Last updated - March 17, 2022
If you are a WordPress site owner, you would probably be interested to know how to control other users on your site. WordPress user roles help you control the access and capabilities of other users on your site. For example, the capabilities required for a web designer and content creator will be quite different in a WordPress site, and you should be able to manage this seamlessly. WordPress user roles let you manage exactly this. In this article, we will look into all the aspects of WordPress user roles, and also explore possibilities to customize this aspect.
What are WordPress user roles?
A WordPress user role is a collection of capabilities that determines how the user will interact with a website. Every user in a WordPress site will have a user role assigned to them. For example, when a new user is signed up to your WordPress site, the Subscriber role is assigned to them by default. Somebody with a Subscriber role will only be able to read posts and pages on the site, and also manage their own profile.
However, you might need to give users additional permissions to manage different other tasks on your site. For example, if you are getting external help to configure the site, that user will need the capability to manage themes, plugins, etc. Or a content editor will need to publish posts and pages on the site. So, for different purposes you may have to assign capabilities differently. In the above example, the content creator will not require the capability to manage plugins and themes. So for a broad classification of who can do what on a WordPress site, you can rely on WordPress user roles.
As the site owner, when you create the website, you will have an Administrator login. The user role assigned to the site owner will be ‘Administrator’, who has all the possible capabilities in a single site setup. There is also another role called ‘Super Administrator’, which is relevant to a multisite WordPress install. We will discuss all the available user roles and their capabilities in the following sections.
How to assign WordPress user roles?
On a WordPress site, only those users with ‘Administrator’ role will be able to create users or assign a different role to a user. So if you are logged in to your WordPress site as an Administrator, you can see information about all the users on your site by going to the ‘Users’ section on the WordPress admin dashboard.
Now when you create a new user, you will see fields to add name and other details of the user, and also a drop-down menu to assign the role. You will have the same option if you open an existing user’s profile as well. With the default WordPress single site install, you will see the 5 basic roles – Administrator, Editor, Author, Contributor and Subscriber.
Different WordPress user roles and their capabilities
Let us take a look at different WordPress user roles, and see what you can manage with each.
Administrator
As discussed above, the Administrator role has all the capabilities to manage the content part of the site as well as the site’s backend. The following are the capabilities of the WordPress Administrator user role:
- read, edit, publish posts and pages.
- delete pages and posts.
- export and import.
- manage users.
- remove users.
- manage categories.
- moderate comments.
- edit dashboard.
- manage links and options.
- activate plugins.
- access Customizer.
- edit, delete, install, update plugins.
- upload and edit files.
- update core.
- edit, delete, install, update themes.
- switch themes.
- edit theme options.
- delete site.
- read, edit, create, delete Reusable Blocks
Editor
The Editor role is intended to be assigned to a user who is managing the content on your site. They will be able to edit, delete and publish all posts and pages on the site. Here are the capabilities:
- read, edit, publish posts and pages.
- delete pages and posts.
- manage categories.
- manage links.
- moderate comments.
- upload files.
- read, edit, create, delete Reusable Blocks
Author
The Author role is generally assigned to a user who is self sufficient to create and publish their own posts on the site. The following are the capabilities:
- read posts.
- edit, delete own posts.
- publish own posts.
- upload files.
- read and create Reusable Blocks.
- edit and delete own Reusable Blocks.
Contributor
The Contributor role will be for somebody who can edit and manage their own posts. However, they won’t have the capability to publish posts. The capabilities are:
- read posts.
- edit and delete own posts.
Subscriber
The Subscriber role is the one that is assigned by default to any new user on WordPress. They can only manage their own profiles. A user with the Subscriber role can:
- read posts.
- manage own profile.
Super Admin
In a multisite network, the role which has all the capabilities of network administration is called ‘Super Admin’. This role supersedes the Administrator role in a single site setup. For example, a user with Super Admin role will be able to install themes, whereas an individual network admin won’t be able to do it. The special capabilities of the Super Admin role are:
- create and manage sites.
- delete sites.
- manage network.
- manage network, users, plugins and themes.
- set up a network, and upgrade all the sites in it.
The Importance of WordPress user roles
Here is a look at some of the advantages of WordPress user roles while managing a site.
Easier site management
Primarily, WordPress user roles let you manage the site tasks more effectively. In a lot of cases, the site owner won’t be the one creating content, or managing plugins, themes, updates, etc. WordPress user roles help to easily allocate different types of permissions to manage different aspects of the site. It contributes to a more organized and systematic approach of task management on a WordPress site.
Strengthens security
It helps to strengthen the security of your site by providing only necessary access to users on the site. The site owner will have total control over who has what access on the site. This will reduce the risks from hacking attempts through different profiles on your store. In addition, you can set up role-specific security protocols as well.
Better time management
WordPress user roles will help site owners manage the time they spend on the site more effectively. They can easily delegate site tasks to other users without giving them complete access to the site. This will help you focus more on tasks that need your immediate attention.
Easy to modify
By assigning different roles to different users, site owners will be able to divide and distribute tasks effectively on a site. However, in some scenarios, the default roles and capabilities won’t be enough to handle specific site requirements. WordPress user role system is quite flexible to modifications. You can extend the default user role system with the help of code snippets or plugins to make it more suitable for different requirements.
Useful to create different business models
Since it is quite easy to modify, you can use WordPress user roles to create different business models. By restricting content based on user roles, you can create different membership-level-based access to users on content-rich site. In addition, on wholesale eCommerce stores, you can create tiered pricing specific to user roles. To manage these different business models, you need to tweak the default WordPress user role system with plugins or code-level modifications.
Tips to manage WordPress user roles
You can use the following tips to manage WordPress user roles more efficiently on your website.
Create and follow guidelines on assigning user roles
Depending on the nature of your site, you can follow a systematic pattern to manage your WordPress user role system. The requirements for an educational site will be different from a business website. So the way you assign user roles too will change according to the needs of the website. So, it is important to create guidelines specific to your website’s need and follow them strictly to avoid any unauthorized access.
Assign Administrator role only when it is absolutely necessary
Since the Administrator user role has all the capabilities on a site, you should assign it only when absolutely necessary. There could be several scenarios where you need to assign administrative privileges to external professionals for managing plugins, or for marketing activities. In such cases, always remember to revoke the capabilities after the task is done.
Avoid sharing credentials
In many cases, you might be tempted to share the credentials of a user account, to avoid the hassles of creating a new one. According to experts, this is a major cause for unauthorized access to your site. So, if you want to provide temporary access to someone, create a new profile rather than sharing the credentials of an existing one.
Encourage users to keep strong passwords
WordPress automatically generates strong passwords for all user profiles. However, it also allows the use of a weak password, if confirmed by the user. Encourage all users on your site to set strong passwords to avoid easy breaches. You can also consider enabling two-factor authentication at least for Administrator and Editor users on the site.
Use plugins to customize the capabilities of each role
By default, you will not be able to cherry pick capabilities for each WordPress user role. However, you can use WordPress to customize the capabilities of each role with the help of plugins. Such plugins let you create custom user roles on your site as well. There are also plugins that will help you monitor the activities of different users on your site to ensure better productivity and accountability. We will discuss some of these plugins in more detail in the next section.
Plugins to customize WordPress user roles and capabilities
There are several plugins in the WordPress ecosystem that will help you modify user roles and capabilities. We will discuss some of them here.
User Role Editor
The User Role Editor plugin is one of the most popular options to customize WordPress user roles and capabilities.
Here is what you can do with the plugin:
Add additional capabilities
You can use this plugin to add additional capabilities to user roles easily. Once the plugin is installed, on the WordPress admin panel, go to Users > User Role Editor to access its settings.
To add additional capabilities, select the role you want to edit, tick the checkbox for each capability that you want to assign to the role, and click the Update button.
Add custom user roles
You can use this plugin to create custom user roles and assign capabilities to it as per your requirement. You can create a user role and its capabilities from scratch by clicking the Add Role button and adding role name and then assign capabilities.
Or, you can duplicate an existing role, and then selectively assign capabilities to it.
Assign multiple roles to the same user
With the default WordPress settings, for a user only one role can be assigned. With this plugin, you will be able to assign multiple roles to the same user.
While editing a role, you will find a field to add additional roles to the same user.
Add or delete capabilities
This plugin helps you add custom capabilities, as well as delete capabilities that are not relevant to your site any more.
Check our detailed guide on the User Role Editor Plugin.
Members – Membership & User Role Editor Plugin
This is another plugin that will let you customize user roles effectively on your site. It has most of the features required for user role customization. In addition, you can also restrict visibility of individual posts by specifying which roles can access them.
For this, simply open a post and tick the checkbox next to the user roles that you would like to grant permission to view the post. And for roles that don’t have access to the post, you can set up an error message as well.
Enable Private Site
You can also use this plugin to make only logged in users access the site. From the WordPress admin panel, go to Members > Settings. Scroll down to the Enable Private Site section, and tick the checkbox to redirect logged out users to the login page. This will make sure that only logged in users of your site will be able to access the content.
PublishPress Capabilities
This is another plugin you can use to customize WordPress user roles on your store. You can use the plugin to assign capabilities selectively to user roles and also to create new roles. The additional features of this plugin are:
Restrict access to admin menu and navigation menu
You can use this plugin to restrict access to your WordPress admin menu and site navigation menu based on user roles.
Define what users can see while creating a post
You can remove specific editing options for user roles so that those options will not be visible for specific roles.
Monitoring user roles
There are also plugins that will help you monitor user activity on your WordPress site. These plugins will help you understand what specific action has been taken by a particular user on a site. You can use these plugins to understand modification of post status, profile updates, changes in core settings etc.
Here are a few options.
WP Activity Log
You can use this plugin to get a clear understanding of user activity on your site, and thereby will be able to strengthen security. You will be able to monitor any status changes for posts and pages using this plugin. It will also give you an idea on user logging in and out of your site, and also about changes in user profiles. It also keeps track of changes in plugins and themes and also any updates to WordPress core settings.
Simple History – user activity log, audit tool
You can use this plugin to create logs of all activities on your WordPress site. It records changes made to posts, pages, comments, taxonomies, widgets, plugins, etc. Data export requests and data erasure requests will also be recorded with this plugin.
Activity Log
This is another plugin that will help you keep logs of your site activity. It will log all activity on your site, and you will be able to view it on a user-friendly interface. You can easily export activity logs using a CSV file. Moreover, the plugin ensures GDPR compliance.
We hope you got a clear idea on WordPress user roles from this article. Please leave us a comment if you have any queries regarding the topic.