Do you want to understand roles and permissions in WordPress?
WordPress comes with a user role management system that defines what a user can and cannot do on your website. Knowing these user roles and permissions is essential as your WordPress website grows.
In this tutorial, we'll dig deeper into WordPress user roles and permissions, so you can better manage your website.
But before we get started, if you've never installed WordPress, find out How to Install a WordPress Blog in 7 Steps et How to search, install and activate a WordPress theme on your blog
Then let's go to why we are here.
What are WordPress user roles and permissions?
Using WordPress user roles and permissions correctly gives you full control over your WordPress website and can help you improve security of your website.
Users are people who have already registered on your website, and each user is assigned a specific role when creating their account.
A user's role is made up of certain capabilities, or permissions, that spell out the actions they can perform on your website.
Out of the box after installing WordPress, five default user roles are available:
- Administrator
- Editor
- Author
- Contributor
- Subscriber
You can also read the summary of each user role and its capabilities and permissions below.
1. Administrator role
On a regular WordPress website, the admin role is the most powerful user role. Users with the admin role can add new posts, edit posts from any user, and delete those posts.
Additionally, they can install, modify, and remove plugins and themes.
Most importantly, admin users can add and remove users and edit existing user information, including their passwords.
This role is basically for site owners only and gives you full control of your blog WordPress. If you are running a multi-user WordPress site, you need to be very careful who you assign an admin user role to.
2. Role of the editor
Users with the editor role in WordPress have full control over the content sections of your website.
They can add, edit, publish and delete all articles on the website, including those written by others. An editor can also moderate, edit and delete comments.
Publishers are not allowed to change your website settings, install plugins and themes or add new users.
3. Authorship
Users with the author role can write, edit and publish their own articles. They can also delete their own posts, even if they are already posted.
When writing articles, authors cannot create new categories, but they can choose from existing ones. They can also add tags to their posts.
Authors can view comments even those pending review, but they cannot moderate, approve, or delete comments.
They don't have access to website settings, plugins, or themes, so this is a low-risk user role. The only exception is the ability to delete their own published articles.
4. Role of the contributor
Users with the contributor role can add new articles and edit their own articles, but they cannot publish articles.
When writing articles, they can choose from existing categories and create their own tags.
The biggest downside of the contributor role is that they can't upload files, so they can't add images to their posts.
Contributors can also view all comments on the website, but they cannot approve or delete comments.
Finally, they don't have access to website settings, plugins or themes, so they can't change your website settings.
5. Subscriber Role
Users with the Subscriber role can login to your WordPress website, update their user profiles, and change their passwords.
They cannot write articles, post comments or do anything else in your WordPress admin area.
This user role is particularly useful if you have a subscription website, an online store or other website where users can register and log in.
Bonus: Super Admin Role
This user role is only available on a WordPress multisite network.
Users with the super administrator user role can add and remove websites on a multisite network. They can also install plugins and themes, add users, and perform network-wide actions on a WordPress multisite setup.
Think of it like having administrator access to every site on the network web.
How to Customize User Roles and Permissions in WordPress
The default WordPress user roles have capabilities that will work for most WordPress websites and blogs.
For example, if you manage a magazine website, the “Editor” role can be assigned to senior staff, the “Author” user role can be reserved for junior staff, and the “Contributor” role can be reserved for guest writers.
But sometimes you may want to customize the permissions and features assigned to the role according to the specific needs of your website.
Like the default author role which allows users to post their own articles and also gives them the option to delete their published articles. In this case, you might want to remove the feature that allows authors to delete their articles.
Some WordPress plugins also add specific roles to your website. But if you want to customize your WordPress user roles, the easiest way is to use the WordPress Plugin Members. It allows you to easily create, manage and modify user roles on your website.
The first thing you need to do is activate and install the plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
Upon activation, you will have a new menu item called “Members” in your WordPress admin panel.
You have to go in Members » Roles, then click the user role you want to edit.
In this example, we'll change the "Author" role, but you can choose whichever role best suits your needs.
This takes you to a page where you can fully customize the functionality of this role.
To remove a feature for the role, simply check the "Deny" box. If you want to add a new feature, check the “Allow” box.
Here we are going to check the “Deny” box for the Delete messages user functionality.
If you do not check a box for an available role, that user will not have this functionality.
Once you're done customizing your role, be sure to click the " Update profile ».
Changes you make will automatically apply to all existing users who have this role and to all new users who are assigned the role.
How to create custom user roles in WordPress
Another thing you can do is create completely custom user roles in WordPress with unique sets of features.
To do this, we will use the same plugin as above.
Just go to Members -> Add new role, then give your new role a name.
In this case, we are going to create a developer role which we can give to a WordPress developer with certain permissions granted.
The left column has different sections that have lists of available features. We will select the " Appearence and then add features to edit, install, and update themes.
After that, be sure to click on the " Add a role to save the user role.
Then you can create a new user and assign him the new role.
To do this, go to Account » Add, then fill in your new user information.
At the bottom of the screen, you will see a "User Roles" section.
Simply check the boxes corresponding to the user roles you want to assign to the new user, then click the " Add an account».
Now you have created a new custom WordPress user role and assigned it to a new user.
Recommended Resources
Discover more resources recommendations that will accompany you in the creation and management of your website.
- How to Create a Website Specific WordPress Plugin
- How to change the admin area color scheme
- How to Rename Categories in WordPress
- How to have advanced user control on WordPress
- WordPress backup: explanations and the best WordPress plugins
Conclusion
So ! That's all. We hope this article has helped you understand user roles and permissions.
However, you will also be able to consult our resources, if you need more elements to carry out your projects of creation of Internet sites, by consulting our guide on the WordPress blog creation.
Feel free to share this article with your friends on your favorite social networks. But, in the meantime, tell us about your Comments and suggestions in the dedicated section.
...
