Table of Contents
You can discuss many WordPress elements central to the experience—themes, plugins, the open-source framework—but there’s one without which the platform wouldn’t exist: users. As such, you can find a basic (yet powerful) system to define and manage WordPress user roles.
While it’s a straightforward implementation, the development team has the balance right. There’s just enough functionality to create and work with each role, while choice plugins let you expand that functionality further. In some cases, this is necessary.
This post will discuss how to work with WordPress user roles. First, though, let’s define them.
What WordPress User Roles Are
There are lots of website tasks that only some should have access to. Those with access are given greater ‘privileges’ over other users. The collection of privileges and access afforded to a user makes up a role.
We’ll discuss user role specifics later, but for now, know that you can have an Administrator with full access, a Subscriber with almost no access, and various combinations of these in between. These ‘in-between’ roles give your site its structure and hierarchy regarding your team.
From here, we can begin to discuss why user roles are necessary for a WordPress (and, indeed, any) website. Let’s do this next.
Why You’d Want to Work With User Roles Within WordPress
To explain why you’d want to work with WordPress user roles, we can start with a hypothetical situation in which they don’t exist.
Without user roles, a website’s backend can’t distinguish between an administrator and someone who should have few privileges. As such, every user who logs into a WordPress website can change whatever they want.
This can put your site in extreme danger, as it doesn’t stop a user from deleting posts, adding malicious code, deleting other users altogether, and much more. User role management is the backbone of site security, and in the next section, we’ll discuss some of these aspects in greater detail.
How to Work With the Default WordPress User Roles
The good news is that you can work with WordPress user roles straight out of the box. There’s a dedicated page that serves as a user management dashboard – Users > All Users:
This is intuitive to understand: A list of users and an assigned user role exists. WordPress provides a default set of user roles to choose from:
- Administrator. This is a fully open user role. The user can access the entire site, and only one should be assigned this role.
- Editor. While these users can publish and manage posts for themselves and others, they can’t perform higher-level administrative functions.
- Author. This is similar to the Editor, but users can only publish and manage their posts.
- Contributor. Users with this role can write and manage their posts but cannot publish them.
- Subscriber. This is the least permissive user role, as you can only manage your profile and have no other capabilities.
- Super Admin. You’ll find this user role as part of a WordPress Multisite network. It lets users manage sites across the network, whereas a regular Administrator can only manage one site.
You’ll notice that these focus on blogging and writing, given the beginnings of WordPress. However, other plugins may add extra user roles (and we’ll discuss this next). For now, know that you can assign these user roles from individual profile screens:
We recommend that you only have one Administrator because of the power it gives a user. You’ll also use the Subscriber role for registered users on your site. Think of those who sign up after a purchase, register to comment, or carry out a download.
How You Can Expand Use Role Administration Within WordPress
While these user roles are significant for most sites, you might have specific needs. For example, you might want to restrict access to certain features within WordPress but allow for others.
Some plugins include additional user roles for dedicated purposes. Yoast SEO is a good example, including the SEO Manager and SEO Editor user roles. These roles impact what aspects of Yoast SEO you can access, keeping security and safety high.
WooCommerce is another plugin that introduces specific user roles. The e-commerce solution adds Customer and Shop Manager roles – again, these offer dedicated capabilities for using WooCommerce’s functionality.
However, if you wish to change the default user roles or add your own, you’ll need a solution such as User Role Editor:
This lets you customize the capabilities of existing user roles from within the WordPress dashboard:
This is a powerful way to manage WordPress user roles, although you will want to exercise caution. We only use one administrator and keep user roles specific in scope. The latter means only giving a user the capabilities they need and no more. Also, create user roles where you want to offer temporary access for users—for example, if a developer or support team needs access to your site.
In Conclusion
WordPress is nothing without its users, although without a suitable management system, the platform’s hardened security will be eroded. WordPress user roles set capabilities for each specified user, meaning a low subscriber can’t delete other users or posts.
You can even create your user roles; other plugins may add custom roles to your installation. In short, WordPress’s user role management system is a fantastic way to keep your setup safe. The best news is that it doesn’t take much time and lets you work with roles and capabilities familiarly.
Do you have a system to manage WordPress user roles? Please share your thoughts with us in the comments section below!