All of the recent headlines about large-scale data breaches make it easy to forget about the importance of our own internal website security. Luckily, WordPress comes with five default user roles that help you control how individual users interact with every aspect of your website.
Once you understand the capabilities of these five WordPress user roles, you can instantly assign or modify roles through the User screen on the WordPress dashboard.
The Administrator Role
Administrators hold the key to the WordPress castle. They can perform every task available through the WordPress dashboard, including changing themes, modifying core files, and changing other users’ roles. Admins also have complete control over all content. Although you can have multiple administrators on one site, this role should be reserved for those who truly need full access. After all, why open the gate to the whole castle when just the front porch will do?
If your website is part of a multisite WordPress installation, you will also have a Super Administrator overlooking the entire network. The Super Administrator role isn’t available in standalone WordPress sites.
Did you know that Surf Office, Postmatic, Yeah Dave, and over 700,000 small businesses run their websites with Make, our free WordPress page builder. Discover the Make page builder now.
The Editor Role
The Editor role is a great choice for users who need permission to access all of the content, but not themes, plugins, or widgets. Editors can publish, edit, or delete any page or post, including those labeled “private”. They can also moderate comments and manage categories and links. In short, editors can do almost anything with content, but they can’t change any settings.
The Author Role
Authors can publish, edit, or delete their own posts, but they can’t access anything created by other users. They also can’t create, edit, or delete pages. Authors can upload files into the Media Library and delete anything they have previously uploaded. In addition, Authors can moderate comments on their own posts.
The Contributor Role
Contributors can write, edit, and delete their own unpublished posts, but their content must be reviewed and published by an Admin or Editor. It’s important to note that Contributors can’t access the Media Library, so if they want to use specific images, videos, or audio files in the Media Library, they have to ask for assistance from an Admin or Editor. The Contributor role is a popular option for guest authors who don’t submit content on a regular basis.
The Subscriber Role
WordPress labels all new users as Subscribers by default. Subscribers can read your site, post comments, and create a profile through your WordPress dashboard. They don’t have any other permissions, and can’t edit settings or content on your site.
If you want to make it easy for readers to register on your site you’ll need to first check the Anyone can register box under Settings → General → Membership. Next, add the Meta widget to your sidebar from Appearance → Widgets. Now readers can register for your site!
Be flexible — just like WordPress user roles
As an Admin, you’re free to modify user roles on a moment’s notice. So, if you need an Editor to fill in for you while you go on vacation, simply visit the Users tab on the WordPress dashboard and change that user’s role to Admin. Then, change it back once you return from your trip.
If you’re looking for more advanced control, be sure to check out the Capability Manager Enhanced plugin. It will give you even tighter control over WordPress roles and capabilities.
We’d love to hear how you plan to implement WordPress user roles on your own site. Let us know in the comments!
Enjoy this post? Read more like it in Tutorials.