WordPress user roles and permissions determine who can do what to the website. This keeps some semblance of organization as well as management, especially if you’re not the only one accessing WordPress content.
By default, the system comes with several user roles:
However, more can be added when you install plugins that have control over users and permissions. In fact, customizing these roles can be quite useful if you have a large number of people working on your website at any given time.
Today, I’m going to go over some of these roles and how they are managed in WordPress.
Accessing User Roles
You can modify the role of a user in his or her profile. This is done by changing the drop down under the person’s username. Just make sure you don’t give the wrong person administrator control. This can lead to all kinds of problems, especially if the individual is not familiar with WordPress.
Another way to control the user activity is by modifying how people register on the website. In the General Settings of WordPress, you can use the drop down window to control what new users can do on the website. Again, this is something you want to be careful of as you don’t want to give certain permissions to just anyone.
The Subscriber role is set by default for new registrations on WordPress websites. This role is limited to reading content but not much else. If comments are active, the subscriber can leave a message. Otherwise, he or she is unable to submit or publish any content on the system.
It’s great for creating mailing lists for newsletters.
Contributors can submit, edit and delete their own articles that are unpublished. However, the ability to publish a post is not available. These people are only able to save content as drafts.
This is a good role for setting up guest post creators and probationary authors.
An author has a bit more control than a contributor. This person is capable of publishing his or her own posts as well as edit and delete. However, the author is incapable of interacting with the work of someone else.
Author roles are perfect for content creators who publish regularly and do not need oversight.
An editor has all of the abilities of an author. In addition, this person also has direct control over most types of content in WordPress. This means he or she can edit, delete, create and publish articles from anyone in the system. Editors are also able to modify categories, comments, tags and pages.
This is a good role for someone to manage the website without handing over administrative control.
This is the absolute master role of WordPress. The Administrator can install plugins, create content, add themes, modify code and much more. Someone with an admin role can do virtually anything they want in the website.
The administrator role is best used by a single individual. Adding too many admins can create problems especially if changes are made without informing the rest of the group.
Creating New Roles and Permissions
By default, you are unable to change the permissions of the roles in WordPress. The easiest way to create new roles and permissions is to customize users. Plugins like Profile Builder give you control over creating new roles as well as assigning specific permissions.
This is a great feature to have if you want specific people to have exact abilities without adding them all. For instance, what if you want Editors to be able to install themes or plugins?
Some plugins will add roles to WordPress depending on functionality. For example, a plugin might give authors permissions to use specific tools or features. These kinds of plugins are not all that common, and it really depends on the tool’s purpose.
If you’re unsure, always check the roles in WordPress either in General Settings or by creating a new user. Any roles currently available will be displayed in the drop down selection.
The Hierarchy of Your Website
Assigning specific roles requires a bit of trust in the individual. Use these permissions logically and maintain a resemblance of order. Not only does it protect the site from displaying questionable content before being approved, but it also prevents handing over specific controls to the wrong person.