WordPress User Accounts

A Quick Guide To This Page

WordPress comes with a comprehensive user role management system which defines what each specific user can and cannot do on your website. This covers everything from administrative to content related tasks. Setting your site users up properly will give you a strong grip on your WordPress website; this is essential for a site seeing rapid growth. This post is devoted to explaining the distinct user roles available in WordPress and how you can:

  • manage them with ease
  • enable all your users from the administrator to the supplementary roles; editor, author, contributor, developer or anyone else who will be working on your site to work effectively.

Being familiar with these user roles is important as they provide the most straightforward way to manage users access to your website. Following this tutorial, you will have the skills to add user roles, modify and change the users’ existing roles, and create custom user roles for any WordPress based website.

One of the essential features of the WordPress CMS is the availability of predefined user roles that segregate your website users by allocating them a role with a fixed set of capabilities. Allocating users roles ensures they only have access to the areas they need, minimizing the chances of any accidents or violations happening that could potentially bring down your website.

We can’t stress enough the importance of keeping your user accounts secure by using strong passwords and avoiding the “Admin” account name. WordPress users often make the mistake of leaving the default username “Admin”; it’s a big security concern since the username accounts for half of a users login credentials meaning you’re making a hackers job 50% easier.

To find your current user roles login to your WordPress Admin panel in WordPress, navigate to Users and click All Users to see all current user roles currently in place. The default Admin role typically is held by the site owner. User permissions can be controlled effectively from the User Role editor that opens when you select a specific user.

Add WordPress users to your site

The account created during WordPress installation is an Admin account. To give access to another person, you need to create a new user for them and assign that account a role which gives them appropriate capabilities. For instance, someone subscribing to your blog would naturally fit the permissions allocated to the Subscriber user role. Before adding a new user to your site, you should think about which capabilities they need to perform their job properly.

Follow these steps to create a new user:

  1. Click users in your dash and hit the Add New button located at the top of the page.

  2. On the Add New User page you need to fill in user information fields for each new user: Username, E-mail, Password, First and Last Name are optional, website for your account and finally, and assign a the desired role for the user from the drop down list.

  3. Once you're done, click on Add New User to complete.

  4. To be sure you've successfully created a new user, log in using the credentials you've just created, if all the rights as should be, pass the credentials on to the specific user.

Edit WordPress users

You may edit users roles as you see fit. Should an Author be promoted to an Editor, for example, you will need to reflect these changes in their WordPress capabilities, so they can carry out their new role successfully.

To change an existing user role:

  1. Head to the Users area of the admin panel, check the user in question and click the drop-down box Change Role to, this will bring up a list of user roles.

  2. Select the new role required and hit the Change button.

It's also possible to change user roles manually in the database via phpMyAdmin, but before making any changes to your database, we strongly recommended to make a backup. To change users manually from your database, refer to this guide.

Remove WordPress users

There are times when a user is no longer required and, you’ll want to delete their user account. Follow these steps to delete a user from your site:

  1. Select User from your dash and click the Delete link located beneath the user name.

  2. WordPress will ask ‘What should be done with content owned by this user?’ You have two choices:

    • Delete all content – Select this to delete all content this user created.

    • Attribute all content to – This option allows you to assign the content linked to this user to another user of your choosing. Select the required user from the dropdown list.

  3. Select the appropriate option and click Confirm Deletion to remove the user.


WordPress User Roles

A user role defines the permissions a user has within your WordPress installation. It allows them to perform tasks appropriate to their place in your organization. By default, individual WordPress installations have five distinct user roles with predefined capabilities: Administrator, Editor, Author, Contributor plus any Subscribers you have. Multisite installations feature the additional Super Admin role.

Each user role comes with certain privileges. They can all access the dash, but their operations are limited by the role they have been assigned. By understanding how each user role works, you'll be able to make an informed decision about which roles suit specific users on your site.

WordPress assumes that your site has multiple contributors who are allowed to do certain things to your site. Each of the five roles has its own capabilities ranging from administrative tasks, writing content, content management and more and this platform allows your to segregate users as per your site needs.

Even if you anticipate yourself as the sole contributor to your site for the foreseeable future, you may wish to expand at some point, and WordPress user roles are worth bearing in mind. For instance, you might choose to hire a regular guest post writer, in this case, “Contributor” is an ideal fit.

Super administrator

The Super Administrator role is not available on regular WordPress installations; it’s unlocked if you run a multisite WordPress network. This role has the most privileges; as super admin you can have access to the entire website and network administration features, you may add or delete websites within the network and perform network-wide operations.

Administrator

The Administrator is regarded as the most powerful of the five default users on a regular WordPress install because it provides users with full hold over the website. This role is defined when a user installs WordPress The Administrator, (know as admin) user role is created using the username and password created during the installation.
The admin is the only user with permission to create new users, and modify and delete existing ones. As an admin, you have access to all administration features such as adding, deleting and editing information from all other users and have complete control over site content. The admin may add, delete and modify themes, plugins and core settings at any time.

Since this role has unlimited access to core website functions, it should be reserved for users who need full control over all website settings, it would be a bad idea for this to be in the wrong hands. In most cases, a site will have one administrator, and typically, the site owner will hold this position. If you have multiple sites installed on WordPress, some of the abilities of the Admin are assigned to the super admin role who administers the site network while the admin is concerned with managing a single site.

Editor

As you’d expect from an Editor, the editor role holds the highest position for overseeing a WordPress website's content. The only role higher than the editor regarding privileges is the admin, who can perform site management tasks as well as manage and delete content as per this role. Users assigned the editor role have total control over website content, their rights mean they can manage posts such as write, edit and publish and have the power to delete their own posts and pages, this includes those written by anyone else. The editor can also view comments and moderate, alter, and delete them as they see fit.

An editor’s rights go beyond content management. They may also manage categories add or delete tags and even upload files. Aside from having open access to all content related aspects of your site, the editor won't have access to your site's settings, plugins or users.
Given that editors traditionally review posts submitted by contributors, it’s smart to never assign this role to a regular contributor due to the generous permission included. Since they can delete published posts, we recommend only assign this role to someone you trust or limit the capabilities if you're unsure about giving anyone so much free reign on your site, simply tweak the role to meet your needs.

Author

Users with the Author role have complete over their content, they may add, edit, publish and delete their own posts and upload images. They can also edit and delete their profile. This role is restricted from access to content produced by other users and blocked from creating categories or doing anything to the pages on a site.
You might notice an author displayed on a websites authors pages. They may give biographical information about themselves alongside a built-in archive page displaying a list of posts they've written. These can be customized with photos and extras including name, location, social profiles and so on.
This role isn't used much in practice since authors can delete their published posts and images, and edit their own published articles, which could cause problems for site owners. If you plan a website with multiple authors, you might want to consider the contributor role. The contributor role is a safer bet to avoid the risk of miscommunication or workers deleting their content if they are fired for example.

Contributor

The Contributor role is a restricted version of the author role. A user with this role can write new posts and edit existing posts but can't publish or delete them once they are published. A Contributor will submit their work for review by an Editor or an Admin before it can be published. It's worth noting that contributors can't access the media library which means they can't upload images to their posts without assistance.
This role is a good choice when you want to allow other people to write for your website since they can’t access any of the features of the admin user role such as altering your site’s design, uploading or removing plugins or creating new categories. They can, however, use existing categories to add tags to their posts. A contributor may view comments, even those which are in moderation but, they can’t modify, approve or delete them.

Subscriber

The Subscriber is the default role for new site users, and it has the fewest permissions. If this role stays with the default capabilities, it is the most limited of all the WordPress user roles. A subscriber can create a profile on a WordPress website, read its content and post comments. They have no access to any site settings and can't create or amend any content.
You may modify the default settings to allow users to log into your site and leave comments without having to enter their details each time which is useful for people who frequently read your blog and actively comment which makes the whole process much easier and faster for readers. You may also use this role to deliver additional content to your readers, such as newsletters. It may encourage your users to register if they want to access otherwise blocked content. The subscriber is also allocated to anyone who has subscribed to your website using an RSS feed, mailing list or feature to receive updates from your site.

Custom user roles

WordPress’ predefined user roles do a good job of offering capabilities that fulfill the requirement of most websites, however there may be cases where you need a user who doesn't fit within one of the default role parameter settings, for instance, you may want to customize the user Author, which traditionally can delete their posts once they are published, which could cause problems. To counter this, you may modify existing WordPress user roles and create custom users with the help of a plugin, or manually from the WordPress Admin.

Create custom roles manually

WordPress software lets remove its default user roles, and create custom users. This is simply a matter of assigning limited privileges to specific user groups. Follow this guide to create a user role the manual way.

Create Custom user roles with a Plugin

You might prefer to use a plugin to control user roles; there are lots available to add, modify and delete user roles and capabilities. The free Members plugin gives you total control over your site’s users by extending the rights of the default roles. With this plugin, you may modify existing user roles as well as create a custom function for your site users. You may add this plugin directly from your WordPress plugins directory. Once the Members plugin is installed and activated, you can begin creating new user roles:

  1. Head to your dash, hover over Users and find the new option included with the Members plugin; Add New Role. Click here to open the Create a Custom Role screen.

  2. Begin by giving the role a memorable name, for example, you might give the role a name like “Author Pro” to provide extended functionalities to the most experienced authors on your site. Now tick the checkboxes to assign and deny the capabilities for your new user role. To finalize, click Add Role. Your new user role is now ready to use.

Customize user roles with a Plugin

To customize an existing user role with the Members plugin follow these steps:

This plugin affords you true flexibility, consider the Author role, you may update this role with a restriction from deleting posts simply by clicking the checkbox next to Deny for the delete_posts function accessible from the Author user role setting. As we've demonstrated, the Members plugin performs plenty for a free plugin; you get peace of mind your website isn't being mishandled by any of your users. This type of plugin is ideal if your site is on the verge of growing and you foresee needing more hands on deck to handle it.

There are many other plugins designed for User Role administration including the User Role Editor. This free plugin makes an easy job of user access management, editing roles with this plugin is slightly more straight forward, and it has some extended features, it not only supports core capabilities but it also list capabilities for any additional functions you have defined through your website plugins and themes.

Other notable plugins include Capability Manager Enhanced, a simple tool for managing WordPress user role capabilities, the Cimy User Extra Fields plugin lets you add predefined fields to users profiles and Force Strong Passwords forces your users to create strong passwords to access your site.

You may also like

Need help? We're always here for you.

× Close