As your website grows, and more people will start having access to it, you’ll need to understand how to manage WordPress users and their permissions.
So, whenever someone registers on your site, it gets assigned a specific role when the account is created. There are certain roles that you can assign to your WordPress users, in order to control what they can or cannot do inside your website.
In terms of permissions, you can allow users to:
- Write and edit posts
- Create pages
- Create categories
- Moderate comments
- Manage plugins
- Manage themes
- Manage other users
- Setting up the dashboard
- Manage reusable blocks
And here are the 5 roles that users can be assigned inside a WordPress website:
I’ll describe them one by one in one in a sec, but first, I want to show you how you can manage users inside the WordPress admin area.
WordPress Users and Where to Find Them
You can add new WordPress users or manage old ones in WordPress Dashboard -> Users.
When you select “Users”, you’ll see three options:
- All users: here you can see all your users. You can apply filters based on their role, and start to edit any user you like.
In our case, besides the “Edit” and “View” options, below every user’s name, there’s another option called “2FA”. This means that we’ve enabled 2 Factor Authentication, for website security reasons. For this, we are using a plugin called Wordfence.
- Add new: here you start adding new WordPress users for your website.
- Profile: the users can see their profile here. Several preferences can be set here such as default editor, contact info, password setup, social media profiles, etc.
WordPress User Roles Detailed
Now that we know where to edit and add new WordPress users, let’s see what are their capabilities.
Subscribers can log in to your WordPress site and update their user profiles. They can’t edit pages or posts or make any other changes in the WordPress admin area.
When do you need this WordPress user? Well, when you have a membership website (eg: courses website), an online store, or any other type of website that requires users to create an account and log in.
Website users that have the contributor role can add new posts, but can’t publish them. They can’t upload images or any other file to the Media Library, and this is a big disadvantage. They can create tags, but not categories. They are able to view comments, but can’t manage them.
WordPress users with the author role, have the same capabilities as the contributors. What is extra is the fact that they can publish their posts and add files to their posts.
They can’t manage plugins, access themes, or change dashboard settings. Because of these limited capabilities, subscribers, contributors, and authors are low-risk WordPress users.
This role gives full control over posts and comments: from editing to publishing.
WordPress editors can’t add other users, install plugins and themes, or make additional site settings.
These WordPress users are the most powerful ones and the riskiest ones. Be careful who you give this type of access to.
Besides the editor capabilities, administrators can also install themes and plugins, manage users. They can even make changes to the users’ personal information and passwords.
To spice it all up: enter super-admins.
This WordPress user is only available on a WordPress multisite network. WordPress allows you to create multiple websites using the same WordPress installation. For example, a school might want to run separate websites and manage them in the same dashboard. This would mean that a super admin will have access to all of these sites, and even delete them.
How to Customize WordPress User Permissions and More
Most websites out there don’t need extra capabilities for their users and can work easily with the default users.
But what if you need some custom capabilities?
Well, it’s time to talk about plugins. Here are the top 3 most popular plugins that allow you to manage WordPress users.
Active installs: >200.000
- Role Editor: Create, edit, and delete roles as well as capabilities for these roles.
- Multiple User Roles: Assign multiple roles to a user.
- Explicitly Deny Capabilities: Deny specific capabilities to specific user roles.
- Clone Roles: Clone existing roles.
- Content Permissions / Restricted Content: allow or restrict permission to certain website content.
- Shortcodes: use shortcodes to control who has access to content.
Active installs: >200.000
- Front-end user profiles.
- Front-end user registration.
- Front-end user login.
- Custom form fields.
- Conditional logic for form fields.
- Drag and drop form builder.
- User account page.
- Custom user roles.
- Member directories.
- User emails.
- Content restriction.
- Show author posts & comments on user profiles
Active installs: >80.000
- Restrict or hide posts, pages, and custom post types.
- Create custom registration and profile fields.
- Notify admin of new user registrations.
- Hold new registrations for admin approval.
- Shortcodes for login, registration, content restriction, and more
- Create powerful customizations with more than 120 action and filter hooks.
- A library of API functions for extensibility.
At the end, I wanted to show you in a more friendly way the available WordPress users and their capabilities. So I created a table for you.
|Create draft posts|
|Manage and publish own posts|
|Manage and publish others' posts|
|Manage pages (private included)|
|Publish pages (private included)|
|Create and edit reusable blocks|