Beginner’s Guide to WordPress User Roles and Permissions

WordPress comes with a user role management system which defines what a specific user can and cannot do on your website. Knowing these user roles and permissions are essential as your WordPress site grows. In this beginner’s guide to WordPress user roles, we will compare… Read More »

To leave a comment please visit Beginner’s Guide to WordPress User Roles and Permissions on WPBeginner.

WordPress comes with a user role management system which defines what a specific user can and cannot do on your website. Knowing these user roles and permissions are essential as your WordPress site grows. In this beginner’s guide to WordPress user roles, we will compare each WordPress user roles and permissions in an easy to follow infographic.

Out of the box when you install WordPress, there are five default user roles:

  1. Administrator
  2. Editor
  3. Author
  4. Contributor
  5. Subscriber

You can see a full comparison between each user role by viewing the infographic below:

Beginner's guide to WordPress User Roles Infographic [Thumbnail]

Alternatively, you can read the summary of each user role permissions below. We will also cover how to create new user roles and/or customize existing WordPress user roles.

Let’s start by looking at each default user role and their permissions.

1. Administrator

On a regular WordPress install, Administrator is the most powerful user role. Users with the administrator role can add new posts, edit any posts by any users on the site, and even delete those posts.

They can install, edit, and delete plugins as well as themes. Most importantly an administrator user can add new users to the site, change information about existing users including their passwords as well as delete any user (yes other administrators too).

This role is basically reserved for site owners and gives you the full control of your WordPress site. If you are running a multi-user WordPress site, then you need to be very careful who you assign an administrator user role.

We also recommend that you read this article: Should You Give Admin Access to Plugin Developers for Fixing Bugs?

2. Editor

Users with the editor role in WordPress have full control on the content sections your website. They can add, edit, publish, and delete any posts on a WordPress site including the ones written by others. An editor can moderate, edit, and delete comments as well.

Editors do not have access to change your site settings, install plugins and themes, or add new users.

3. Author

As the name suggests, users with the author role can write, edit, and publish their own posts. They can also delete their own posts, even if they are published.

When writing posts, authors cannot create categories however they can choose from existing categories. On the other hand, they can add tags to their posts (See: Categories vs Tags – Which one is better for SEO?).

Authors can view comments even those that are pending review, but they cannot moderate, approve, or delete any comments.

They do not have access to settings, plugins, or themes, so it is a fairly low-risk user role on a site with the exception of their ability to delete their own posts once they’re published.

5. Contributor

Contributors can add new posts and edit their own posts, but they cannot publish any posts not even their own. When writing posts they can not create new categories and will have to choose from existing categories. However, they can add tags to their posts.

The biggest disadvantage of a contributor role is that they cannot upload files (meaning they can’t add images on their own article).

Contributors can view comments even those awaiting moderation. But they cannot approve or delete comments.

They do not have access to settings, plugins, or themes, so they cannot change any settings on your site.

5. Subscriber

Users with the subscriber user role can login to your WordPress site and update their user profiles. They can change their passwords if they want to. They cannot write posts, view comments, or do anything else inside your WordPress admin area.

This user role is particularly useful if you require users to login before they can read a post or leave a comment.

Bonus: Super Admin

This user role is only available on a WordPress Multisite Network. Users with the super admin user role can add and delete sites on a multisite network. They can also install plugins and themes, add users, and perform network wide actions on a WordPress multi-site setup.

Customizing Existing User Roles

Default WordPress user roles are designed to have capabilities that fits the requirement of most websites. For example if you run a magazine site, then you can assign Editor user role to your senior staff and author user role to the junior staff. You can assign contributor user role to your guest authors and subscriber user role for your site visitors.

But what if you wanted to modify the permissions of an existing WordPress user role?

One thing we do not like about the author role is that not only can they publish their own posts, but they can also delete them after it’s published. This can undermine your entire editorial workflow. Also can be disastrous if a paid author leaves on bad terms and decides to delete all the posts they wrote (the ones you paid them for).

Let’s suppose that you want to modify the author user role, so that the authors cannot delete their posts once they’re published.

First thing you need to do is install and activate the Capability Manager Enhanced plugin. Upon activation, go to Users » Capabilities to modify user roles.

Editing user capabilities in WordPress

Next, select the user role you want to edit from the top box in the right column and then click the load button. This will load users capabilities in the boxes on the left.

All you need to do is uncheck the capabilities that you want to remove from that user role. For example, in this case we want to remove the capability to delete published posts from authors. We will uncheck ‘Delete Published’ capability. Once you are done, scroll down to the bottom of the page and click on the save changes button to store your settings.

Creating Your Own Custom User Roles in WordPress

You can create your own custom user roles in WordPress with your own set of capabilities by using the same Capability Manager Enhanced plugin. After installing and activating the plugin, go to Users » Capabilities and enter the user role name under ‘Create New Role’.

Adding a custom user role in WordPress

For example, a magazine site may need some staff member to actively moderate comment. In that case, you may want to create a user role that can only moderate comments. All you need to do is create a new user role, and then select the moderation comment option from under ‘Other WordPress Capabilities’.

For more detailed instructions, please see our tutorial on how to add/remove capabilities to user roles in WordPress.

We hope this article helped you understand WordPress user roles and permissions. You may also want to check out our guide on 21 great plugins to efficiently manage multi-author blogs in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Google+.

To leave a comment please visit Beginner’s Guide to WordPress User Roles and Permissions on WPBeginner.

13 Free User Management Plugins for WordPress

Are you managing a multi-user WordPress website? By default, WordPress comes with a built-in user management system, and you can extend it to meet your needs. In this article, we will show you the best WordPress user management plugins. Note: If you are looking to… Read More »

To leave a comment please visit 13 Free User Management Plugins for WordPress on WPBeginner.

Are you managing a multi-user WordPress website? By default, WordPress comes with a built-in user management system, and you can extend it to meet your needs. In this article, we will show you the best WordPress user management plugins.

User Management WordPress

Note: If you are looking to add new users, here’s our tutorial on how to add new users in WordPress.

1. Capability Manager Enhanced

Capability Manager Enhanced

WordPress comes with a few built in user roles. Each user role has some pre-defined capabilities assigned to them. Capability Manager Enhanced plugin allows you to edit those capabilities and create customized user roles for your WordPress site. See our tutorial on how to add or remove capabilities to user roles in WordPress for more detailed instructions.

2. WP Idle Logout

WordPress idle logout message

Sometimes user log into their WordPress account and forget to logout. Inactive users may cause session hijacking threat. WP Idle Logout plugin allows you to logout users if they are inactive for a given amount of time. Users can safely log back in when they want to resume their session again. See our guide on how to automatically logout idle users in WordPress for more details.

3. Cimy User Extra Fields

Cimy User Extra Fields

The basic WordPress user profile field is quite simple. Cimy User Extra Fields plugin allows you to extend user profiles by adding extra fields to them. Users can fill out these fields during registration or by editing their profiles. See our step by step tutorial on how to add additional user profile fields in WordPress for more instructions on using the plugin.

4. New User Approve

Moderate new user registration in WordPress

Anyone can register on your site when you open your WordPress site for user registration. New User Approve plugin allows you to moderate new user registrations. You can approve or deny new user registrations from your WordPress admin area. See our guide on how to moderate new user registrations in WordPress for step by step instructions on how to setup the plugin.

5. Peter’s Login Redirect

Peter's Login Redirect

If you want to redirect users to specific page after login, then Peter’s Login Redirect is the plugin for that. Simply activate the plugin and go to the plugin’s settings page. You can redirect users based on username, user role, or capabilities. You can also set a page where users will be redirected after successful registration. For more details take a look at our guide on how to redirect users after successful login in WordPress.

6. User Switching

User switching

When testing a multi user site features, you may need to switch to different user accounts. User Switching plugin provides an easier way to instantly switch user accounts in WordPress. Simply install and activate the plugin and you can switch to any account from the users page or from the toolbar. The plugin only allows site admins to switch user accounts.

7. Account Locker Lite

Locking a user account

Sometimes you may want to restrict a user’s access to your WordPress site without deleting their account or changing their password. Account Locker Lite allows you to block a user account without deleting it. This is particularly helpful if you don’t want to lose a user’s account because there are posts associated with them that you would like to still credit to them. See our tutorial on how to block a WordPress user without deleting their account for more detailed instructions.

8. WP Useronline

Users Online

Many community sites and forums have widgets that can display online users. You can do that in WordPress with WP Useronline plugin. It allows you to display users currently visiting your website. See our tutorial on how to show real time online users in WordPress for more details.

9. Prevent Concurrent Logins

Concurrent user sessions

By default WordPress users can sign into an account from multiple locations at the same time. This could affect the security of a multi author WordPress site. If you run a paid membership site, then this could also affect your profits. Prevent Concurrent Logins plugin disables this behavior and only allows one session per user at a time. See our tutorial on how to stop users from sharing passwords in WordPress for more details.

10. Force Strong Passwords

Force Strong Password

Passwords are the first barrier between your site’s admin area and hackers. Using weak passwords makes your WordPress site vulnerable to hacking attacks. Force Strong Passwords plugin enforces strong passwords for users with capability of publishing or editing posts on your WordPress site. Check out our guide on how to force strong passwords on users in WordPress for more details.

11. Adminimize

Adminimize Menu

Sometimes you may want to tweak the WordPress user interface for some users on your website. Adminimize allows you to hide unnecessary items from WordPress menu. You can configure each and every aspect of WordPress admin area on your site for each user role. Take a look at our detailed guide on how to hide unnecessary items from WordPress admin menu with Adminmize.

12. User Submitted Posts

User Submitted Posts

If you do not want to give other users access to your WordPress admin area, then there are other ways you can allow users to submit content on your WordPress site. User Submitted Posts plugin allows you to add a form to the front-end of your WordPress site where your users can submit posts to your website. Another popular alternative for user submitted content is Gravity Forms. We have detailed tutorial on how to allow user submitted posts on your WordPress site.

13. Simple Local Avatars

Simple Local Avatar

WordPress comes with a built-in user profile photo handling through Gravatar. However, some of your users may not have a Gravatar photo. Simple Local Avatars allows your users to upload a photo from their profile page. WordPress will then use this local image as user’s photo on your site.

We hope this article helped you find the best user management plugins for WordPress. You may also want to take a look at our guide on the WordPress search plugins to improve your site search.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

To leave a comment please visit 13 Free User Management Plugins for WordPress on WPBeginner.