Granting the right user roles is a key for securing a website against errors caused by user’s lack of knowledge in certain areas of a WordPress site.
User roles define a set of capabilities for users. In other words, user roles state what users can and can not do with your site. In a WordPress site, there are five default user roles with a predefined set of permissions. Such as creating and editing posts, managing themes, or deleting unwanted comments.
This article will explain how to create, customize, and effectively manage user roles as you grow and start adding more helping hands to your site. Plus, in the end, we will look into popular cases on when you should consider setting up different user roles for your site.
Built-in WordPress User Roles
By default WordPress offers 5 user roles:
Note: Users who have access to all capabilities between a multisite network are Super Admins.
WordPress User Roles and Capabilities
The most powerful role is automatically assigned to you when you create a website (most commonly assigned to site owners or developers). It gives full access to all settings, options, and features of WordPress.
The role that can manage all content sections (posts, comments, categories, and tags) also the ones created by other users.
This role is for users who create, publish and edit content. Compared to the editor, the author’s controls limit to their own posts only.
The contributor role is similar to the author’s - it allows to submit drafts for admins or editors to review, but does not allow adding media or publishing the content.
The role of a subscriber is for users who have registered to your site and subscribed for newsletters or updates. Allowing them to log in, update profile information, comment on posts, or even access exclusive pages or posts within your WordPress website.
Note: Be mindful about giving permissions to each role because it can easily make or break your page.
Around 70% of all sites experience downtime due to user role mismanagement
Comparing WordPress User Role Capabilities
The table below lists all the default WordPress user roles, starting from the simplest to more advanced options in comparison.
Let's compare the main differences between user roles and their capabilities:
Note: Some users can operate with all user posts, while some can control only their own.
Adding Custom WordPress User Roles
When it comes to creating a new role there are two different techniques, by plugin or by code.
First, let's look at how to add a custom role manually (you can create any role to fit your needs).
For example, let's create a Blog Moderator role, which will be able to answer or delete comments, and update or correct information within blog posts.
- Navigate to 'Appearance' in the WordPress admin dashboard;
- Click 'Theme Editor' and make sure you're in the selected themes 'functions.php' file;
- Copy and paste the following text at the end of the code:
add_role( 'Blog_Moderator', __( 'Blog Moderator' ), array( 'read' => true, 'edit_posts' => true, 'moderate_comments' => true, ) );
- Click 'Update file' to make sure to save the new settings;
- Navigate to 'Users' in the WordPress admin dashboard;
- Select a user and click 'Change role to..' and 'Change' to finalize.
Note: If you need help with ideas for permissions you can browse a list of user role capabilities.
WordPress User Role plugins
We've already told you how to create a user role manually, but there is a second option - plugins. Certain plugins have their own options when it comes to user roles. This is done to restrict user access to specific features and options.
As some websites require more specific user roles than the default WordPress set - different plugins offer different capabilities.
Visual Composer, for example, has a Role Manager addon to help manage user access to certain features within the editor itself.
Here are some WordPress User Role plugins we’d also recommend for effective user role management:
- User Role Editor by Vladimir Garagulya - let’s assign multiple roles to users, create new roles and delete unnecessary ones (one of the most popular plugins according to user ratings on WordPress.org).
- Members by MemberStaff - has all the features mentioned above, plus the seamless integration of roles from other plugins and access to all of the add-ons free of charge (block permissions, privacy caps, and others).
- PublishPress Capabilities by PublishPress - the plus about this plugin, is that it offers backups of previous permission settings and allows to regulate media library access for different user roles (allow access for contributors or restrict access for other roles of your choice).
- WPFront by Syam Mohan - this plugin helps migrate users between sites, clone user role permissions, and restores deleted roles, if needed (besides the main features all user role plugins share).
- Ultimate Member by Ultimate Member - a great plugin for managing user memberships, offering user e-mails, custom form fields, and allowing authors to add comments on user profiles.
Note: To maintain the security of your website, review user roles regularly. Remove any users who no longer need access to your site or update permissions so that they fit the role meant for the user.
Still haven't figured out if you need to set user roles?
Let's sum it up!
Times When to Use WordPress User Roles:
- Several people are managing your site (ex. developers, bloggers);
- When different teams manage different areas of your site (ex. shop, blog);
- In cases when you have guest authors writing for your blog;
- When you have team members with less technical skills (or still learning);
- You want to give your customers a less bloated WordPress interface (so they can easily change only things they need to change).
WordPress User Roles offer security for website owners, meaning less confusion for users and fewer mistakes, due to properly assigned roles.
Remember, roles are designed so users have access to the tasks, they are meant to perform on your site, simple as that.
As you can add new user roles, create custom ones, set roles in bulk, and of course, delete any role - WordPress User Roles are guaranteed to make your site's management run smoothly and efficiently!