WordPress user roles lets you to manage your users and control how they interact with your site. This allows you to limit or grant as much access to your site and your site’s functionality as required for a given user.
WordPress comes with five built-in user roles. In order from most access to least, the roles are:
- Administrator
- Editor
- Author
- Contributor
- Subscriber
Capabilities
Each user role comes with a set of defined capabilities. For instance, a user with the administrator role has full access to your site. They can edit any content, add/delete users, install plugins etc. A subscriber, on the other hand, is limited to Read Only capabilities. That is, they cannot edit content, users, plugins etc. on your site.
Here is a brief rundown of the capabilities of each role:
Administrator – Full access to read/write all content, upload files, install/activate/deactivate/delete plugins, add/delete users.
Editor – Can edit, create, publish, delete their own posts as well as others’ posts. Cannot manage plugins or users.
Author – Users with this role can read, create, edit, and delete their own posts.
Contributor – This role can read, edit, and delete their own posts, but cannot publish posts.
Subscriber – Read only capabilities.
There is one additional user role defined for WordPress multisite, the Super Admin role. This role is similar to the Administrator role, except it has full control over the network of sites on your multisite installation.
Assigning the Appropriate User Role
If your website has multiple users, you want to be sure to grant the appropriate access for each user. User roles can be assigned manually when adding a user to your website or you can edit an existing user to change their role. Also, if you have enabled registrations on your site, default user roles can be assigned under Settings->General.
Below are a few scenarios for assigning user roles.
Scenario #1
You have users of your site you want to be able to add blog posts and edit their own content. However, they should only be able to edit their own content, not others.
Appropriate Role: Author
Scenario #2
You allow users to register for your site to read “member’s only” content. They can post comments to your site, but should be denied all other access.
Appropriate Role: Subscriber
Scenario #3
You need someone to moderate your site. They need to be able to approve posts prior to being published, edit/delete content, and moderate comments. However, they should not have access to plugins or users.
Appropriate Role: Editor
WordPress user roles is a powerful feature for managing your website’s users. With this overview, you should have a better idea of how user roles work and the capabilities granted to each, allowing you to assign the correct roles to your users. This will help keep your site secure while granting the appropriate privileges to your users to be able to perform the necessary functions within your site.