WordPress User Roles and Permissions [Explained in Detail]
Last updated on October 13th, 2021 at 11:29 am
When more than one person handles a website, letting them use the same account to perform all actions isn’t a good idea. That’s why WordPress allows registering multiple (and multiple types of) users for a WordPress Website.
Now, as a content management system, the task of WordPress is to smooth down the editorial and publishing process too. So, different users have different sets of rights. In technical terms, we call these rights ‘permissions’. At the same time, user type is referred to as ‘user roles’.
In this article, we will discuss WordPress user roles and permissions in complete depth.
User Roles in WordPress
In general, WordPress websites have the following user roles:
- Super-admin (for multi-site WordPress setups)
However, it may differ as per your enabled theme too.
Not to forget, WordPress website owners can customize the names of these user roles and can add more user roles with customized access rights too.
For each of these user roles, permissions differ. This implies all types of users have a certain set of actions that they can perform.
For example, if ‘author’ wants to publish an article from your WordPress website, it is possible. However, making edits in the article written by someone else won’t be possible for this user role.
Now, let us explain the access rights or permissions related to the each of the user role in WordPress.
An admin or administrator in your WordPress website is the user with highest privileges. All the operations related to site administration can be easily performed by a site admin.
Administrators can add users, assign them with the user roles, change the user role of existing users, remove users, and view/manage site revenue settings.
They also have all the permissions related to content management in your website or WooCommerce shop. This means, an administrator can upload content, add a page, remove pages, create a blog post, delete an article, update a page/post, change details of a product, modify site design, and do all such things in your website.
Export, import, theme, settings, files are within the access of administrators.
Admin can also delete the entire website if needed.
Caution for Admin Creation
Now that you know how powerful an ‘admin’ user role is, make sure to keep just one administrator for your website. Also, make sure that you do not distribute your site backend credentials (email/username and password) carelessly to everyone in your organization
What doesn’t come under privileges of WordPress Site Administrator?
- Though there can be more than one site administrators in WordPress, but the right to transfer ownership remains with the one who has created that website.
- Site administrators cannot access the details related to domain and other purchases if they don’t own the website.
- If a site has an active plan, it can’t be deleted by administrators. The deletion can only happen after cancellation of all plans.
Editors in WordPress
As clear from the name of this user role, Editors have full access to content being created in your WordPress website. They can view, review, create, modify and delete pages and posts in the WordPress website or shop.
Comments, categories, tags, links, etc. can also be controlled by people with this user role.
The Author User Role in WordPress
Authors can create pages and posts in WordPress. They have the rights to edit, add, and delete their own posts. However, authors in WordPress cannot edit the content created by other authors.
Authors have the permission to upload media files and images in WordPress dashboard, in order to use that media in their posts and pages.
Contributors in the WordPress website can create pages and posts. However, their content cannot be directly published by them. It is essential that the administrator or an editor review and publish that content.
After the publishing too, contributors cannot edit their posts/pages. But the good thing is, post will be published in the name of contributor who is the actual creator of the content.
Contributors cannot upload media or images in WordPress dashboard, unlike authors.
These are the external users with no editing privilege for your WordPress website. However, as they have created the account on your website as reader and user, they can add comments to your posts wherever it is allowed.
People with this user role also has the privilege to delete or edit their own comments or reply the others/author’s comments.
For the public blogs, followers can also share your blogs on different portals, or invite other users to read your blog posts.
For the private blogs, sharing facility won’t be available for your followers.
In WordPress, followers and subscribers have almost the same set of rights. However, having subscribers for your website means that you have enabled any subscription plugin for your website and these people (with user role ‘subscriber’) have joined through that plugin’s functionality.
Subscribers can choose to receive different types of updates from your blog and website, for example – published articles, product promotions, and so on.
Other than that, subscribers can also comment on your public posts, share those posts, edit their comments, and reply.
Viewers are the visitors who have not signed up or signed in with your website. If your website is not public or need registration for viewing. You won’t have any viewers.
In the case of public websites, WooCommerce shops of blog sites, viewers just have the permission to view your web pages and content.
If your website allows guest comments, they can leave comments of your blog posts.
By converting your viewers through inviting them to subscribe to your website, you can increase your subscribers and therefore, the regular users.
If your website is a single-site installation, there won’t be any explicit super-administrator for your WordPress site. Super-admin is the user role that is essential for the multi-site networks.
A super-admin is the one that takes care of plugins, themes, users, content and more in multi-site WP installations.
Their dashboard looks very much like the administrator’s dashboard in WordPress.
When there is a super-admin in a network, regular administrators do not hold the power to handle installations and deletion of crucial components in their sites. The task becomes a responsibility for the super-admin in this case.
Custom User roles
As we know that WordPress is highly flexible, developers can enable more user roles in your WordPress websites if you will need. There are a few plugins, with which, you can add more user roles to your website.
Each custom role with have a particular set of permissions. The people with that user role will hold the right to act according to the assigned permissions, thereafter.
If required, you may take help of the experts at 24x7WPSupport to enable custom user roles in WordPress for your website.
How to Manage User Roles and Permissions Effectively in your WordPress website / Shop?
Here are a few tips to manage permissions and user roles in your WordPress website:
- Always assign the level of access rights as per the need of each user in your website;
- Always have one or very less administrators in your website;
- Limit the number of editors in your website;
- Only if needed, introduce extra user roles through plugins or custom code.
The Final Word
Handling the access rights for your WordPress website is essential, in order to maintain the authenticity of your organization. Use the user role assignment ability to control the privileges of your people, and thereby, improve the safety of your content. By managing the user roles well, you can take care of how things go online in your website/shop.