Did you know that you can give other people access to manage your site? By using WordPress user roles, you can collaborate with people safely and easily, assign different access levels to your site and the content that lies within.
In this article, we will cover how WordPress user roles work and how to configure them on your site.
WordPress User Roles
So – what are WordPress User Roles and what are they used for? As the name suggests, it is a built-in user management feature on your WordPress site. You can define what actions users can and cannot perform, and group them under roles. So, a specific role can be assigned with specific site management privileges.
WordPress provides six default user roles to give you more power over your site’s management. Let’s get to know them better.
The super administrator role only exists when the WordPress multisite feature is enabled. They are in charge of overseeing all site administrators and the multisite network.
They can manage and change everything – from creating and deleting sites, to controlling the content, themes, plugins, and profiles.
When the Super Administrator role is enabled, the regular administrator’s privileges are reduced. They can no longer install themes and plugins but can choose to activate or deactivate them.
Administrators have the full power to not only manage your site’s operations but also assign other roles.
They can create, delete, review, edit, and publish content, manage plugins and themes, even edit code. This role also has the authority to customize other user roles.
You can be your own site’s administrator, or appoint someone else. However, be careful if you want to assign this task to others. It’s critical to choose someone that you trust.
Editors have full access to manage all of your site’s content and its attributes.
They can create, delete, review, and publish their own posts as well as ones created by other authors. Editors can also manage comments, post categories, and links. Users with this role usually supervise authors and contributors.
Unlike editors that have full control over the whole content section, authors only have full control over their own posts. They have the authority to create, edit, delete, and publish their own posts. Additionally, they can edit their own user profile.
Similar to authors, contributors are capable of creating and editing their posts and profiles. The main difference between the two is that contributors cannot publish their posts.
This role can only read posts and manage their personal profile.
Basically, all visitors can read posts without being assigned as a subscriber. However, you can encourage users to become subscribers by offering access to special content that can only be viewed by them.
Specialty User Roles
Above we’ve covered the default user roles included in every WordPress installation. But there are many more that could be added to your site as a part of a third party plugin. These are typically very niche, so we’re not going to go into detail, but it will give you an idea of what roles you might run into. So let’s take a quick look at a few of the more common specialty user roles.
eCommerce: Customer, Shop Manager, Shop Accountant, Shop Worker, Shop Vendor
Forum: Keymaster, Moderator, Participant, Spectator, Blocked
LMS: Student, Instructor/Teacher
Custom: You can create your own custom user roles with a role manager such as the free User Role Editor plugin.
Things to Do Before Setting Up User Roles
There are some good practices you should follow when deciding to set user roles.
Backup Your Site
It’s crucial to backup your WordPress site first before making any changes. Not only can you restore the database from your hosting server, but also upload the backed up file from your local disk whenever needed.
If the transition to multiple user roles causes any issues or security threats you can easily restore your site to its previous state.
Appoint Appropriate Roles
You need to consider the user privileges before assigning the roles. Choose what users can and cannot do.
Ask yourself, “Do you trust the users?”, “Are they going to write, review, edit, publish or maintain your WordPress site?”, “Will they have full control or partial control over your WordPress site?”, etc. Then, you can start authorizing the roles.
By doing so, controlling the workflow and each user role becomes a breeze. Moreover, you’ll rest assured knowing that your site’s operation and management is in the right hands.
Best Practices to Configure User Roles
There are a few ways to manage your WordPress user roles.
Manually Add Users from Your WordPress Dashboard
Follow these steps to add, edit and delete users from your Dashboard:
- Once you log in to your Dashboard’s admin area, select Users and choose the Add New option.
- Fill in the form with the new user’s personal details, password configuration, and designated role. Then, click the Add New User button to save it.
- Once added, you can edit or delete the user by selecting All Users from the dropdown menu.
Automatically Add Users from a Form
Rather than manually adding users to your WordPress site you can enable a registration form. There are many reasons you may want to allow users to self-register such as a public forum, an e-commerce store, a social network or a premium membership based site. How you add your form and the options available will depend on the plugin.
For example, bbPress includes a shortcode [bbp-register] to add a registration form to any page.
And in WooCommerce, you can add a registration form to the Account page and/or to the Checkout by simply enabling the option (under WooCommerce > Settings > Accounts & Privacy and then in the Account creation section).
But for the most part, default registration forms will not give you many customization options. To get more control over the user roles you’ll have to use one of following methods.
Manually Modify Code on Your Template File
If you want to have more options when configuring user roles, tweaking and tuning your WordPress site’s Template File is the answer. Modify the roles by inserting code functions to your functions.php file.
WordPress offers five code functions to customize user roles and their capabilities, those are:
- add_role() – to add a role
- remove_role() – to remove a role
- add_cap() – to add a capability to a certain role
- remove_cap() – to remove a capability from a certain role
- get_role() – to get insights about a certain role’s capabilities.
When writing the actual command, you’ll need to additionally fill in:
- role – the name of the role
- display name – what will be the role’s name on the WordPress dashboard
- capabilities – the privileges the role will have. If you want to add multiple capabilities, you’ll need to use an array.
As an example, let’s add a role named Publisher, that can publish posts and pages:
add_role('publisher', __( 'Publisher'), array( 'publish_posts' => true, 'publish_pages' => true, ) );
Visit the official WordPress codex to see the available capability lists.
To start using the code, follow these steps:
- Once you’ve structured the code snippet, head over your admin area and open the Appearance menu.
- Click the Theme Editor from the drop-down menu, select the theme that you want to edit, and open your functions.php file.
- Paste the code snippet to the bottom of the file.
- Finally, click Update File.
Be careful with the code snippet, because it can cause issues if written without proper syntax.
Use a User Role Plugin
While manually customizing WordPress user roles through code gives you the most control, it can be risky if you don’t have coding skills. Alternatively, you can just use a plugin like Capability Manager Enhanced.
Not only does the plugin allow you to configure the default WordPress user roles, but it also adds custom user permissions based on your needs.
Once the plugin is installed and activated, you can customize the user roles from your WordPress dashboard. Click the Users menu, and select Capabilities. Then, you’ll see an editor that will let you set up the role and add the capability.
Tips on Effectively Using the User Roles Feature
While user roles are incredibly useful when collaborating with multiple people on your site, it is inherently less safe. A simple accident, like leaving a password saved on a public computer, can cause major issues. Here are some things you can do to keep your site safe:
- Use plugins – this lets you easily manage the user roles whenever changes are needed, or even force log out users with the help of a security plugin (like All in One WP).
- Limit the number of users with privileges – keep access to your site’s control exclusive. Take the time to decide which user really needs what capabilities.
- Unassign suspicious users – to avoid website abuse, brute-force attacks, and other hacking attempts, it’s best to remove long-inactive users or those who are repeatedly trying to log in unsuccessfully.
If you apply these tips, we believe that your site’s user management will be safe and sound.
WordPress’s default user roles are quite beneficial to maintain your site’s operation. You can assign up to six different roles, namely:
- Administrator – fully manage the site’s maintenance and content
- Editor – fully oversee the authors and content management
- Author – is only responsible for their own posts
- Contributor – is only able to create and edit their post’s content
- Subscriber – is only able to read posts
- Super Administrator – fully manages a WordPress multisite network
Make sure you have backed up your site and considered the appropriate roles before officially assigning the capabilities.
You can add, edit, and delete users from your Dashboard’s admin area. To do so, go to your WordPress Dashboard → Users → Add New.
Additionally, you can manually customize the roles by modifying your theme’s functions.php file.
However, customizing user roles using a WordPress plugin can be a better option. We recommend the Capability Manager Enhanced plugin to add, remove, edit, and customize user roles with a few clicks.
Lastly, remember to always limit the number of user roles and unassign suspicious users.