WordPress is a powerful Content Management System (CMS) that offers a wide variety of options for user management. However, not many people pay attention to the platform’s user roles – which is a shame, because they happen to be one of its most robust features. Furthermore, failing to define clear roles can lead to problems down the road, like authors deleting each other’s content.
Fortunately, the WordPress user roles system is relatively straightforward, and it includes several pre-defined types, which should make your life much easier. These roles will enable you to establish a clear hierarchy among your colleagues, prevent users from tampering with your site’s functionality, and protect your site in general.
In this article, we’ll cover each of the user roles available within WordPress and their benefits. Furthermore, we’ll explain how to assign roles to both new and existing accounts. Let’s begin!
What Are WordPress User Roles?
WordPress user roles enable you to control what permissions your colleagues and users enjoy within your site. These permissions include the ability to compose and edit posts (both their own and, in some cases, those of others), create pages, manage plugins and themes, moderate comments, and more.
WordPress ships with six pre-defined user roles, including:
- Super administrator: This role has access to network-wide administration features over single sites and even entire networks (in case you’re using WordPress Multisite).
- Administrator: User can access all administration abilities within a single site (non-network wide). In short, this role should be handed out sparingly, and only to your most trusted colleagues.
- Editor: These users can publish and edit posts (their own as well as those of others). However, they cannot change themes, plugins, and settings.
- Author: Most of your site’s writers will be defined as Authors. They can write, edit, and publish their own articles, but they can’t touch posts that weren’t created by them.
- Contributor: These users can compose, edit, and save their own posts to WordPress. However, they cannot publish their work without the approval of an Editor or Administrator.
- Subscriber: Subscribers are members of your site with individual profiles, but they cannot interact with posts in any way aside from comments. This is the most limited WordPress user role available.
These six pre-defined user roles offer you the flexibility to grant appropriate levels of access to team members without exposing the underpinnings of your site. However, there may be instances where custom user roles are necessary, which you can create by modifying your functions.php file.
What Makes WordPress User Roles So Important?
So far, we’ve talked a bit about the benefits of WordPress user roles, but we’ve barely skimmed the surface in terms of what they offer. User roles are critical to your WordPress site’s organization, personalization, and security. Let’s find out why.
As your WordPress website grows, more possibilities will open to you. However, it’s likely that you’ll also need to add more users to your team, which means that conflicts may arise due to poorly established hierarchies.
The WordPress user roles system enables you to assign each of your colleagues a precise “title” that fits that person’s skill set. This creates a clear hierarchy on your site and lets both management and collaborators to understand who’s responsible for what.
Fortunately for us, assigning roles is relatively straightforward, and we’ll cover how to do it in a minute. In the meantime, just remember that it’s never wise to give any user more permissions than their role requires.
WordPress user roles enable users to customize their own profiles and have their own unique “identity” on the site. Profiles provide the opportunity for users to share information and learn about each other, which fosters a sense of community. The closer your audience feels to you and your colleagues, the closer they’ll feel to your brand and any product or services that you’re selling.
Defining WordPress user roles goes beyond establishing explicit hierarchies and providing personalization features. There’s an additional, powerful reason for leveraging the power of permissions – security.
If the other benefits don’t quite convince you, you should still consider using WordPress user roles to protect your site from harm. As we mentioned earlier, it’s never wise to give any user more permissions than their role requires. User error (or malice) is always one of the weakest links in any chain from a security standpoint, so it pays to minimize your vulnerabilities.
Aside from limiting permissions, there are plenty other steps you can take to secure your WordPress website, which should always be a priority.
How Do I Assign WordPress User Roles?
Now that you understand what WordPress user roles are available and what their benefits are, we’re going to walk you through how to change them and set them up in the first place. Fortunately, like many processes carried out within the WordPress dashboard, the procedure is simple.
Below we cover the two scenarios you’re likely to come across – creating a new user and assigning a role to them, and assigning a role to an existing user.
Creating a New User and Assigning a Role to Them
Adding a new user to WordPress and assigning a role to them couldn’t be easier.
First, you’ll need to locate the Users listing on the left navigation sidebar within the WordPress dashboard and click on it. You will now see a list of all the users in your system, their roles, email addresses, and how many posts they’ve created during their tenure. Click the Add New button, which is located beside Users at the top of the list:
You’ll be able to fill in the appropriate information within each of the fields displayed, which include Username, Email, First Name, Last Name, and Website. Most of those fields aren’t mandatory, with the exception of Username and Email.
Once you’ve filled in all the required information, select the appropriate user role from the Role drop-down list at the bottom of the page. Remember that the pre-defined privileges for each role are outlined in the What Are the Types of WordPress User Roles? section above. Give it another look if you aren’t sure what role to assign to any particular user and work your way from least to most permissions, stopping when you’ve hit an option that fulfills all your requirements.
Finally, click on the blue Add New User button to create the new user and associated role:
Congratulations, you just added a new user and assigned a role to them!
Assigning a New Role to an Existing User
All that’s left now is to cover how to change an existing user’s WordPress role, which is even easier than the last step.
First, click on the Users tab on the left side of the dashboard. The familiar list of users will pop up – just locate the one you’re after. Now check the square box to the far left of their name. Once the checkmark appears, click on the Change role to drop down list and select the desired role from the options available:
Finally, click on the Change button beside the drop down list to save your changes.
That’s it! You’ve successfully assigned a new WordPress user role to an existing account.
Ignoring WordPress user roles can impact your team’s organization by failing to provide a clear hierarchy, and it can also affect your security. There’s really no reason to avoid defining roles for your core team, especially considering how easy it is.
Before you start assigning roles, always remember to limit the number of permissions for each user depending on their tasks. Let’s quickly recap the permissions for each of them:
- Super administrator: Network-wide administration capabilities.
- Administrator: Site-wide administration capabilities.
- Editor: Publishing and editing capabilities for all posts.
- Author: Publishing and editing capabilities restricted to their own posts.
- Contributor: Can create and edit their own posts, but cannot publish them.
- Subscriber: May comment on articles and edit their personal profile, but have no posting privileges.
Do you have any questions about the distinctions between the default WordPress user roles? Let us know in the comments section below!