WordPress User Roles and Capabilities: Tutorial for Beginners
WordPress User Roles defines the set of permissions a user has. It completely makes sense that why would you allow just anyone to access your WordPress dashboard. And if you are new to WordPress then this tutorial guide for beginners will definitely help you understand what roles in WordPress a user can have and how you can restrict or allow any user to access the selective section of your dashboard.
WordPress is a popular content management system and currently, 34.9% of the web uses WordPress for their online presence. The main reason behind its popularity lies in its simplicity and wide range of features. More so a strong WordPress website builder can give you a beautiful website up and running in minutes. Once your website is ready, make sure you define the WordPress user roles in order to increase your WordPress website security.
In this WordPress user roles tutorial, I will help you understand the default user roles in WordPress and their importance. So, let’s begin with the basic things first.
What are WordPress User Roles?
WordPress user roles and capabilities are based on the concept of a set of allowed tasks a user can perform. However, what actions a user can perform depends on which category he is assigned to. For instance, you have a WordPress website and you have hired someone to write a blog for your website. You would surely not allow him to access your admin dashboard backend settings, themes, and other fundamental settings. Rather would most likely create a separate account for him where he will be allowed to write and edit his own content only.
Basically, Role is defined as the ability of a user to carry out a task. And Capability, on the other hand, is defined as the permissions to perform the task of respective user roles in WordPress.
Why WordPress User Roles are Important?
WordPress user roles are important as it lets you control how every user interacts with your website. However, there are tons of benefits of WordPress user roles management, if done properly. Some of them are listed below; let’s have a look.
- WordPress roles create an extra layer of security by restricting access.
- Defining user roles protect your site against unauthorized access and unwanted activities such as brute force attacks and other malware from your WordPress website.
- If you have multiple accounts on your site, it gets easy to manage them.
- You can avoid the risk of accidents. For instance, a writer can access his own posts only. Thus, content from other writers will be safe.
So, these were a few of the reasons, it’s highly suggested that you should assign roles to every user on your site. And to assign correct roles, you need to have thorough knowledge about them. Let’s begin with that.
WordPress User Roles and Capabilities Compared
| Capabilities | Super Admin (Multisite Only) | Administrator | Editor | Author | Contributor | Subscriber |
|---|---|---|---|---|---|---|
| Read Posts | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Post Comments | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
| Delete, Edit Post | ✔ | ✔ | ✔ | ✔ | ✔ | – |
| Create, Delete Draft | ✔ | ✔ | ✔ | ✔ | ✔ | – |
| Delete Published Posts | ✔ | ✔ | ✔ | ✔ | – | – |
| Publish, Edit Posts | ✔ | ✔ | ✔ | ✔ | – | – |
| Edit Pages | ✔ | ✔ | ✔ | – | – | – |
| Add, Delete Page | ✔ | ✔ | ✔ | – | – | – |
| Add, Delete Plugin | ✔ | ✔ | – | – | – | – |
| Add, Delete Theme | ✔ | ✔ | – | – | – | – |
| Create, Delete, Edit Users | ✔ | ✔ | – | – | – | – |
| Edit Dashboard | ✔ | ✔ | – | – | – | – |
| Setup, Manage, Upgrade Network | ✔ | – | – | – | – | – |
| Manage Site | ✔ | – | – | – | – | – |
| Create, Delete Site | ✔ | – | – | – | – | – |
6 Predefined WordPress User Roles
As shown above in the comparison table there exist six default WordPress user roles. They are:
- Super Admin (Multisite Only)
- Administrator
- Editor
- Author
- Contributor
- Subscriber
So, let’s now discuss each one of them in detail.
1. Super Admin
What is WordPress User Role Super Admin?
The Super Admin WordPress role comes into play only in the case of WordPress Multisite setups. Whereas, on the other hand, a typical WordPress installation does not have any Super Admin. Basically, Super Admin is a person who is responsible for the entire network of a WordPress multisite installs. A Super Admin can do the following things;
- Create and Delete websites from WordPress Multisite.
- Manage access of all users on all sites on the network.
- Set up, Manage, and Upgrade WordPress for the entire network.
- Add, Remove, and Manage plugins.
- Upload themes for all sites.
- Add, Delete users across the entire network.
Indeed, Super Admin is a powerful entity among all.
2. Administrator
What is WordPress User Role Administrator?
The Administrator is also known as Admin. Admin is the controlling power of a website having full authority to a website as well as all the power to use and manage the privileges. The Admin is responsible for things such as installing WordPress, WordPress theme, WordPress plugin, installing an SSL certificate, etc. Some of the capabilities of Admin are as follows:
- Add, Delete, Edit, and Create Content.
- Create and Delete Users.
- Add and Delete Plugins.
- Add and Delete Themes.
- Alter existing user information such as passwords.
- Edit Dashboard.
- Customize and Delete the Site.
- Import and Export Content.
Remember the Admin is limited to a single site only. Thus, his role and capability are associated with a single website only. However, you can have more than one
3. Editor
What is WordPress Editor User Role?
The Editor has the capability to manage the entire content on your WordPress website. However, an Editor can not do anything related to site theme, plugins installed, etc. However, Editor can do anything with the content but can not make any changes in the settings. The Editor can do the following things:
- Delete and Edit Pages.
- Publish Pages.
- Delete and Edit Private Pages as well.
- Delete Others’ Pages.
- Edit and Delete Posts.
- Delete Published Pages.
- Delete Others’ Posts.
- Publish Posts.
- Delete Published Posts.
- Manage Categories and Links.
4. Author
What is WordPress User Role Author?
Authors are the users who can create, edit, delete, and publish their own content. They can include tags but not categories. However, they can only use the existing categories. If we talk about comments, the author can view all the comments but not allowed to edit, approve, or delete the comments. Some of the WordPress edit roles for the Author are:
- The Author can Edit their own posts.
- Publish own Posts.
- Edit own Published Posts.
- Delete own Posts.
- Delete own Published Posts.
- Upload files.
- Read.
Thus, Authors have fewer WordPress capabilities than Editors.
5. Contributor
What is WordPress User Role Contributor?
A Contributor can write, edit, and delete their posts. But they can not publish the post not even their own. The WordPress user capabilities of a Contributor are quite similar to the capabilities of an Author. However, they are way more restricted than Authors. They also can not create any new category, however, they add new tags. In fact, they can not access the media library as well. They can:
- View the posts of all other users.
- Create and Edit their own Posts.
- Delete their own Posts.
Remember Contributors can never publish their posts. They are basically one-time content creators. This kind of role is useful when you have hired someone to write for your website.
6. Subscriber
What is WordPress User Role Subscriber?
Certainly, Subscriber is any user visiting your site. They can log in to your WordPress website by creating their profile. They are allowed to change their password. However, they simply can not create, edit, or delete posts. They only can read the posts. All in all, they can only read the posts and other than that they can’t do anything. They can:
- The Subscriber can only read the posts.
So, the Subscriber WordPress user role helps you when you want your users to log in to your website in order to read posts or post comments.
How to Create Custom WordPress User Roles?
However, WordPress developers have already created enough user roles that can serve almost all the purposes pretty well, still, you can also create your own custom role. There can be a situation where you want to give some different permissions to a particular user. There you can create your custom user role however you like. This is the beauty of this open-source software. However, WordPress does not support the custom user roles by default, you have to use a plugin to do so. There are several such plugins available in the WordPress plugin repository to choose from.
Steps to create custom WordPress user roles using Plugin
Step 1: Choose a User Role Editor plugin from the WordPress repository and download it. (However, if you want you can install any other preferred plugin). Here I install WordPress User Role Editor
Step 2: Install and activate the plugin and head to Wp-admin → Users → User Role Editor
(For instance, you want to add Comment Moderator Role)
Step 3: Fill the Role Name as Comment Moderator
Step 4: Now choose which capability copy you want to make it from the drop-down list. However, you can keep it None, in case you don’t want to make a copy of any. And click on “Add Role” to confirm your choice.
So, that’s all! You are now ready with a new user role.
Whereas if you want to check this newly added WordPress user role, you may do that simply by visiting the Dashboard → Settings → General and click on the dropdown field i.e. New User Default Role. You shall see the newly created WordPress User Roles here on this list.
How to Customize Existing WordPress User Roles
Once you have described the user roles according to their capabilities and your website needs. They will work as per their default capabilities. However, you can assign a specific user some different permissions than the pre-defined ones. That being said, to allow a user to able to access more than default set capabilities, you need to customize the desired role and explicitly assign required capabilities to it.
Let’s take the example of an Author. Author can publish a post as well as delete their own published posts. So, this can be a little risky for your workflow if the Author is able to delete their published posts, more so, it gets even worse if you have outsourced it. Therefore, for now, let’s customize the Author’s capabilities and restrict them from deleting the published posts.
Above all, install and activate the User Role Editor plugin. Once activated you will see two options there i.e. Settings and Deactivate. Upon choosing the Settings option, you shall see a page something like shown below.
Thus, you can easily manage what roles and capabilities you want to alter. You can select the user role which you want to edit and related permissions.
So, this is how you can allow or restrict any user.
Happy Web Management!!
WordPress User Roles: In Conclusion
So, this brings us to the end of this comprehensive tutorial and I hope I was able to help you with WordPress user roles. WordPress indeed is a platform that can help you set up a website while making all the required customizations with ease. And setting the WordPress user roles is another way to protect your site. Above all, it let you manage your website. On the other hand, assigning different roles to different users ultimately helps you align everything properly. So, create a beautiful WordPress website with a powerful website builder and add roles and permission to them as per your needs. And don’t forget to share your experience with me in the comments below.
Build a Stunning Website in Minutes with TemplateToaster Website Builder
Create Your Own Website Now
This is a very helpful article for beginners.
Hey there, can we edit our article after publishing it once?
Amazing thing is that we can customized default roles as well. This is nice.