WordPress is the most preferred Content Management System (CMS) for developing secure websites. WordPress is nowadays almost used around 27% of the people to create their website. As a CMS, it comes with a role management system which enables to define what tasks a particular user can or cannot perform on their website. Being aware of these roles it is necessary for you to manage your website accessibility with more ease.
About the security, this platform provides methods to segregate the users by defining a fixed set of rules for their profiles. This helps and restricts the user to a limited set of standards which have been specified to them. This is the main reason why most of the content based websites are built using WordPress.
Master WordPress User Roles and Permissions
If you run a multi-author site or simply if you want some other people to access your website, it is a quite big job that you need to assign each person for an appropriate role. But WordPress comes with 5 user roles, each of them has their own set of permissions. They are Administrator, Editor, Author, Contributor, and Subscriber. These user roles can help your users understand what their role is and makes sure that no unauthorized user can harm your website.
Proper management of WordPress user roles is that you get a right balance between user roles and access level. In case of any failure to the proper management of user roles, then it might lead to increase of mistakes or accidents, that can potentially have catastrophic consequences for your blog.
1. Administrator:
An administrator is the most powerful role and it is mainly reserved for the site owners only. It is assigned when you first install the WordPress, probably that you are the administrator. As an administrator, the user can add, edit and delete any post on the website. This includes the posts by editors, authors, and contributors as well. A user with an administrator (normally called as admin) role has the ability to change the structure of the website including its themes, plugins and other user settings. It is the only user which can create new users, modify and delete any existing ones including other administrators also.
It gives the user the full control of the website and they can manage other users, change their password, information and also roles. When you are willing to use your website with multiple users, be careful in assigning roles to them. Working with multiple users you should have proper legal documents to prevent any future dispute.
2. Editor:
The editor is in the top position for handling the content of your website. A user with an editor role can do anything with the content of your website which includes your pages, posts, media and comments. They have access to add, edit, publish and delete any posts on your WordPress website. This includes all the posts, even the ones written by others such as author, contributor, and admin.
It has the ability to view all the comments and also moderate, alter and delete them. Thought it has access to all the content aspects of the website, it cannot change the site’s settings, remove or change plugins or add any new users. But for the security purpose, it is often suggested to create a new user on your WordPress website with the editor role, even though you are the only person publishing content on your blog. Hackers can attempt to attack your website using brute force. If your content is posted with editor role and if your site is compromised then hackers won’t be able to get access to your site.
3. Author:
Author, as the name, suggests the users who have assigned the role of an author can write, edit and publish their posts. They have the access to delete their own post but they cannot delete the post written by others as well they don’t have the accessibility to create new categories, but they can only choose an existing category and create new tags for their posts. They have a complete freedom to upload media files to use within their posts. They can view all the comments including the ones which are awaiting moderation from the admin, but they cannot alter, moderate, approve or delete any comments. Then the author does not have the freedom to change the theme, plugin and other settings of the website. The main drawback in assigning an author role is that, even after publishing the posts, they can delete any of their posts. Though this is not a major issue, it can create a problem in some instances. Authors can delete the posts after publishing them, even if they are paid for this task or, they may delete their posts after resigning from the company. The consequences of such situation can be dangerous for your website. It is always better to keep a WordPress backup for your website.
4. Contributor:
Contributors are the users who aim at getting the recognition by contributing their work on your website. A contributor can add a new post, edit their post but they cannot publish any post, not even their personal ones. They have no access to the admin functionalities like altering the website design, uploading the plugins or creating new categories. It can choose from the existing categories and add the relevant tags to their posts.
They are able to view all the comments, even which are in moderation but they cannot alter, approve or delete them. They are even restricted to upload any external files on the website, not even the images for their posts. It doesn’t have access to the media library and can ask the editor or admin to upload for them. The blog posts written by WordPress contributors need to be approved and published by a WordPress editor or administrator.
5. Subscriber:
A subscriber is a default role that is assigned to each user if you enable site registration. If you provide a subscriber role to your user, they can log in to your WordPress website, update their profiles and change their passwords. They are not able to write posts, view comments, modify the WordPress theme or anything else inside your WordPress admin area.
This role is suitable only when you want your users to log in to your website to view posts or leave a comment. Being a subscriber, they may enroll in the email subscriptions like newsletter and promotions if you provide one on your website. They get access to their own profiles and can edit some of their own information.
Apart from these above roles, there are additional roles such as super admin, guest, customers, vendors, employees and many more.
We will show you a quick step about how to add a new user:
- Log into your WordPress dashboard, and select users > add new.
- Fill in the forms given
- And then create a password by clicking show password(you can change it whenever you want or the new user may also have the access to change it)
- Choose a requires WordPress user role from the drop-down menu
- Then click add new user
Final Thoughts:
You are free to do whatever you want on your WordPress website. You are able to modify or add new user roles on your WordPress website. It is mainly used to improve the security of your site and keeps all the registered users organized. As an admin, you can create special purpose roles and can modify the capabilities of the existing ones.
You May also want to check this Out:
- WordPress.Com vs WordPress.Org – Whats the Major Difference?
- A Closer Look At WordPress Dashboard For Beginners
- 9 Best Must Have WordPress Plugins For Your Websites
Hope you got an idea of the WordPress user roles and Permissions. If you have any queries please feel free comment us. You can subscribe us on Facebook and Twitter.
This is Eunice. I am a web designer and I have designed a lot more creative websites. My passion is to work with WordPress. I have come across your article your article about Beginners Guide to Master WordPress user roles and Permissions. it’s really a good post and it will be most important information for the beginners. Keep updating posts like this.
hi
Hope you are good. I own a web company called “artistic web design makers”. This info is really helpful. I actually found that a lot of your articles are preventing me from making time-consuming blunders when setting up my new WordPress site!
I was looking into user role permissions, and wanted to know whether (from a security standpoint) it’s possible for me to change the display name of my editor/author/contributor to something other than their username? And also I’m trying to figure out if editors can post as other users, or if this plugin would allow for that. Please do me the needful.
Thanks Sarah for your comment. In future, I will add more post like this.
hai
This post is great from a beginner point of view. An in-depth explanation and engaging lectures. Overall it’s very helpful, thanks. I am supposed to use user role editor plugin in my site but I have a requirement before adding this plugin to my site it should control/ edit ACF plugin field groups individually, can u tell me how to work with this by using your plugin?
Great post!
I created a custom role cloning the “administrator”, is it possible for administrators to change between the two? I can see the administrator can change all others’ role, but can it change its own through the back-end dashboard/menu?