Apps Ballance Chat Click Code Cog_Wheels Compose_email Conference Contacts Earth Edit_File_1_ Email Email_2 File Folder_2 Gift Group Group_2 Help ID ID_2 Key Keys Laptop_Store Link Lock Log_Out Map Marketing Mobile_UI Navigation POS Partnership Profile Safe_2 Search_User Secure_Files Settings Share Shield Shield_2 Shopping_Cart Support_Male Trash Type_pin User_female User_male logo copy

The Ultimate Guide to WordPress User Roles and Permissions

Iain Published on October 27, 2022

Without users, your site will cease to exist in its current form. However, this doesn’t have to be only visitors. You’ll also have to manage users who access your site’s back end. WordPress user roles help you to organize and manage them to make sure you have a stable website.

While it doesn’t seem that way, there’s a technical underbelly when it comes to working with user roles and permissions. As such, you’ll need to think about what roles you want, and what they can access on your site. WordPress has some scope for this, but plugins can boost the experience manifold.

For this post, we’re going to look at WordPress’ user roles, how to use the default options, and how to enhance what’s on offer using plugins.

An Introduction to WordPress User Roles

A typical website will send a lot of traffic your way. On the whole, site visitors are straightforward to deal with: You provide a good-looking front end, some forms for interactivity, and leave it be. However, some of these users will need access to the back end of your site.

WordPress’ user roles let you split access to different sections, areas, and elements of your site according to need. For example, you can give someone administrative powers over every part of your site (like an ‘all access’ backstage pass.)

In contrast, WordPress also includes a dedicated user role for a restricted permission set too. This is akin to a typical concert ticket that will only let you stand in the pit and watch the band.

User roles and permissions aren’t only for organization though. They can provide a way to secure parts of your website. We’ll talk some more about this next.

Why You Should Work With User Roles Within WordPress

Without user roles and permissions, WordPress is a free-for-all. This means any user with access to the back end could add, update, and even delete posts. What’s more, this applies to pages, media, and other content types.

This is bad enough, but you have some possible situations where giving someone more powerful access can bite you:

  • Human errors can happen, and a ‘business critical’ mistake can take your site offline, or remove vital content.
  • Malicious actors could cripple your site in the same ways that human errors can. This will likely affect the other users accessing your site too.

That WordPress includes ways to work with user roles means you don’t always have to rely on third-party functionality to implement them. This is important, because it means WordPress offers a default, accessible, and full-functioning way to manage your users. Next, we’ll get into the details.

How to Work With the Default WordPress User Roles

Out of the box, WordPress offers a decent set of user roles with the relevant scope to manage almost every site. There are six roles you’ll want to memorize, from least permissive to most, and each user role builds on the one before it:

  • Subscriber. A user with this role can look at their profile page, manage it, and read posts on the site from the back end. There is no other access available.
  • Contributor. This user can create posts and pages, and delete their own drafts. However, they can’t publish a post, or delete a live one.
  • Author. This role starts to open the scope up a bit. Authors can manage everything relating to the content they create. This means you can add, update, delete, and publish drafts, posts, and pages. You can also add media to your content, and add new tags
  • Editor. In addition to the Author role, you can work with categories, and begin to moderate and manage comments from other users.
  • Administrator. This offers complete access to any part of the site, and lets you do anything you wish. As a site’s creator, this is what you’ll have, and we’d recommend no other user gets this role other than you.
  • Super Admin. You won’t see this user role if you don’t run a WordPress Multisite installation. It lets you work with all the sites in your network.

To apply these, you can head to the Users > All Users screen within WordPress:

The Users > All Users screen within WordPress.

This brings up a list of the current users of your site. There should be a column that indicates the current user role, and a drop-down menu to change it:

The drop-down user role menu within WordPress’ back end.

You can also click on each one to work on them further. The Role drop-down will let you choose from the current list of user roles:

A user profile page within WordPress.

However, you can also access some additional account management options. For instance, you can send out new passwords, change the ‘author slug’ for the user, and more:

The WordPress Account Management page for a user.

You might also see more fields if you use plugins such as WooCommerce. This will let you see billing information, and other relevant information. Regardless, you don’t have to stick with the current options if they don’t work for your needs.

Expanding User Roles From the Default

Under the hood, WordPress lets you manage users, but it might not be enough. For instance, you might want to give an Author the ability to add taxonomies, but not to work with comments. While there isn’t any built in scope to do this within WordPress, you can bring a plugin or two into the fold.

You’ll find a few different options at your disposal for this. A perennial example is User Role Editor.

The User Role Editor plugin.

However, there might be better options that can also give you greater scope with regards to managing users on your site. In our final section, we’ll show you what WP User Manager can bring to the table.

How WP User Manager Can Help You Expand the Scope of Your User Roles and Permissions

The WP User Manager logo.

A good WordPress membership plugin will also include the capability to work with user roles too. WP User Manager is one of the best solutions available to achieve it. You’ll get a wealth of features and functionality out of the box:

  • The ability to personalize profile pages and include avatars.
  • An option to create groups, and offer a gorgeous directory of users.
  • Social login options, to make it straightforward to register on your site.
  • An editor to help you build interactive and intuitive registration forms.
  • Integration with both the default WordPress installation, and your favorite page builder of choice. WooCommerce users can also harness the power of WP User Manager.
  • Lots of security options to make sure your site remains stable and rock-solid.

However, WP User Manager also includes a dedicated role and permissions manager. As such, you won’t need any other third-party plugin to work with WordPress user roles.

WP User Manager’s User Role Editor

Once you install and active WP User Manager, you can find the user role editor on the Users > Roles from the WordPress dashboard:

WP User’s Manager’s roles and permissions editor.

This will give you a list of current user roles on your site, much like the WordPress default screen. However, the difference here is the level of detail. You can see which role you use as the sign-up default option.

What’s more, you can gauge how many users you have for each role, and the number of permissions for each. To edit these, you’ll click on the Edit Capabilities button. This will bring you to a packed screen full of permissions and checkboxes:

The WP User Manager Edit Capabilities screen.

The left-hand side of the screen lists the different categories of permissions. The main portion of the screen shows you the associated capabilities, along with checkboxes to grant and deny those permissions.

This means to amend a current role, you’ll search for the required capability, check the right box, and save your changes. However, you may want to add a new user role. You can do this using the Add New Role button back on the Users > Roles screen:

The Add New Role button within WP User Manager.

Once you specify a name for your new role, you’ll see the Edit Capabilities screen again. This time, it’s blank. This lets you add whatever capabilities you need to ensure you create the right user role for your needs:

Adding a new user role within WP User Manager.

Once you save your changes, you can begin to assign the new user role to whoever needs it.

Conclusion

WordPress user roles can make sure you increase the security and accessibility of your site. With clear definition, you can ensure that each user only has the capabilities and permissions they need. In turn, this can lessen the scope for errors and other issues on site.

While WordPress includes full functionality with regards to user role management, a third-party plugin will supercharge it. WP User Manager offers a dedicated user role editor, and what’s more, it’s the best way to implement membership functionality on your WordPress website. A single-site license starts from $149 per year, with other tiers providing greater functionality and scope.

Do you have any questions about WordPress user roles on your own website? Ask away in the comments section below!

Iain I’m a WordPress developer based on the south coast of England. I develop plugins like WP User Manager and Intagrate.
Comments