How to Set (and Work With) WordPress User Roles

You can discuss lots of elements of WordPress as central to the experience – themes, plugins, the open-source framework – but there’s one upon which the platform wouldn’t exist: users. As such, you can find a basic (yet powerful) system to define and manage WordPress user roles.

While it’s a straightforward implementation, the development team has the balance right. There’s just enough functionality to create and work with each role, while choice plugins let you expand that functionality further. In some cases, this is necessary.

In this post, we’re going to look at how to work with WordPress user roles. First though, let’s talk about what they are.

What WordPress User Roles Are

There are lots of website tasks that only some should have access to. Those who do have the access are handed greater ‘privileges’ over other users. The collection of privileges and access afforded to a user makes up a role.

We’ll discuss user role specifics later, but for now, know that you can have an Administrator with full access, a Subscriber with almost no access, and various combinations of this in between. It’s these ‘in-between’ roles that give your site its structure and hierarchy with regards to your team.

From here, we can begin to discuss why user roles are necessary for a WordPress (and indeed, any) website. Let’s do this next.

Why You’d Want to Work With User Roles Within WordPress

In order to explain why you’d want to work with WordPress user roles, we can start with a theoretical situation in which they don’t exist.

Without user roles, a website’s backend can’t distinguish between who is an administrator, and who should have almost no privileges. As such, every user who logs into a WordPress website would be able to change whatever they wanted.

This can put your site in extreme danger, as it doesn’t stop a user deleting posts, adding malicious code, deleting other users altogether, and much more. User role management is a backbone of site security, and in the next section we’ll discuss some of these aspects in greater detail.

How to Work With the Default WordPress User Roles

The good news is that you can work with WordPress user roles straight out of the box. There’s a dedicated page that serves as a user management dashboard – Users > All Users:

wordpress users

This is intuitive to understand: There is a list of users, along with an assigned user role. WordPress provides a default set of user roles to choose from:

  • Administrator. This is a fully open user role. The user has full access to the entire site, and there should only be one user assigned this role.
  • Editor. While this user can publish and manage posts for themselves and other users, they can’t carry out higher-level administrative functions.
  • Author. This is similar to the Editor, but the user can only publish and manage their own posts.
  • Contributor. A user with this role can write and manage their own posts, but can’t publish them.
  • Subscriber. This is the least permissive user role, as you can only manage your own profile, and have no other capabilities.
  • Super Admin. You’ll find this user role as part of a WordPress Multisite network. It lets the user manage sites across the network, whereas a regular Administrator can only manage one site.

You’ll notice that these focus on blogging and writing, given the beginnings of WordPress. However, other plugins may add extra user roles (and we’ll discuss this next). For now, know that you can assign these user roles from individual profile screens:

set user role

We recommend that you only have one Administrator, because of the power it gives a user. What’s more, you’ll use the Subscriber role for users who register on your site. Think of those who sign up after a purchase, or who register to make a comment or carry out a download.

How You Can Expand Use Role Administration Within WordPress

While these user roles do a great job for most sites, you might have specific needs. For example, you might want to restrict access to certain features within WordPress, but allow for others.

Some plugins will include additional user roles for dedicated purposes. Yoast SEO is a good example, as it includes the SEO Manager and SEO Editor user roles. These impact what aspects of Yoast SEO you can access, which keeps security and safety high.

WooCommerce is another plugin that introduces specific user roles. The e-commerce solution adds Customer and Shop Manager roles – again, these offer dedicated capabilities for using WooCommerce’s functionality.

However, if you wish to change the default user roles, or add your own, you’ll need a solution such as User Role Editor:

This lets you customize the capabilities of existing user roles from within the WordPress dashboard:

user role editor wordpress

This is a powerful way to manage WordPress user roles, although you will want to exercise caution. As we note, only use one Administrator, and keep user roles specific in scope. The latter means to only give a user the capabilities they need and no more. Also, create user roles for situations where you want to offer temporary access for users – for example, if a developer or support team needs access to your site.

In Conclusion

WordPress is nothing without its users, although without a suitable management system, you’ll erode the hardened security of the platform. WordPress user roles set capabilities for each specified user, and means that a lowly Subscriber can’t delete other users or posts.

In fact, you can go even further with this and create your own user roles. Other plugins may also add custom user roles to your installation. In short, the user role management system in WordPress is a fantastic way to keep your setup safe. The best news is that it doesn’t take much time, and lets you work with roles and capabilities in a familiar way.

Do you have a system to manage WordPress user roles? Share your thoughts with us in the comments section below!

wordpress support plans

Leave a Reply

Comment policy: We value comments and the time that visitors to our blog spend to give feedback. Please note that all comments are manually moderated and any deemed to be spam or promotional will be deleted.