User roles and capabilities: how to manage WordPress user roles

In order to give the site owner the ability to control what users can and cannot do on the site, WordPress makes use of the concept of roles.

A role specifies a group of tasks that a user who has been assigned the role may carry out.

By giving each user a specific role, a site owner can control which users have access to which tasks, including writing and editing posts, creating Pages, creating categories, moderating comments, managing plugins, managing themes, and managing other users.

Running WordPress websites is made simpler by WordPress user roles and permissions.

Each role comes with a pre-determined set of capabilities, but the site owner can add or remove capabilities deemed fit.

Site owners can also create custom roles using WordPress plugins, and delete them if not needed.

When you install WordPress, an Administrator account is automatically created.

The Administrator role restricts the permitted tasks to those that only affect a single site, while the Super Admin role grants access to all capabilities and encompasses all tasks that can be performed within a network of WordPress sites.

The number of permitted capabilities decreases for each of the other roles.

The default role for new users, which is set to Subscriber by default, can be changed in the Sidebar of the WordPress Dashboard > Settings > General.

To improve workflow and maintain security, assign roles to each employee and be aware of their assigned capabilities.

Default user roles and capabilities

1. Super Admin: can access site network features and all other features.
2. Administrator: can access all administration features within a single site.
3. Editor: can publish and manage self and others’ posts.
4. Author: can publish and manage only self-posts.
5. Contributor: can write and manage self-posts but cannot publish them.
6. Subscriber: can only manage own profile.

1. Super Admin

This user role can only be made available in a WordPress multisite network.

Users with the super admin user role can perform network-wide actions because they have admin access to every single site in the network.

They have the ability to create and delete sites as well as manage the network, including all the plugins, users, upgrades, setups, and themes in the network.

Permissions (permissions only available on a multisite)

1. Sites: create, manage, and delete sites
2. Network: setup, upgrade, and manage a network, its users, plugins, themes, options

Permissions (other regular permissions)

1. WordPress: update core WordPress software
2. Themes: install, edit, update, and delete themes
3. Plugins: install, update, edit, and delete plugins
4. Files: edit files
5. Users: create, add, edit, and delete users

When to assign this role

1. Assigned by default to the owner of the multisite network.
2. A super admin can assign fellow owners of a network as super admins.

2. Administrator

The administrator role is the most powerful user role on a single-site WordPress website; it is usually reserved for the site owner because this user can perform all possible tasks and have access to all parts of the site.

They can also add or remove users.

Permissions (On multisite)

1. Site: delete a site
2. Dashboard: edit the dashboard
3. Plugins: activate plugins
4. Theme: activate themes
5. Posts: publish posts, read private posts, edit or delete self and others’ private and published posts.
6. Categories: manage categories
7. Comments: moderate comments
8. Pages: publish pages, read private pages, edit or delete self and others’ private and published pages.
9. Links: manage links
10. File: import, export, and upload files
11. Users: list, promote, and remove users
12. Reusable Blocks: create, edit, read, and delete reusable blocks
13. Customizer: access the customizer

Permissions (On single-site)

1. Site: delete a site
2. WordPress: update core WordPress software
3. Dashboard: edit the dashboard
4. Plugins: install, activate, update, edit and delete plugins
5. Theme: install, activate, edit, update and delete themes
6. Posts: publish posts, read private posts, edit or delete self and others’ private and published posts.
7. Categories: manage categories
8. Comments: moderate comments
9. Pages: publish pages, read private pages, edit or delete self and others’ private and published pages.
10. Links: manage links
11. File: import, export, edit and upload files
12. Users: create, edit, and delete users
13. Reusable Blocks: create, edit, read, and delete reusable blocks
14. Customizer: access the customizer

When to assign this role

1. Assigned by default to each site owner at the point of creating the site.
2. Super Admin (multisite) can assign leaders of a particular site operation as Administrators
3. Administrators (single-site) can assign co-owners as Administrators

3. Editor

WordPress users who have the editor role have complete control over the content sections of the website, as they can modify all posts, including those written by other authors, as well as manage categories, links, and comments.

Editors cannot modify site settings, install plugins, and themes, or add new users.

Permissions

1. Posts: publish posts, read private posts, edit or delete self and others’ private and published posts
2. Categories: manage categories
3. Comments: moderate comments
4. Pages: publish pages, read private pages, edit or delete self and others’ private and published pages
5. Links: manage links
6. Reusable Blocks: create, edit, and delete reusable blocks
7. Frontend content: read
8. File: upload files

When to assign this role

1. The Editor-in-Chief of a publication, who is  not the site owner
2. When assigning a role to someone in charge of other writers’ work

4. Author

Authors can write, edit, and publish their own posts, as well as delete them even after they have been published.

Authors cannot create new categories but can choose from existing ones.

They can, however, include tags in their posts.

Authors can read comments but not moderate them.

It is a user role with a relatively low risk because they do not have access to plugins, themes, or site settings.

Permissions

1. Posts: publish, edit published posts, and delete posts
2. Files: upload files
3. Reusable Blocks: create, read, edit(own) and delete(own) Reusable Blocks

When to assign this role

1. When assigning a role to authors who primarily work for the site.

5. Contributor

Contributor role users can create new posts and edit their own, but they can not publish or delete them.

They can select from pre-existing categories and add their own tags to posts.

They can not upload files, so they are unable to include images in their posts.

They can also view all comments on the website, but they cannot approve or delete them.

They do not have access to site settings, plugins, or themes, hence they are unable to change any settings on the site.

Permissions

1. Posts: edit and delete posts
2. Reusable Blocks: read reusable blocks

When to assign this role

1. When assigning a role to a new author on the site
2. When assigning a role to guest authors who do not primarily work with the site.

6. Subscriber

Subscriber is the most basic user role.

These users can log in to the site, update their user profiles, and change their passwords.

They can also log in and comment on posts as well as access specific areas of a subscription-based or members-only content site.

They are unable to write posts, view comments, or perform any other actions within the WordPress admin area.

Permissions

1. Frontend content: read

When to assign this role

1. Assigned by default to new users

Custom user roles and capabilities

For the majority of WordPress websites, the default user roles are sufficient, but some websites may need to modify the details for particular roles, such as adding a new role, adding or removing permissions for new roles, or adding or removing permissions for default roles.

A number of plugins can be used to implement the majority of these changes.

1. Plugins with custom user roles

Once installed and activated, this set of plugins automatically adds custom user roles to sites.

These new roles bring with them new capabilities and access to the site’s plugins.

1. WooCommerce
   • Customer
   • Shop Manager
2. Yoast
   • SEO Manager
   • SEO Editor

2. Plugins to add and customize users manually

Each of these plugins has features that help site owners manage user roles in a variety of different ways on their sites.

1. User Access Manager
2. Advanced Access Manager
3. User Role Editor
4. WordPress User Role Editor
5. Simple Membership Plugin
6. PublishPress Capabilities
7. Members – Membership & User Role Editor Plugin
8. User Switching
9. View Admin As