5+ WordPress User Roles: Prevent People from Wreaking Havoc

Cynthia Bartz • September 6, 2016

About WordPress User Roles

If you have multiple WordPress users it is important to set your user roles to the right level of access. For example, if you have a business that regularly posts guest blog posts on your website, you don’t want the guest posters to be able to change your pages and move your menu items around. To make assigning user roles easier, I’ve created these a detailed, non-techy descriptions of the different user roles in WordPress for you.

About the Screenshots

The screenshots of the different WordPress user roles are for reference only. Your individual dashboard may look different depending on your particular theme and the plugins you have installed.

WordPress User Roles

Subscriber

Subscribers are the lowest level of access. WordPress sets this as the default role for new users. I view this role as a placeholder role as it is not super useful.  A Subscriber role is just for logging in. Subscribers will not be able to read posts, edit, create, or do anything other than possess a profile in the WordPress Admin. There might be some plugins that use this role, but so far I haven’t found a use for this role in the WordPress user roles.

Subscriber Capabilities:

  • Read publicly posted content
  • Basically none
e6d3b754-c36a-4c6e-be28-eec2bf0c96fa

Contributor

Contributors are able to create posts, but not publish them. And they can edit their own posts. Note: contributors CAN NOT upload files or add images to posts.

Contributor Capabilities:

  • Add and edit their own posts
  • Read posts of others
contributor wordpress user role dashboard

Author

Authors are the next level up. While Authors and Contributors are similar, their biggest difference lies in an Authors ability to publish posts and upload images and files. Remember, you can always change a user’s role if you need to. So, if you’re not sure what level of access someone needs, I would make the user a Contributor and promote them later if you need to.

Author Capabilities:

  • Add and edit their own posts
  • Read posts of others
  • Publish their own posts
  • Upload files, images, videos, etc.
Author WordPress User Role Dashboard View

Editor

The jump in access from Authors to Editors is significant. Editors can edit their own posts, just like Authors, and they can edit other people’s posts. Editors can also create pages. While Editors have a lot more access, they are still limited because they can’t make updates to the site or install plugins. I consider Editors to be the masters of content.

It is important to note that your Editors will be limited in what they have access to. And that is OK. But, if you’re ever asking them to do something and they tell you “I don’t see it,” it’s probably because they don’t have that level of access. I’ve had this happen to me more than once.

Editor Capabilities:

  • Edit, delete and unpublish pages other users create
  • Edit, delete and unpublish posts other users create
  • Add, edit, delete, publish and unpublish pages they create
  • Add, edit, delete, publish and unpublish posts they create
  • Moderate comments
  • Read private posts and pages
  • Upload files, images, videos, etc.
Editor WordPress User Roles Dashboard

Administrator

Administrators have complete access to the website. They can create new users, remove users, add content, make changes to the website display settings, change themes, add plugins. Basically everything. Administrators can do everything you would expect them to be able to do. Administrator is the highest role anyone can have with multiple WordPress users. If Editors are the masters of content, then Administrators are the masters of the website.

You can have multiple Administrators. You don’t have to pick only one person to have master access. The roles tell WordPress what each user has access to, not who has control. For example, you and your business partner might both be Administrators. If you login and change the name of your website, there is nothing to prevent your partner (or any other Admin) from changing it to something else. I’ve never had this be a problem, but it highlights the importance of giving each user the right access level.

Administrator Capabilities:

  • Edit, delete and unpublish pages other users create
  • Edit, delete and unpublish posts other users create
  • Add, edit, delete, publish and unpublish pages they create
  • Add, edit, delete, publish and unpublish posts they create
  • Moderate comments
  • Read private posts and pages
  • Upload files, images, videos, etc.
  • Change menus & widgets
  • Edit theme settings
  • Add, activate, update and remove themes
  • Add, activate, update and remove plugins
  • Import content
  • Export content
  • Add, edit and remove users
WordPress User Roles - Administrator View

Other Roles

Some plugins will add additional roles as options for your users. WooCommerce, for example, adds two WordPress user roles: Customers and Shop Managers. I’ve provided information about these roles below, since they are the most common added roles. Other plugins might add other roles that aren’t listed here. You will need to look at the documentation for each plugin to figure out the level of access each role provides, as well as who on your team might have that role.

Customer

Any time people make purchases from you or create purchasing accounts within your store, they become customers. Customers will not login to the backend or WordPress Admin of your website. Their login is exclusive to the store that is open to the public. The purpose of this login is to give them access to order and account information.

Customer Capabilities:

  • Read publicly posted content
  • View past and current orders
  • View and Edit Account information

Shop Manager

A Shop Manager is essentially the same as an Editor. The main difference is that the Shop Manager will also have access to the WooCommerce features, such as: products, shop settings, etc.

Shop Manager Capabilities:

  • Edit, delete and unpublish pages other users create
  • Edit, delete and unpublish posts other users create
  • Add, edit, delete, publish and unpublish pages they create
  • Add, edit, delete, publish and unpublish posts they create
  • Moderate comments
  • Read private posts and pages
  • Upload files, images, videos, etc.
  • Manage all woocommerce settings
  • Add, edit, delete, publish, and unpublish products
  • View all WooCommerce reports
Links to Techy Stuff

Here are links to more information about user roles from WordPress. Warning, these articles tend to be techy and have lots of language directed at developers.

Read More: WordPress User Roles & Capabilities

Read More: WooCommerce User Roles & Capabilities

Summary

By setting your user roles with intention you will protect your website from people who might do your website harm, on purpose or not. It might not seem important to think about in this moment, while you are still growing your business. But I believe that you are building something awesome, and that something is going to be big enough to need employees and writers and developers to help you manage it.

WordPress User Roles are Confusing.

Not sure what role your users should have? If you make everyone an Administrator, you will probably get in trouble. Sign up to get information every week on how to improve your website and branding.



Save

© 2016 CB.Graphics. All Rights Reserved.