Why it’s Important to Understand WordPress User Roles and Permissions
Last modified: October 17, 2019
If you want to efficiently manage your WordPress site, you must get to know WordPress user roles and permissions. Understanding what they can do, and how users can impact your site is key for effective and secure site management and workflow.
In this guide, we will have a look at WordPress user roles and permissions along with how you can use them to their full potential.
WordPress User Roles and Permissions
Let’s waste no time and get into the default WordPress user roles along with the permissions they offer to users managing your site.
A WordPress Administrator usually is the website owner himself. Although a site can have multiple administrators. This role can add users to the site, make changes to other profiles or even delete them. They should follow the best security practices out there to reduce the risk of the site being compromised.
An administrator is in charge of installing, editing and deleting plugins and themes. In addition, an administrator is solely responsible for WordPress security.
Tip: It’s important to know that when running a WordPress site with multiple users, you must exercise caution by assigning this role to someone who can be trusted.
WordPress Super Administrator
One could ask – why have a super administrator on a WordPress website? Well, this is because this role is assigned to someone who can have full access to a WordPress multisite network. If you would like to learn more about this subject, we recommend checking out WordPress blogs like HostingWiki.
Besides performing a network-wide role similar to any site administrator, a super administrator can add, delete, activate, edit or archive multiple sites on a network, manage all users across it, upgrade the WordPress core for the entire network, control plugins and themes for all sites, and even ban domains.
In a nutshell, a super administrator acts similarly to a regular administrator but is only available when using a multisite network.
It’s important to note, that when a WordPress super administrator role is enabled, regular administrators can no longer delete plugins, but they can activate or deactivate them on the site they manage.
The WordPress editor role allows full authority over the content section of the website. The editor has the right to edit, publish and delete posts. These actions can be performed on any author’s content. The editor also has the ability to moderate comments.
While this user role has free reign over content, it cannot change the site structure itself – that means an editor cannot manage themes, plugins and the WordPress core. A WordPress editor is normally responsible for managing and overseeing multiple authors and their work.
A WordPress author has more limited permissions compared to an editor. A user in this role can create his own posts with permission to write, edit and publish their own content. They can also delete their posts after publishing them. Lastly, they have the ability to select in which site category their content is placed. Unlike an editor, they cannot manage content posted by other roles. An author can also manage comments left on their posts.
The author role is perfect for frequent contributors and collaborators.
A WordPress contributor can add and edit posts but cannot publish them. Much like an author, a contributor may choose from an existing category but can’t create his own. Not unlike an author, a contributor can view comments but can’t approve or delete them.
This role is a perfect option for any one time contributors that are collaborating with your blog or are writing a guest post. Alternatively, it’s a perfect role for anyone who is on a trial period as an author for your site.
A WordPress Subscriber can log into the site, update and change his password but cannot perform other activities such as writing or publishing posts through the dashboard. They will be able to view the dashboard, but will not be able to edit any of the site’s features.
This role is typically used in combination with subscription or membership plugins, like MemberPress, offering visitors a convenient way to view subscriber-only content.
How to Safely and Efficiently Manage User Roles
Let’s cover some essential practices that will help you get the most out of WordPress user roles. Remember – poor role management can lead to security flaws. Additionally, we’ll highlight some tips that will help oversee a large number of users.
There are some great plugins that can improve how you manage user roles. Take the Capability Manager Enhanced plugin for example. With it, you can create additional roles, capabilities, copy roles across a multisite network and much more!
Log Out Inactive Users
Accidents happen – one of your administrators or editors might use a public computer to access your site’s dashboard. If they forget to log out, it and someone else were to come across the computer, you might be in trouble. Additionally, any other idle user account can serve as an extra access point for bad actors. Remember to check the WordPress Users section regularly.
Assign User Roles Sparingly
Take the time to consider if you really need the extra administrator or editor for your site. Be sure to always ask yourself “Will this person need access to the plugin area?”, “Can I trust him to effectively manage my site’s content?” Answering these questions before assigning user roles can save you a lot of trouble later down the line.
Having gone through all the WordPress roles and permissions, it should be clear how important they are for site management. A lack of knowledge on these roles may make your website vulnerable to unwanted access and changes that you may not like to see.
By making use of plugins you can easily customize user roles, create new ones and edit existing role permissions. For example, you can make use of the Capability Manager Enhanced Plugin to have better control over WordPress roles and capabilities.
We hope that this guide helped you get a better understanding of the different roles, and will help your WordPress site’s management and security.