WordPress User Roles
A user role defines the permissions a user has within your WordPress installation. It allows them to perform tasks appropriate to their place in your organization. By default, individual WordPress installations have five distinct user roles with predefined capabilities: Administrator, Editor, Author, Contributor plus any Subscribers you have. Multisite installations feature the additional Super Admin role.
Each user role comes with certain privileges. They can all access the dash, but their operations are limited by the role they have been assigned. By understanding how each user role works, you'll be able to make an informed decision about which roles suit specific users on your site.
WordPress assumes that your site has multiple contributors who are allowed to do certain things to your site. Each of the five roles has its own capabilities ranging from administrative tasks, writing content, content management and more and this platform allows your to segregate users as per your site needs.
Even if you anticipate yourself as the sole contributor to your site for the foreseeable future, you may wish to expand at some point, and WordPress user roles are worth bearing in mind. For instance, you might choose to hire a regular guest post writer, in this case, “Contributor” is an ideal fit.
The Super Administrator role is not available on regular WordPress installations; it’s unlocked if you run a multisite WordPress network. This role has the most privileges; as super admin you can have access to the entire website and network administration features, you may add or delete websites within the network and perform network-wide operations.
The Administrator is regarded as the most powerful of the five default users on a regular WordPress install because it provides users with full hold over the website. This role is defined when a user installs WordPress The Administrator, (know as admin) user role is created using the username and password created during the installation.
The admin is the only user with permission to create new users, and modify and delete existing ones. As an admin, you have access to all administration features such as adding, deleting and editing information from all other users and have complete control over site content. The admin may add, delete and modify themes, plugins and core settings at any time.
Since this role has unlimited access to core website functions, it should be reserved for users who need full control over all website settings, it would be a bad idea for this to be in the wrong hands. In most cases, a site will have one administrator, and typically, the site owner will hold this position. If you have multiple sites installed on WordPress, some of the abilities of the Admin are assigned to the super admin role who administers the site network while the admin is concerned with managing a single site.
As you’d expect from an Editor, the editor role holds the highest position for overseeing a WordPress website's content. The only role higher than the editor regarding privileges is the admin, who can perform site management tasks as well as manage and delete content as per this role. Users assigned the editor role have total control over website content, their rights mean they can manage posts such as write, edit and publish and have the power to delete their own posts and pages, this includes those written by anyone else. The editor can also view comments and moderate, alter, and delete them as they see fit.
An editor’s rights go beyond content management. They may also manage categories add or delete tags and even upload files. Aside from having open access to all content related aspects of your site, the editor won't have access to your site's settings, plugins or users.
Given that editors traditionally review posts submitted by contributors, it’s smart to never assign this role to a regular contributor due to the generous permission included. Since they can delete published posts, we recommend only assign this role to someone you trust or limit the capabilities if you're unsure about giving anyone so much free reign on your site, simply tweak the role to meet your needs.
Users with the Author role have complete over their content, they may add, edit, publish and delete their own posts and upload images. They can also edit and delete their profile. This role is restricted from access to content produced by other users and blocked from creating categories or doing anything to the pages on a site.
You might notice an author displayed on a websites authors pages. They may give biographical information about themselves alongside a built-in archive page displaying a list of posts they've written. These can be customized with photos and extras including name, location, social profiles and so on.
This role isn't used much in practice since authors can delete their published posts and images, and edit their own published articles, which could cause problems for site owners. If you plan a website with multiple authors, you might want to consider the contributor role. The contributor role is a safer bet to avoid the risk of miscommunication or workers deleting their content if they are fired for example.
The Contributor role is a restricted version of the author role. A user with this role can write new posts and edit existing posts but can't publish or delete them once they are published. A Contributor will submit their work for review by an Editor or an Admin before it can be published. It's worth noting that contributors can't access the media library which means they can't upload images to their posts without assistance.
This role is a good choice when you want to allow other people to write for your website since they can’t access any of the features of the admin user role such as altering your site’s design, uploading or removing plugins or creating new categories. They can, however, use existing categories to add tags to their posts. A contributor may view comments, even those which are in moderation but, they can’t modify, approve or delete them.
The Subscriber is the default role for new site users, and it has the fewest permissions. If this role stays with the default capabilities, it is the most limited of all the WordPress user roles. A subscriber can create a profile on a WordPress website, read its content and post comments. They have no access to any site settings and can't create or amend any content.
You may modify the default settings to allow users to log into your site and leave comments without having to enter their details each time which is useful for people who frequently read your blog and actively comment which makes the whole process much easier and faster for readers. You may also use this role to deliver additional content to your readers, such as newsletters. It may encourage your users to register if they want to access otherwise blocked content. The subscriber is also allocated to anyone who has subscribed to your website using an RSS feed, mailing list or feature to receive updates from your site.
Custom user roles
WordPress’ predefined user roles do a good job of offering capabilities that fulfill the requirement of most websites, however there may be cases where you need a user who doesn't fit within one of the
default role parameter
settings, for instance, you may want to customize the user Author, which traditionally can delete their posts once they are published, which could cause problems. To counter this, you may modify existing WordPress user roles and create custom users with the help of a plugin, or manually from the WordPress Admin.
Create custom roles manually
WordPress software lets remove its default user roles, and create custom users. This is simply a matter of assigning limited privileges to specific user groups. Follow
to create a user role the manual way.
Create Custom user roles with a Plugin
You might prefer to use a plugin to control user roles; there are lots available to add, modify and delete user roles and capabilities. The free
gives you total control over your site’s users by extending the rights of the default roles. With this plugin, you may modify existing user roles as well as create a custom function for your site users. You may add this plugin directly from your WordPress plugins directory. Once the Members plugin is installed and activated, you can begin creating new user roles:
Head to your dash, hover over Users and find the new option included with the Members plugin; Add New Role. Click here to open the Create a Custom Role screen.
Begin by giving the role a memorable name, for example, you might give the role a name like “Author Pro” to provide extended functionalities to the most experienced authors on your site. Now tick the checkboxes to assign and deny the capabilities for your new user role. To finalize, click Add Role. Your new user role is now ready to use.
Customize user roles with a Plugin
To customize an existing user role with the Members plugin follow these steps:
Once successfully activated, this plugin will add two new options to the default Users in your WordPress dashboard; Roles and Add New Role. Click Roles to view all existing user roles available on your site. Click on a role to see which functions are available to the user. You'll now see the rights granted to the specific role. From here you may grant additional rights or deny existing rights, there are many capabilities to specify for any user role with this plugin.
Check the checkbox grant to add a right or select deny to block it. For example, if you want to grant an Editor access to the Create Users function, open the Editor role and tick the grant checkbox next to create_users. In the default setting, this function was limited to the Admin alone.
Click Update to confirm your changes. You’ve successfully customized a default WordPress role.
This plugin affords you true flexibility, consider the Author role, you may update this role with a restriction from deleting posts simply by clicking the checkbox next to Deny for the delete_posts function accessible from the Author user role setting. As we've demonstrated, the Members plugin performs plenty for a free plugin; you get peace of mind your website isn't being mishandled by any of your users. This type of plugin is ideal if your site is on the verge of growing and you foresee needing more hands on deck to handle it.
There are many other plugins designed for User Role administration including the
User Role Editor.
This free plugin makes an easy job of user access management, editing roles with this plugin is slightly more straight forward, and it has some extended features, it not only supports core capabilities but it also list capabilities for any additional functions you have defined through your website plugins and themes.
Other notable plugins include
Capability Manager Enhanced, a simple tool for managing WordPress user role capabilities, the
Cimy User Extra Fields plugin lets you add predefined fields to users profiles and
Force Strong Passwords forces your users to create strong passwords to access your site.