How to Create and Manage WordPress User Roles and Permissions

How to Create and Manage WordPress User Roles and Permissions

Learning to create and manage WordPress user roles and permissions is important when you’re working with multiple people on one website. Familiarizing yourself with the different accesses lets you control what a user can or cannot do on their site.

From Administrator to Subscriber, each role has a set of pre-assigned default tasks which you can customize. This article will go over six default WordPress user permission roles and how to manage them.

What Are WordPress User Roles?

WordPress is a content management system whose roles are a simple concept used to manage what actions (called Capabilities) every user is able to perform through its dashboard. Every role is organized by a webmaster — who is automatically assigned as an administrator when installing WordPress.

There are six default WordPress roles you can give to your users – administrator, editor, author, contributor, subscriber, and super admin.

No matter what kind of website you operate and the hosting services you use, user role management is an absolute must. For example:

  • Secure access – you can easily limit who can and cannot access or perform administration tasks, like installing updates, themes, plugins, or tweaking your site’s PHP code.
  • Controlled workflow – allows users to focus on their personal tasks, and prevent overlapping duties among them.

6 WordPress User Permission Roles

Let’s break down these permissions for every user role in more detail:

PermissionAdministratorEditorAuthorContributorSubscriber
PostsFull controlFull controlAdd, edit, publish, delete ownAdd, edit, delete ownNo control
PagesFull controlFull controlNo controlNo controlNo control
Upload filesFull controlFull controlFull controlNo controlNo control
Moderate commentsFull controlFull controlNo controlNo controlNo control
PluginsFull controlNo controlNo controlNo controlNo control
ThemesFull controlNo controlNo controlNo controlNo control
UsersFull controlEdit ownEdit ownEdit ownEdit own
SettingsFull controlNo controlNo controlNo controlNo control

Administrator

Administrators have full control over every aspect of the website. They can add, edit, and delete plugins, as well as shape how the website looks. They also have access to the site’s settings and content management, including posts, pages, and comments.

Additionally, administrators are the only role that can manage other user roles. Thus, if you are an administrator yourself, you can add new users, delete existing ones, or change their WordPress roles.

Editor

Editors can manage comments, pages, and posts (including those created by other users). However, they have no access to the settings panel, installing new plugins, customizing the site’s theme, or organizing other users.

Author

Unlike editors, authors’ role is limited to their own content management. That’s why they have no permission to organize other users’ posts, approve and delete comments, nor manage pages. Other than that, they have the same limited WordPress roles and permissions as the editors.

Contributor

The contributor role in WordPress allows users to add, edit, and delete their own content. Contributors can’t publish, upload media files, and manage their posts once published.

Subscriber

Subscribers only have access to view published posts or comments and manage their profile section on the dashboard.

Super Admin

A super admin role (which only applies to WordPress multisite network) can perform any administration task within the network, such as add or delete websites, install a WordPress theme or plugin, organize content and its settings. They have full control over the network’s users.

Picking the Right WordPress User Role

Before choosing the appropriate role for users, ask yourself about these key points: Will you let users manage your WordPress dashboard? Do you trust them to organize your site’s content? Should you review their posts before publishing? Are they capable enough to edit and publish other users’ posts?

Important! Be cautious when appointing another user as a new administrator. Once assigned, they get full access to your admin panel and they can even edit or delete your account.

Managing WordPress Users

Next, let’s figure out the correct way to add, delete, and customize user roles on your site.

Things to Know Before Setting WordPress User Roles

Here are a couple of key points to grasp before setting up user roles:

  • An administrator can change user roles at any time from the Users menu.
  • Once assigned, your new users will receive an email containing their login credentials.
  • Some user roles might have slight capability differences, especially content creator roles (author and contributor). Understand how each role differs from one another before appointing anyone.
  • Users with No role for this site can only log in to your dashboard but have no permission to access any page.
  • A super admin can perform local administrator’s tasks like updating WordPress itself, managing themes, users, and plugins.

Adding a New User

Follow these steps to create and assign a new WordPress user role:

  1. Log in to your WordPress Dashboard -> Users -> Add New.
  2. Fill out the form with the user’s personal details.
  3. Create a new password by clicking the Show password button. It’s optional since the user can change the password after logging in.
  4. From the drop-down menu, choose the preferred role.
  5. Hit Add New User.
The Add New User page on the WordPress dashboard.

Deleting WordPress User

If you want to delete a user account:

  1. Head to the Users menu on your WordPress dashboard -> All Users.
  2. Click Delete next to the user’s name.
  3. On the WordPress Delete Users page, press Confirm Deletion button. If users had any content on your website, you need to choose whether to delete or attribute their content to another user.
The Delete Users page on the WordPress dashboard, with the Confirm Deletion button highlighted

Alternatively, assign them to No role for this site to keep their posts and accounts on your website. Here are the steps:

  1. Select All Users from the Users menu.
  2. Locate the user’s name -> Edit.
  3. In the Name section, choose No role for this site from the drop-down menu.
  4. Click Update User.
The All Users page on the WordPress dashboard, showing how to set No role for this site

Customizing WordPress User Roles

It’s also possible to alter the roles and capabilities of a default user. In this tutorial, we will use the PublishPress Capabilities plugin. This WordPress user management plugin allows you to edit or delete each role’s tasks, and you can even create a new role name, and its capability.

Let’s learn how to use this plugin:

  1. Install and activate the PublishPress Capabilities from the Plugins menu.
  2. As a precaution, create a backup before editing or deleting anything. Navigate to the Capabilities menu -> Backup.
  3. In the Backup Tool for PublishPress Capabilities section, select Backup -> Manual Backup.
  4. Then, head to the Capabilities section.
  5. At the top left corner of the Role Capabilities page, click the drop-down menu to select the role.
  6. Tweak these settings to your liking -> Save Changes.
The Role Capabilities page on the WordPress dashboard, with the role drop-down menu highlighted

Suggested Reading

Want to learn even more about managing your WordPress website? Check out our tutorial on how to install WordPress plugins

Conclusion

You can easily add and manage your website’s user roles using the default WordPress options. To recap, here are the six predefined WordPress roles and permissions you can organize:

  • Administrator — full access to the admin panel.
  • Editor — has full control of the site’s content section (posts, pages, comments).
  • Author — users have access to their own posts.
  • Contributor — partial access to their own content (unable to publish or manage their posts after they’re published).
  • Subscriber — can only read published posts and comments.
  • Super admin — complete control over the entire site within WordPress multisite network.

Furthermore, you are allowed to customize WordPress roles and capabilities with the help of PublishPress Capabilities — which can be installed and activated from your Plugins menu.

If you have further questions on WordPress role management, reach us in the comments section below.

Author
The author

Leonardus N.

Leo is a WordPress fanatic and contributor. He likes keeping up with the latest WordPress news and updates, and sharing his knowledge to help people build successful websites. When he's not working, he contributes to WordPress documentation team and pampers his dogs.