In this post you will get an overview of the different roles in WordPress and what users with each of the available roles can do when logged into your WordPress site.
If you ever plan on giving another user access to your admin area, whether they will be writing content, or fixing any problems, it’s important that you know which role to give them. This will ensure that they can do what is required of them, without having too much access to cause problems.
This post will also include some plugins which can give you more control over the user roles and capabilities on your site. This can help you edit the default user roles and create custom roles to match your needs, plus do a few more interesting things to secure your website from rogue users.
Overview of the Default WordPress User Roles
WordPress includes five user roles by default. When you create a new user account on your site, you can assign that user a role that will determine what they can do when logged into your website.
As a user with a certain role could make significant changes to your site and give other users access, it’s important that you are aware of the capabilities of each role before you start creating user accounts on your site.
When you setup a new WordPress site you will be automatically given the admin user role. This is the top level user role available (unless you are building a Multisite network) and users with this level of access can do everything on a WordPress website from creating content, to installing themes and plugins, and updating the WordPress software.
While it might seem convenient to give all users this role so they can do what they need to, it’s not a good idea as they could do anything on your site, including change your password and lock you out! It’s far better to get a good understanding of the other user roles so you can assign them appropriately.
Editors can manage all the posts and pages on your website, including content published by other users. They can publish posts and delete any of the existing content on your website. They can also manage and access private posts and pages. Users with this role can moderate comments, manage categories, and upload files.
Authors can publish and manage their own posts, but not those of other users. Users with the author role can upload and access the media and other files into the library.
While this is a good role for content creators on your website, bear in mind that they can publish and edit their own published posts. This means they are able to publish their content without needing your approval.
Contributors can create and manage their own posts but cannot publish them, or edit published posts. They also cannot upload images for use in their posts and elsewhere.
While users with the subscriber role can log into WordPress they cannot really do anything apart from access your content from the front end and leave comments like a regular visitor without an account.
Plugins for Managing and Customizing the Default WordPress User Roles
One of the great things about WordPress is that it’s a highly customizable piece of online publishing software. User roles are no exception to this and it’s possible to customize the existing user roles that ship with WordPress, as well as create new custom roles to meet the needs of your website and its users.
Many plugins add their own user roles to WordPress sites they are installed on. Examples of this include the customer role common with ecommerce plugins, or the student role often found with eLearning plugins for WordPress.
However, there are plugins out there that allow you as a site administrator to create your own custom user roles. These plugins also give you the ability to customize any existing user roles on your website. This is all done through an easy to navigate user interface, rather than by writing the necessary code.
If you would like to customize and create new user WordPress user roles you can use the following plugins.
This is the most popular WordPress user role editor plugin with over 1.5 million downloads to date. By installing User Role Editor on your website you will be able to not only customize the default WordPress user roles, but also create new ones to match the needs of your website. You can even delete any of the default WordPress user roles you won’t be using to simplify user management on your website.
The user interface for customizing the roles is very straightforward and uses a simple check box system to enable and disable the different capabilities that the user role you are customizing has access to.
User Role Editor is also compatible with WordPress Multisite so if you want to give the sites in your network access to these tools, it’s not a problem.
Advanced Access Manager includes some extra features that help make it more than just a user roles plugin for WordPress.
Among those extra features you will find an activity tracker which logs user activity on the backend of your site, as well as a tool for controlling access to the menus on your admin dashboard, including submenus. If you want to know what your logged in users are doing on your site, while also simplify the admin menus by removing features of WordPress they don’t need, Advanced Access Manager could be a good choice for you.
Another access control related feature of this plugin is its ability to allow you to control access to the meta boxes found on the post editor and other pages of your site. This could include SEO fields, custom fields, or the layout options panels that all users would otherwise have access to.
You can also customize the access that individual users have to your website and its features, without affecting their role and the access any other users with the same role will have. This could allow you to give a user access so that they could upload images for your blog, despite their role not allowing that level of access by default, and without you changing their role.
If you want a user role manager plugin that also includes some additional access and security features then Advanced Access Manager is a great choice. There are also some premium extensions available for this plugin if you want to make it even more useful.
Capability Manager Enhanced hasn’t been downloaded as many times as User Role Editor, with only around 80,000 to its name. However, this plugin does have a near perfect 4.9 out of 5 star rating, making it an attractive option for anyone looking to customize the capabilities of the WordPress user roles.
While there isn’t much to separate User Role Editor and this plugin, one way Capability Managed Enhanced edges it are the controls for customizing the capabilities of each role.
Although both plugins use the native WordPress UI, this option groups the capabilities in an easier to read way, making it quicker to find the exact capability you are looking for.
If you make a mistake or need to undo you changes, the plugin includes a button to reset the user role capabilities back to the WordPress defaults. You can also backup and restore your settings for safekeeping.
You should know have the knowledge you need to be able to confidently assign users on your site the correct user role that will allow them to do what they need to, without giving them too much access to make them a security risk.
If you ever need to customize a role, restrict a user’s access, or create a new user role, you now have a selection of tools to use to carry out those tasks.
If you have any questions about WordPress user roles or any of the plugins mentioned here, please leave a comment below.