WordPress Users Roles and Permissions
When it’s time to manage a WordPress blog, not all users are created equally. Some will be able to do practically anything they like, while others will have limited access to your site’s content, features, options, and settings. And there is a good reason for that – you don’t want just anyone to have access to valuable information on the site.
For example, if you hire a writer, he does not need to have access to themes and plugins. Or, if you allow users to register on your site just to be able to leave comments and have a few extra perks, you don’t want them to start publishing posts and changing passwords, right?
WordPress User Roles
[VIDEO] Adding New Users: ► Subscribe for more useful videos
Luckily, WordPress developers have been creative enough to introduce the user role system. When creating a new account, you get to describe a user with one of the five predefined user roles. Depending on a role, that user will have different permissions and limited access to specific areas of the site. In the following lines, we will show you all five user roles with the addition of Super Admin that shows only in an instance of a multisite.
1. Administrator (admin)
An administrator (also known as Admin) is a person in charge of the entire WordPress installation. This user role gives you the ability to control everything; including the installation of new plugins, changing WordPress themes, publishing posts, deleting content, etc. The administrator is the most powerful user role on a regular WordPress site.
Admin can also assign user roles to anyone else on a WordPress blog and is the only person who can upgrade and even delete the entire site.
An individual who installs WordPress automatically gets the administrator rights.
The only higher-ranked user is Super Admin who is in charge of a multisite network (a system of interconnected WordPress blogs which run together under the same domain).
Just like an editor in a news magazine would be in charge of the content that gets published in the paper, an editor in WordPress is in charge of all posts and pages on a blog. This user role can control everything content-related.
That means that an editor can write, edit, publish, and delete posts and pages.
Usually, editors wait for authors and contributors to submit articles for review, check them & modify them when needed and then distribute them to the public. Editors can also have complete control over WordPress comments.
Since they’re in charge of content, editors don’t get to manage WordPress plugins and themes, nor they can work with other settings.
Authors are free to add new tags, but they cannot add new categories (they can only choose existing categories from the list). When it comes to comments, authors can see all of them but have no permissions to edit comments.
This user role determines a person with the ability to write, edit, publish and delete his/her own content and one who can upload files without limitations.
Authors have a higher user level than Contributors, yet lower than Editors.
This user role is very similar to the author, but it has even more limitations to it.
Contributors can create new posts and edit their own articles, but they can’t publish nor delete them.
They can only submit posts for approval so that editors or admins can publish them.
The biggest difference between Authors and Contributor is that the later ones are not able to upload media files. They can also only select existing categories and add new tags. Contributors are authorized to view comments but have no ability to modify nor approve them.
Subscribers are the most limited user role in WordPress.
They can only log in to your site, access their personal profile, and change the details and password.
This user role can’t work with posts, pages, comments, settings nor anything else on your site. Subscribers are the perfect user role to use when you’re creating a membership site. Since you can decide to allow only logged in users to post comments on your site, you need a role with strict limitations. By choosing subscribers, you can’t go wrong as they will get the privilege to leave comments, yet they will be restrained from other areas of the site.
6. Super admin
In some cases, administrators will want multiple websites on one WordPress installation. From the outside, those blogs may look like the individual WordPress installations, but they would actually be part of the multisite network.
In that case, Super Admin is a person who controls the entire network of WordPress websites.
In addition to all the Administrator privileges we already mentioned in the beginning, Super Admins can add new sites to the network, manage and delete them. They can install themes and plugins that can be used on the entire system, and also work with network-specific settings.
Super Admin will be listed among available users only when you activate the multisite network so don’t worry if you can’t see this user role.
How to manage users in WordPress
To see the list of all users that have registered accounts on your blog, navigate to Users -> All Users from the dashboard admin menu. Here you can see all usernames, actual names, emails, user roles and number of posts assigned to them.
As an admin, you can place the mouse cursor over any user so that you can edit or delete them. On top of the list, you can see links dedicated to each user role group. So, for example, if you want to list just the editors, click the appropriate link.
Bulk actions allow you to select multiple users at once and change their user role by choosing it from the drop-down list.
Every user can manage their individual account. To do so, open Users -> Your Profile link where you can edit personal information, options and control the account.
How to add a new user
Adding new users to WordPress is relatively easy:
- Go to Users -> Add New
- Fill in the details (only username and email are required)
- Click “Show Password” to see the generated password or enter a custom one
- Choose if you want to send an email with account information
- Pick a user role
- Click “Add New User” button
Your new user will now be included on the list of all users. If you selected the option to send a notification email, that user will receive a message with the account information. From the same email, your new user will be able to open the login page and change the password to something unique.
Custom user roles
Although WordPress developers have created user roles so that they can fit practically every site there is, some people need custom functions. For example, you might want to allow your editors to install plugins and control a few settings on your site.
Unfortunately, by default, WordPress does not support creating custom user roles. But you can create ones with a helping hand of a plugin. One such plugin is the free Capability Manager Enhanced which will let you change the permissions for any role, add new ones, copy existing functions, and even add new capabilities to existing users.
Managing user roles on your WordPress blog is an important job. After reading this article, you should be more informed about the default users roles and know how to assign them to the users. If you want custom user roles, take a look at the free plugin that will let you control every part of each WordPress user role.