – This plugin helps you provide a complete self service experience for your B2B customers. Your customers will be able to manage their own roles and permissions based on their organizational structure.
- Prices by User Role – You can offer discounts or markups to specific customer groups, or display completely different prices based on roles.
- YITH WooCommerce Role Based Prices – This plugin would help you display the right price for the right user without hassles.
- WooCommerce Members Only – This is a great plugin to restrict content access on your site based on user roles. You can create a private shopping area for specific customers to make purchases in your store.
- YITH Automatic Role Change – This plugin will help you automatically assign user roles to customers after purchase.based on different criteria that you specify.
- WooCommerce Pricing Plugin for Customers, Groups and User Roles – This plugin helps you set category based pricing specific to customers, groups and user roles. In addition, you can give various discounts to customers based on flat rates or percentage value that you specify.
User roles in WordPress help in providing a stable structure and organization to varied users of your site. Moreover, it helps you create selective access to your site’s content. And, when it comes to WooCommerce, user roles provide more scope in creating layered pricing and wholesale pricing. This article has attempted to provide more clarity regarding various user roles and their potential applications. Also, you must have got an idea regarding some of the plugins that would help you effectively use WooCommerce user roles. Let us know if you have any queries or concerns by leaving a comment below.
Watch the below video to understand WooCommerce user roles better.
Do you mind if I quote a few of your articles as long as I
provide credit and sources back to your webpage? My blog is
in the exact same niche as yours and my users would definitely benefit from some of the information you present here. Please let me know if this okay with you.
Thanks a lot!
Hi Daing, Sorry we are not encouraging such activities. Hope you understand.
Hi, I want the shop manager to be able to change the prices of all products but not the website design or front page … essentially just the shop , is this the default or will I have to make any changes, thanks
Hi John, you can use Capability Manager Enhanced plugin to selectively assign capabilities to Shop Manager role.
I want to tag a customer so I know they are a “beta user” this way I will know they get special discounts because they signed up early and supported me from the beginning.
How do I segment/tag them so I know who they are?
You can create a user role “Beta user” for all users registering on the beta version, and later can set up special offers for this user role. This plugin should help you – https://wordpress.org/plugins/prices-by-user-role/ or try out the premium version – https://www.xadapter.com/product/prices-by-user-role-for-woocommerce/?affiliates-22