WordPress User Roles : Beginner’s Guide to Setting Permissions

If you’re the only person running your website, you’ve probably never had to think about WordPress user roles. However, if you ever need to give other people access to your WordPress site, WordPress user roles are essential for controlling what actions the various users at your site are permitted to take

By smartly applying WordPress user roles, you ensure that no one has more “power” than they need. And this helps make your site more secure and streamline your workflow.

In this guide, we’ll explain what WordPress user roles are and why they matter. Then we’ll walk you through each default role before offering some tips on how to apply them effectively. Let’s begin!

Wordpress User Roles

What WordPress user roles are (and why they matter)

WordPress user roles define what actions each user at your site is allowed to perform. These actions are called capabilities. For example, the ability to publish a WordPress post is one “capability”, while the ability to install a new plugin is another “capability”.

So at a simple level, user roles are just a collection of different actions (called capabilities) that a user with that role is allowed to perform.

WordPress user roles are important because they:

  • Help secure your WordPress site by ensuring that users don’t have access to things they shouldn’t have. For example, you don’t want an UN trusted user to have the ability to install new plugins on your site.
  • Can help you define your workflows. For example, WordPress has pre made user roles that you can apply to authors on your site to give them access to only the functionality they need to write WordPress posts.

The Five default WordPress user roles

WordPress includes five different user roles. Understanding each one is key if you want to protect your site and ensure your team works more effectively. Let’s take a look at each of these roles in turn.

We’ll also show you what the WordPress dashboard looks like from the perspective of each role.

1. Administrator


This is the role assigned to you when you create a website. The administrator is at the very top of the hierarchy (unless you’re running a Multisite installation, which we’ll discuss soon). In most cases, there is only one, and they are able to access all the functions of the WordPress backend.

Administrators are able to do everything. This user role can, in part:

  • Create, edit, and delete any content
  • Manage plugins and themes
  • Edit code
  • Delete other user accounts

Administrator is the most powerful user role and should rarely be assigned to any other account. If you give someone else this user role, you’re essentially giving them the keys to the castle. So be careful!

2. Editor


As the name of this user role suggests, an editor is generally responsible for managing content and thus has a high level of access. They can create, edit, delete, and publish both pages and posts – even those belonging to other users.

An editor can also:

  • Moderate comments
  • Manage categories and links

However, they cannot make site-wide changes such as adding plugins and themes or installing updates. Instead, they are responsible for overseeing the work of authors and contributors.

3. Author


An author has far fewer permissions than editors. They cannot edit pages and are unable to alter other users’ content. In addition, they lack any sort of administrative capabilities.

What they can do is create, edit, delete, and publish their own posts (and upload media files). This makes their role pretty clear – authors are responsible for creating content, and nothing more.

4. Contributor


The contributor role is essentially a stripped-down version of the author role. A contributor is only able to perform three tasks – reading all posts, as well as deleting and editing their own posts. This role is quite limited since it doesn’t enable users to publish posts or upload media files. However, it’s ideal for one-time and new content creators.

5. Subscriber

Subscribers have only one main capability and their WordPress dashboard is usually incredibly bare. They can read all posts on the site (as well as manage their own profiles). Normally, anyone can read posts without being assigned a role, so not all sites will use this option. However, it comes in handy for subscription-based sites, where you want to enable access to content only for certain people.

You might interested in WordPress Popup news letter Plugin

Final word:

As an Admin, you’re free to modify user roles on a moment’s notice. So, if you need an Editor to fill in for you while you go on vacation, simply visit the Users tab on the WordPress dashboard and change that user’s role to Admin. Then, change it back once you return from your trip.

Spread the love
  • 1

Leave a Reply

three × 2 =