Bluehost Blog
Blog Menu
Websites 14 Mins

What WordPress User Roles Are and How to Manage Them for Your Website

I write and curate content for Bluehost. I hope this blog post is helpful.
Are you looking at creating a blog, website or an online store? Bluehost has something for everyone. Get started today.

WordPress User Roles

When your business starts to grow, so will your team and those who need access to your WordPress website. 

You might want to offer subscriptions to users on your website or find contributing bloggers to post content. A manager would need access to plugins, while an intern can help moderate comments. 

This is where WordPress user roles come in. 

WordPress empowers you to assign roles to specific users on your website. Each role has set capabilities, which you can also alter. You can even create custom roles. 

While you might want to give everyone the same WordPress user permission, it’s not a good idea. Plus, you would overlook a tool that can help your website function better and create a smoother workflow process.

Understanding WordPress’s multiple roles and access levels will help you manage your website more efficiently and keep it more secure. 

In this post, you’ll learn:

  • What WordPress user roles are
  • The five common WordPress user roles
  • Why WordPress user roles are important 
  • What are the different capabilities for each role are 
  • Which WordPress roles and capabilities plugins to use
  • Best practices for managing users with WordPress roles
  • Customizing user roles in WordPress user management
  • Creating custom WordPress user roles

WordPress User Roles 

A user role is defined by a set of tasks that a specific role is given permission to perform. There are six pre-defined WordPress user roles

  • Subscriber
  • Contributor 
  • Author
  • Editor
  • Administrator
  • Super Admin

An administrator has access to all the possible website tasks, while a subscriber only has the ability to read the website. Each role has a set of tasks, or capabilities, like the ability to delete posts, publish pages, update themes, and add users. 

WordPress also empowers you to add or remove roles and capabilities. You can do this manually or through various plugins. 

The Five Main WordPress User Roles

WordPress is designed with five main user roles built into the software. Each role comes with its permissions. 

1. Administrator

As the administrator, you’ll have full permissions on the WordPress control panel. You’ll be able to publish, edit, and delete:

  • Blog posts 
  • Webpages 
  • Themes 
  • Plugins 
  • Code 

Administrators are also in charge of updating the permissions and roles of other users.

If you’re the website administrator, you’re running the show. This role is usually reserved for the website owner, who usually has a thorough understanding of how WordPress works. 

The administrator gets a lot of responsibility, so it’s vital that you only give administrator permissions to people you trust with your entire website. 

You may have come across the term “Super Admin.” However, a Super Admin is only an appropriate user role option for the Multisite Network mode of WordPress. 

Some companies manage multiple WordPress websites. The Super Admin role is reserved for the user who has administrator permissions across all of them.

2. Editor

The editor has many permissions and is like the second-in-command to the administrator. For example, a user with editor permissions can publish, edit, and delete blog posts and website pages.

However, unlike administrators, editors can’t change core components of the website, such as the theme, plugins, or users. 

If you have an assistant website administrator at your company, this may be a good role option for them.

3. Author

An author has minimal permissions but can do enough to run your website’s blog. This user role can edit, write, publish, and delete blog posts.

If your company has hired an external content publisher, consider giving them author permissions. This way, they can run your blog daily without having access to the rest of your website.

4. Contributor

Contributors have minimal user permissions, but, as the name suggests, they can add new posts to the website’s blog. In addition, contributors to the blog can write, edit, and delete posts. However, they cannot publish them.

The contributor role permissions are suitable for the website’s writers. This way, the author, editor, or administrator can approve upcoming posts before publication, editing or deleting them as they see fit.

5. Subscriber

The subscriber is the default user role with the fewest permissions. As a subscriber, your only permission is to read the content. 

For blogs with an active, engaged following, this WordPress user role is a useful option that lets users create a username, comment on posts, and interact with other members.

The Importance of WordPress User Roles 

It can be a simple task to manage your user roles if only a couple of people need access to the website, or it can be a challenge if you run an extensive blog or eCommerce store. But anyone with a WordPress website needs to learn how to manage user roles. 

Assigning roles helps to manage efficiency. It can also create a structure for workflow. If an author posts a blog, then an editor can read it over before it’s published.

Familiarize yourself with all the capabilities of user roles to help with task delegation. You’ll get a better sense of what tasks should go to whom and what access employees need for their job. 

If an employee is savvy with design, then they might benefit from the ability to edit or change the theme. Or you might want another employee to manage users on your website, and they’ll need the ability to add and edit users. 

Another reason to monitor WordPress user roles is security. Not everyone in your company needs access to every part of your website. Know who has access to what to keep your website secure. 

User roles also can prevent mistakes. Someone with too much access might accidentally tamper with a feature that could lead to a problem on your website. Be proactive, and assign user roles accordingly. 

Capabilities for WordPress User Types

Each user role builds on one another, with more WordPress user permissions added to each level. Every function has multiple capabilities, with subscribers having the least access. 

When you add a new user to your WordPress dashboard, you can choose their role, which you can edit later. 

So, what can each WordPress user role do? 

WordPress Subscriber Role

Subscriber is the most basic user role. Subscribers can only read posts, which anyone can do without being a subscriber. 

If you offer subscription-based or members-only content, users can create profiles on your website and log in to specific areas. This role is also used to log in to comment on posts. 

Subscribers will also have the ability to update their user profile. 

WordPress Contributor Role 

Contributors can add new posts and edit their posts. But they cannot delete or publish posts, including their own. They’re also unable to add images or media files to their posts. 

A contributor might be a good option for a one-time guest blogger or a new author. 

WordPress Author Role

Authors can write, edit, publish, and delete posts they wrote. They can also upload files. But they are not able to edit other users’ posts or pages. 

Authors can also tag posts and assign them to categories but cannot create new categories.

WordPress Editor Role

An editor has more access to each post, with the ability to edit, publish, and delete posts and pages. They can manage categories, links, and comments. They can also create and edit blocks. 

Editors mostly oversee content and not website management. 

WordPress Administrator Role

Administrators (admins) have access to all parts of a website. They have all the permissions of the previous roles. 

Admins manage the website and can switch themes and add plugins. Admins can also manage users and edit them. They can also delete a website.

WordPress Super Admin Role

The Super Admin role is only applicable to those with WordPress multisite networks. Like an admin, they have full access to the websites they oversee. Super Admins can create and delete websites. They also manage the network, including the websites, plugins, users, upgrades, setups, and themes. 

If you only have one WordPress website, you inherently are the Super Admin.  

Create WordPress Custom User Roles and Capabilities

The default user roles are functional for most WordPress websites, but some websites might need to change the parameters for specific roles. WordPress custom roles help you tweak preset roles into those that better suit your website.

You can change existing roles manually by coding, or you can also use plugins on WordPress to edit roles and create your own roles.

Managing and Creating Roles and Capabilities With Plugins

Here are some popular plugins to manage WordPress user roles: 

Each of these plugins has features that help manage user roles. For Example, PublishPress Capabilities lets you assign WordPress user levels to each role, and Advanced Access Manager gives you the ability to edit a user’s backend menu.

New Capabilities and Roles From Other WordPress Plugins

Other popular plugins like WooCommerce and Yoast add capabilities and roles to your website. WooCommerce provides new user roles, including Customer and Shop Manager. Yoast adds SEO Manager and SEO Editor to your dropdown of roles. 

These extra roles come with new capabilities and access to the plugins on the website. Stay aware of the new roles offered by specific plugins so you can make the best use of its features.

Best Practices: WordPress User Management 

Here are a few tips that will help set you up for success when you deal with WordPress user roles. 

Start With User Roles That Have Less Access

While it might be easier to give everyone the same level of access, that could backfire. Be mindful of who has access to what parts of your website. 

It’ll be easier to start an employee with less access. Later, if you need to upgrade their capabilities, it’s a conscious choice, and you can keep track of their new permissions. 

Assign Admin Roles to Only Essential Personnel

An admin role is essentially the master key to your website. Only give it to the people who need it. 

Update User Roles When Employees Leave

Don’t forget to remove access if someone leaves your company. Don’t let anyone harm your website or leave someone access to your company’s backroom. 

How To Add and Remove Capabilities From Existing WordPress User Roles in WordPress User Management 

You’ll have WordPress user management permissions if you are the website administrator. 

Customizing the permissions of all other users can be helpful when you have a team member who doesn’t take on new responsibilities and needs access to specific control panel areas. It’s also a helpful way to manage a fully remote team.

Here’s a step-by-step guide demonstrating how to edit specific permissions for your users using the User Role Editor plugin:

  1. In the left panel of your dashboard, select Users > User Role Editor. 
  2. In the User Role Editor plugin, choose the user you want to edit from the dropdown menu. 
  3. You’ll see the user’s full capabilities. If the format is challenging, select the option “Show capabilities in human readable” form.
  4. Scroll through the user’s permissions and check or uncheck the box next to the relevant permissions.
  5. Select Update when you’re ready to finalize your choices.

And that’s it. The user should immediately have access to their new permissions.

How To Create a Brand New User Role in WordPress User Management

In some cases, you may wish to save a template of a new type of WordPress user role. 

For instance, let’s say you have a team of blog editors who need access to editing user roles so they can add new contributors to the team. However, you don’t want these editors to have full access to the website’s plugins or themes.

Or, let’s say you hire a series of external freelance SEO consultants. You may wish to create a specific user role for these consultants that give them permission to edit posts but not publish or delete them. 

To save this new role template in your system, we recommend creating a new custom user role. 

This process can also be done within the User Role Editor plugin:

  1. In the left panel of the WordPress dashboard, select Users > User Role Editor.
  2. Find and select the option Add Role in the right-side panel.
  3. Write an ID and Display the Role Name. This is the name of the user role type.
  4. If you want to start with permissions from an existing role, head to the “Make copy of” dropdown menu.
  5. Edit the capabilities for the new role using the boxes next to each permission.
  6. When you’re satisfied with your choices, click Update.

Once you’ve completed these steps, your new user role should be ready to use and appear in the available user roles list when you register a new user. 

WordPress New User Registration

WordPress New User Registration isn’t automatically available on WordPress websites. If you need users to be able to register themselves as “subscribers,” you have to follow a short series of steps in your WordPress dashboard. 

  • Head to Settings > General in WordPress admin.
  • Find the Membership section.
  • Check the checkbox next to Anyone can register.
  • Select a default user role. Most administrators prefer to use the subscriber role as this has the smallest set of capabilities. However, you can also choose any other WordPress user roles, including customer user roles you have created yourself.

Once this option is set up, you can invite readers to join the community. 

Creating a WordPress New User Registration option for your readers can be helpful for many reasons, including to

  • Encourage a readership community.
  • Create user-only private content to improve customer retention.
  • Permit comments and discussion. Users make 77 million comments every month, so empowering your audience to do so is a great way to tap into this ready-made customer engagement.
  • Monitor your loyal readers or customers for eCommerce websites.
  • Show off your following by displaying your user count
  • Improve your employees’ work experience by ensuring they can access everything they need. 

If you dislike the idea of users creating their accounts, keep this box unticked. 

Instead, the Administrator will be the only one who can access complete WordPress user management and add new users. While this can be more secure in practice, it can prove tiresome and unnecessary for some companies. 

Consider Giving Yourself More Roles 

You can still create multiple roles if you’re the only one managing your WordPress website. For example, if you create a separate editor or author account, you can still manage posts and keep your admin duties separated. 

Various user roles also add another layer of security if one of your roles gets compromised. 

WordPress user roles and permissions make it easier to run your website. Assign roles and know what capabilities are designated to each employee to help your workflow and control security. 

WordPress makes it easy to assign roles and choose what level of access to grant each user. Using WordPress plugins can also help create custom roles that help your website’s functionality.  

Don’t forget to keep capabilities updated and assigned to only those who need that level of access. 

Learn more about the different capabilities and create custom user roles in WordPress to help grow your WordPress skills. 

Are you ready to enhance your WordPress hosting? Get started with a Bluehost hosting package today.

More articles about Websites

  • Tiffani Anderson

    Tiffani is a Content and SEO Manager for the Bluehost brand. With over 10 years experience across all facets of content and brand marketing, she strives to combine concepts from brand marketing with engaging content through the lens of SEO.

    Education
    University of North Texas
    Previous Experience
    Content Marketing, SEO, Social Media

Write A Comment