As your website grows, and more people will start having access to it, you’ll need to understand how to manage WordPress users and their permissions.
So, whenever someone registers on your site, it gets assigned a specific role when the account is created. There are certain roles that you can assign to your WordPress users, in order to control what they can or cannot do inside your website.
In terms of permissions, you can allow users to:
- Write and edit posts
- Create pages
- Create categories
- Moderate comments
- Manage plugins
- Manage themes
- Manage other users
- Setting up the dashboard
- Manage reusable blocks
And here are the 5 roles that users can be assigned inside a WordPress website:
I’ll describe them one by one in one in a sec, but first, I want to show you how you can manage users inside the WordPress admin area.
WordPress Users and Where to Find Them
You can add new WordPress users or manage old ones in WordPress Dashboard -> Users.
When you select “Users”, you’ll see three options:
- All users: here you can see all your users. You can apply filters based on their role, and start to edit any user you like.
In our case, besides the “Edit” and “View” options, below every user’s name, there’s another option called “2FA”. This means that we’ve enabled 2 Factor Authentication, for website security reasons. For this, we are using a plugin called Wordfence.
- Add new: here you start adding new WordPress users for your website.
- Profile: the users can see their profile here. Several preferences can be set here such as default editor, contact info, password setup, social media profiles, etc.
WordPress User Roles Detailed
Now that we know where to edit and add new WordPress users, let’s see what are their capabilities.
Subscribers can log in to your WordPress site and update their user profiles. They can’t edit pages or posts or make any other changes in the WordPress admin area.
When do you need this WordPress user? Well, when you have a membership website (eg: courses website), an online store, or any other type of website that requires users to create an account and log in.
WordPress users with the author role, have the same capabilities as the contributors. What is extra is the fact that they can publish their posts and add files to their posts.
A user with Author role can manage only his/her own posts (create and save them as drafts, edit, publish, delete their own content). They can also upload and add media to their posts.
An Author cannot edit or delete posts written by others.
They can upload files (e.g. images) and delete what they have previously uploaded.
Authors cannot create new categories, but they can choose from the existing categories and they can add tags to their posts.
They do not have access to site settings, neither can they manage themes or plugins for the website.
An Author can view comments, but they cannot moderate them (approve, delete, etc.).
This is a low-risk role, as Authors cannot make modifications to the website. They only have control over their own content.
This role is even more restricting than the Author role.
A Contributor can add, edit or delete their own posts, but they cannot publish them, waiting for reviews from other users with extended capabilities.
They can read all posts, independently of who writes them.
They can view all comments, but they cannot moderate them (approve, edit or delete them).
Contributors cannot add images or upload other files to their posts, which is quite restrictive.
They cannot create categories; however, they can choose from existing categories. Instead, they can add tags to their posts.
The Contributor role is appropriate for guest authors, who are sporadically contributing to the website content and don’t need to constantly publish articles on the website.
A Contributor doesn’t have access to site settings, consequently, they cannot manage themes or plugins.
This role gives full control over posts and comments: from editing to publishing.
The Editor role has limited capabilities; however, they have full control over content within the website.
This role is destined to users that are responsible with the content in a website. They can manage content: adding articles, editing articles of theirs or articles of others, deleting articles. This is also valid for pages.
Alongside managing posts and pages, Editors can moderate comments (read, approve, delete, edit comments to posts).
They can manage categories for posts, both adding new categories and editing existing categories.
Editors can manage tags for posts, both adding new tags and editing the existing list of tags.
They cannot manage user roles for other members of the team. They do not have access to site settings, so they cannot make modifications to the code, or themes, or plugins.
An Editor has no access to widgets; thus they cannot manage them.
These WordPress users are the most powerful ones and the riskiest ones. Be careful who you give this type of access to.
The Administrator has full control over the website. He/She has the possibility to manage site settings, content in the website, and user roles.
An Administrator manage other users, including other administrators. They can create new user accounts, edit or delete them.
They are able to add, activate or remove themes for the WordPress website, and thus, make modifications into the website.
Administrators can add, activate or delete plugins for the website.
They are responsible for the management of the content published on the website. They have access to posts and pages, they can add posts and pages, edit them or delete them completely. Also, they can add categories and tags and assign them to posts, accordingly.
An Administrator can manage menus of the website and widgets, as well.
They are capable of editing code for the website and implement additional CSS for advanced customizations to the website pages.
Administrators can install updates for the website, such as WordPress upgrades, new versions of themes or plugins.
They can create backups for the website.
They have full control over security and privacy related to the WordPress website.
To spice it all up: enter super-admins.
This WordPress user is only available on a WordPress multisite network. WordPress allows you to create multiple websites using the same WordPress installation. For example, a school might want to run separate websites and manage them in the same dashboard. This would mean that a super admin will have access to all of these sites, and even delete them.
How to Customize WordPress User Permissions and More
Most websites out there don’t need extra capabilities for their users and can work easily with the default users.
But what if you need some custom capabilities?
Well, it’s time to talk about plugins. Here are the top 3 most popular plugins that allow you to manage WordPress users.
Active installs: >200.000
- Role Editor: Create, edit, and delete roles as well as capabilities for these roles.
- Multiple User Roles: Assign multiple roles to a user.
- Explicitly Deny Capabilities: Deny specific capabilities to specific user roles.
- Clone Roles: Clone existing roles.
- Content Permissions / Restricted Content: allow or restrict permission to certain website content.
- Shortcodes: use shortcodes to control who has access to content.
Active installs: >200.000
- Front-end user profiles.
- Front-end user registration.
- Front-end user login.
- Custom form fields.
- Conditional logic for form fields.
- Drag and drop form builder.
- User account page.
- Custom user roles.
- Member directories.
- User emails.
- Content restriction.
- Show author posts & comments on user profiles
Active installs: >80.000
- Restrict or hide posts, pages, and custom post types.
- Create custom registration and profile fields.
- Notify admin of new user registrations.
- Hold new registrations for admin approval.
- Shortcodes for login, registration, content restriction, and more
- Create powerful customizations with more than 120 action and filter hooks.
- A library of API functions for extensibility.
At the end, I wanted to show you in a more friendly way the available WordPress users and their capabilities. So I created a table for you.
|Create draft posts|
|Manage and publish own posts|
|Manage and publish others' posts|
|Manage pages (private included)|
|Publish pages (private included)|
|Create and edit reusable blocks|
Alina is a digital marketer with a passion for web design. When she's not strategizing she's doing photography, listening to podcasts on history and psychology, and playing with her 2 dogs and cat.