WordPress User Roles and their permissions is an ultimate option provided by WordPress CMS to predefine user roles. These roles help to assign different tasks for running a multi-user website successfully. Such as you can assign users to edit, read, write, Comment moderation, WebPage designing etc.
It helps to ensure, the users have only permission to access the areas they were assigned and avoid any conflicts or breach any permission that could lead to damage to your Website.
Hence, it becomes an essential task to understand WordPress user roles and capabilities to run a website strategically and systematically. And due to streamlining workflow, your website will be more secure and controlled.
Within WordPress, you have already seen six user roles you can choose from. Whatever, the user role chooses, each one of them must have a specific area of permission and assigned task such as:
- To manage comments
- To write content
- To Design website pages
- To add new users and assign roles
- To install or remove plugins
- To checkout Spams and filtration
We usually ignore these WordPress user roles and their capabilities. But it is very essential to know all the roles to run a website successfully.
In this article, we try to bring you all the possibilities and a lot of customization options on WordPress User Roles. And you will be guided through How to set up User roles? How to grant permissions? How do create new user roles and define their permissions? and many more.
Before we get started, let us know what are the default user roles present in the WordPress CMS.
Let us get started!!
Six different types of default WordPress User roles
As you have seen how defining user roles in WordPress is an essential task. And what may be the possible consequences if ignored. WordPress assumes that your website has a whole team, who have been assigned different tasks and roles. And these default roles are mentioned below:
- Super Admin
While adding to assigning a new user role, you will usually find this option as shown below:
1. Super Admin
Usually, you won’t find a super Admin user role in your normal WordPress Installation. It is usually locked by default but gets unlocked while using WordPress Multisite network. The user who has been assigned as Super Admin role will have all the permissions and controls over the entire website and network admin features.
Super Admins have also the power to remove other Admins, hence it is highly recommended to be cautious while assigning an individual this role and to whom you can trust. Even they have the power to potentially impact your and other website’s whole business strategies.
They can even possess the power to create new websites, delete or create content on multiple sites, change or remove themes or plugins and on multiple site networks.
Points to consider for Super Admin role
- While controlling multiple websites on a multi-network, it is advisable that as a Super Admin role, you must try to organize and assign roles in a clean and simple manner.
- Do not ignore or forget to strengthen User security while installing WordPress. Because WordPress has been a favourite target for hackers and malware attacks.
- If you are running an Agency, it is for your convenience to assign each Client as Admin or other main roles of that particular website.
Since Super Admin is unlocked for Multisite networks. But if you are using a single website, by default you will be the Admin of that website after installation. You will have all the controls over a single WordPress site.
The Admin role is always meant for the website owner or the developer who has access to all the settings and options of the website. It is considered as the Guardian or Chief of your WordPress website.
Like Super Admin, the WordPress Admin has all controls such as, managing WordPress user roles, managing settings, handling security issues, edit posts and Webpages, etc. An admin can assign all these tasks to other users with limited permissions.
An Admin has the following Controls :
- Can update WordPress core files and access cPanel.
- Can Edit, publish or Write content for their blogs.
- Can Add, install or remove plugins from their WordPress website.
- Can manage, assign and remove user roles.
- Can customize, edit or add themes to the WordPress Sites.
Points to Consider for Admin role:
- You are highly advised not to assign more than one Admin user for your website. Because it can cause conflicts and the possibility of getting website security breaches.
- The Admin must keep updates all the WordPress core files, plugins and themes updated. To reduce the risk of hackers or malware attacks.
- Make sure the Admin uses Strong possible admin login passwords and Change Default username “Admin” to another strong name.
From the name itself, You might have got a clue that an Author in the WordPress user role has the right to write new content, Make Drafts and publish it. Usually, these types of roles are assigned to only those writers who are specially hired to write high-quality content only.
They granted a limited set of permissions within their specified area. The major roles that they have to perform and usually granted permission for editing, writing or removal of their content. But they cannot have access to other contents or settings.
Admins and Editors have all the powers to limit the permission for authors and they can only produce new contents and upload media. In addition to that authors can also edit and remove comments on their posts.
Whom you should assign author roles?
- Companies, who have hired authors especially for writing high-quality content on their official websites.
- News channels or Daily Magazines running companies should appoint their reporters as authors.
Points to consider for Author role
- For author roles, always try to assign your company employee who is genuine and trustworthy. Never give author rights to anyone randomly. After writing multiple contents for your blog, once they left the company they can delete all the contents under them.
- If any author’s tenure is completing, you must delete their id from your Author list and if they again want to work. You must change the author login passwords immediately.
In WordPress, an Editor holds a second higher position after admin roles. An Editor has total control over all the contents on the website. Editors possess the power to update, delete or create content on all websites, even their own contents and the contents produced by other authors.
An Editor can view, remove, edit, or approve comments if they found necessary. Their major roles include Content management, scheduling, Managing Authors and contributors. However, apart from these roles, an Editor does not have any right to removing Plugins and Widgets. Or changing website settings and users.
The only major role for an Editor is to Manage Content. And they review all the posts produced by authors as well as Contributors. It is highly recommended that, to not assign a role to contributors because it has some vital settings of your Website.
But if you assign them, it is possible that they can delete or alter your posts. So, it’s better you assign this second high position WordPress user Roles to only the most trustworthy and genuine person you know. If you are unable to find anyone, you can limit the permissions for that particular role.
Whom you should consider to assign Editor Role?
- The Editor role must be assigned to the most trustworthy person of the Admin. Because it is 2nd highest position after Admin role.
- These Roles are mainly handled by the company’s content marketing managers.
- If the Website is on small scale, an Admin can do both the jobs ( Admin role as well as Editor role).
Contributor WordPress user role is a form of author role with some restrictions. It means, a contributor can write and edit the same blogs but they have no right to publish them or delete them after being published. Once the contributor did writing they left the blog in the draft, for admins or editor to review it before publishing.
It is also to be noted that, a contributor has no access to media files from WordPress. It means they cannot upload or use media files in the content they are contributing.
It is one of the safest WordPress user roles, that you can assign any writer, who can only write for you. Since, they have no admin rights or permission such as editing or altering web contents, Uploading media files, installing plugins or change user roles.
Also, a contributor has no control over comments on posts. They cannot edit, remove, or approve them.
Whom you should consider assigning Contributor WordPress user role?
- Guest writers, who want to write articles or blogs for your website.
- Beginners who have just started their career in content writing and required too much editing.
Subscriber WordPress user role has one of the least permissions in WordPress. It is by default assign to all the new site users. A subscriber role is only limited to create WordPress profiles and read or write comments. They do not have the rights or access to make any changes on the website.
You can better understand it as, your regular social media subscribers, where you can only follow users and comment or likes on their posts.
Having a Subscriber user role on your website increases your website’s loyal fan base. When you moderate privileges’ to create a WordPress profile, it helps them to comment on your posts without entering their credentials each time. And the whole process becomes smooth and easy for them.
With subscriber list, you can even send them regular newsletters and notify them about your new posts.
Whom you should consider assigning Subscriber WordPress user role?
- Regular Website visitors, so that they can create profiles and read or write comments on your posts.
How to Add a new WordPress user role?
Default WordPress user roles are basic and in most cases enough to offer responsibilities to users which are required by a website. But still, in some cases, you will be required to assign a new user role with different permissions, that are not present in default WordPress user roles.
For example, in an author role, he/she can delete the contents or posts of the website. Which can be potentially harmful to any website. But by customizing its roles and permissions you can restrict their actions by using either WordPress user role plugins or doing it manually.
Create or Add WordPress roles Manually
To begin to Add New or customize existing user roles or adding new ones, you must have admin privileges user roles. The manual adding user roles is a simple streamlined process, which you will see below:
To begin the process, First of all
- Log in to your WordPress Admin, by providing your Username and password.
- Go to the dashboard, and on the left-hand side, look for the Users menu option and click on it. You will have three options to choose from. As shown in the picture below:
3. Click on “Add New” option to add new WordPress user roles.
4. In the ” Add New User” window, fill up all the necessary credentials, such as Username, Email address, Name, Website, Set language, select Role and Choose a strong password. Once you are done filling in the required details, check the Send user notification box and hit on the ” Add new user” button.
For creating multiple WordPress user roles, Repeat the whole process again and again.
How to Create Custom WordPress User roles?
Since WordPress is an open-source platform. It also lets users remove default roles and create custom roles. Although, there are some plugins are available to let you make custom roles. But still, if you want to use the manual customization method, just follow the steps given below:
To start the process, let us assume we are going to customize a new role for the client. Who can read, edit and delete posts? For this, you will need the following code to add to your child theme function file./* Add a custom user role to the site * https://codex.wordpress.org/Roles_and_Capabilities * */ $result = add_role(‘client’, ‘Client’, array( ‘read’ => true, ‘edit_posts’ => true, ‘delete_posts’ => true, )); /* remove the unnecessary roles */ remove_role(‘slug name of role to be removed’);
Note: If coding and doing it manually is not your thing. It is better you choose WordPress plugins or hire a WordPress professional to do the job
How you can see WordPress User roles assigned and their capabilities?
After assigning a WordPress user. At some point, you might be checking out the assigned roles and capabilities of Users. As some of them were assigned before you.
To check users, just follow these simple steps:
- Login in to your Website’s Admin page.
- Look out for “Users” menu option in the left hand side of WordPress dashboard and click on “All users” option.
3. As shown in the picture above, you can see how All users can be easily seen on a single page and their roles are mentioned just right of the User’s email.
From the above instructions, now you can easily view all the assigned user’s roles and if you want to make changes in the roles follow these steps mentioned below:
How to change or reassign WordPress Users’ roles?
You can easily edit or change WordPress user roles by following steps given below:
- Do all the login processes and open your WordPress dashboard.
- Open Users menu > All users.
- Hover over the user, whom you like to change its role. And click on the edit option as shown in the picture below:
4. Once you click on the Edit option, a new window will open showing all the fields which you like to change such as, Username, Roles, name, etc.
5. Change the name and role if required, hit on save changes button.
Now you are done with adding and editing a WordPress user. The next thing you should know how to remove a user.
How to Remove a WordPress User role from WordPress?
There are certain situations such as You hired a temporary Content writer and his/her contract is over. You need to remove their roles from your WordPress site.
TO remove roles and their permissions, you need to follow the given steps:
- Follow the log-in steps as mentioned previously.
- Open Users menu > All users.
- Hover over the list of users, whom you will gonna delete. and select the delete option just next to Edit.
- Once you click on the Delete option, it will be removed from your WordPress site. And the user will get notified via email.
Please note that, you cannot delete site admin unless or until you are a Super Admin.
How to Protect WordPress from suspicious activities and make User roles secure?
Protection of your WordPress from hackers and malware attacks is very important. Especially, Hacker’s most favourite and the most vulnerable target is the Admin login page.
Not only the hackers, even an evil employee who has been assigned a WordPress user role can bring the Website down. Hence, to protect and make your WordPress site secure, you must follow these measures.
Increase Password Strength
It is one of the most basic and primary measures one should always consider while creating a password. Because the more powerful password, you have the tougher it will be for hackers to guess.
For creating a strong password, it is highly recommended to use a combination of Upper case, Lower case, numbers and other two special characters.
Restrict multiple login attempts
Most hackers use the Bruce attack method in which they use the trial and error method to get access to the WordPress Admin page. Unfortunately, WordPress does not have this feature in their system by default.
To implement this feature you need to install a WordPress plugin that can determine multiple failed attempts by different usernames and IP addresses.
Once the hacker had attempted a predefined number of failed login attempts. The IP address will get blocked immediately and further login attempts.
Restrict User role permissions
To avoid user role security and the risk of Website getting down. You must assign users the only roles they are capable of. Specify their work field and limitations to avoid conflicts. i.e If you assigned someone to write articles, he/she must write their own article only. Not editing or deleting the other author’s post.
Use two factor- Authentication method
This method has been newly introduced and showed remarkable results in avoiding bot attacks. In the two-factor authentication process, a user will be asked to verify two times on two different channels to gain the WordPress admin page access.
This feature can be implemented with the help of WordPress User role plugins. And it is better for Admin and Editor the two main User roles should use.
Restrict Devices to login WordPress admin login page
By restricting certain devices to get access admin login page. It helps in providing an extra layer of protection and strengthens the overall security of the website. If the hacker is not using that particular device, it will be tough to breach security and do login attempts.
Get shielded from Session Hijacking
Session Hijacking is one of the most common methods practiced by hackers. Because as a user, we do not regularly check our browser Extension updates and security patches. This negligence can be boon for hackers. And they hack dead browser extensions to get through WordPress session cookies to carry login details to start doing malicious activities.
Some Best WordPress User login Plugins you can use
As you have seen, there are two options by which you can use custom user roles. One is by using the manual method ( which we have discussed earlier in this article) and another is by using WordPress User log plugins.
It is one of the simplest methods to have custom user roles on the WordPress site.
Let us check out some of the best WordPress user role plugins mentioned below:
WPFront User Role Editor
WPFront User Role Editor is widely used by users to add, edit or customize user roles and permissions on your WordPress website. Its easy and simple UI and Some exclusive features make it special from other available plugins.
Easy Migration of user roles from one user to another is smooth and easy. Which you won’t find in any other WordPress user role plugins.
Another amazing exclusive feature is redirecting users to their specific user role pages directly after login. For example, If you assigned a user an author role, they can directly be redirected to the posts page.
Let us check out what it has to offer:
Some key Features of WPFront :
- Create new roles.
- Edit or rename existing roles.
- Clone existing roles.
- Manage capabilities.
- Allows you to add role capabilities.
- Change default user role.
- Add or Remove capabilities.
- Restore role.
- Assign multiple roles.
- Migrate users.
- Navigation menu permissions are basic.
- Widget permissions are basic.
- Login redirects basic.
The above features are available on Free version. You will get Extra exclusive features in their pro Version.
Although a free version is available to download from the WordPress directory with limited features. But to gain all the exclusive features you can upgrade to its Pro version pricing starting at $29.99 to $149.99.
bbPress is a discussion forum plugin, mainly used to create and moderate Forums on your website. Unlike the default 6 WordPress user roles, bbpress offers some unique user roles.
The first unique user role is “keymaster”. This user role is somewhat similar to the Admin role but with extra capabilities such as initiate the forum, moderating comments and giving replies.
Another unique role does bbPress has is Moderator. It posses the power to comment on forums, remove spam or bad comments, remove forums and giving replies. But they have no control over site settings.
Similarly, the other unique bbPress user roles are Participants, Spectators. Even you can customize your own user roles by adding code into the plugin settings.
Some bbPress key features:
- Customization options
- More user roles other than default WordPress user roles.
- Easy to set up and use
- A simple step-by-step installation walks you through your options.
- Spam Protection
- Multisite Forums
bbPress is completely free available to download from the WordPress Directory.
MemberPress is one of the best and most powerful WordPress user role plugin that comes with excellent pre-built features to create, manage and sell courses quite easily. MemberPress has a lot of user roles and capabilities options to choose from.
Originally designed for Member based selling online courses, hence provide a tons of options for user roles and extends the default WordPress user role list.
Features of MemberPressPlugin
If you are interested in the features of the MemberPress plugin then let’s go ahead.
- When it comes to content protection – or Access Rules as MemberPress calls it – there isn’t much that can’t protect including pages, posts, categories, tags, files, and custom post types.
- Every edition of MemberPress has unlimited membership levels and unlimited members. Also, as members can have access to more than one membership at a time
- Role Editor: This allows you to edit, create, and delete roles as well as capabilities for these roles.
- Multiple User Roles: Give one, two, or even more roles to any user.
- Explicitly Deny Capabilities: Deny specific capabilities to specific user roles.
- Build a new role by cloning an existing role.
- Content Permissions / Restricted Content: Protect content to determine which users (by role) have access to post content.
- Shortcodes: Shortcodes control who has access to content.
- A login form widget and users widget to show in your theme’s sidebars.
- You can make your site and its feed completely private if you want.
- Plugin Integration: Members are highly recommended by other WordPress developers. Many existing plugins integrate their custom roles and capabilities directly into them.
So, this WordPress user role plugin offers you a pocket-full of features.
Pricing of MemberPress Plugin
MemberPress is a premium WordPress user role plugin that does not have any free version. Its premium plans start at $149 to $349 per year.
User switching WordPress user role plugin uses the cookie authentication system in WordPress when remembering the account(s) while switching between user roles in just a single click. This plugin helps you to instantly log in/log out from user accounts. It is so handy if you are doing testing on multiple WordPress user roles and their capabilities.
Once you install and activate the plugin. GO to the user’s menu and see a switch option. With the help of the switch link, you can switch between the user role you want instantly.
You can switch back to your originating account via the Switch back link on each dashboard screen or in your profile menu in the WordPress toolbar.
Note: As a security measure, the User Switching plugin lets only users with the ability to edit other users can switch user accounts. By default, this is only Administrators on single-site installations and Super Admins on Multisite installations.
Features of User Switching
- Switching between User role accounts in a single click.
- Switching back to the initial user account instantly.
- Switch off: Log out of your account but retain the ability to instantly switch back in again.
- Switching between users is secure
- Compatible with WordPress, WordPress Multisite, WooCommerce, BuddyPress, bbPress, and most two-factor authentication plugins.
User Switching is an open-source plugin hence, available absolutely free to download from the WordPress directory.
With the help of these plugins, you can easily define WordPress user roles and make a structured Workflow seamless.
Summarizing the above article, we have concluded that, How WordPress user roles can be a basic model for any well-structured Website management. It helps to control users over their tasks and the area of the field assigned.
However, by default WordPress gives you 6 different options for user roles. But if you want to extend or customize the role, there are plenty of options and flexibility does WordPress has. If you are not good at sophisticated coding it is better to go for WordPress plugins or even you can hire a developer who can make it easy for you.
WordPress brings you a lot of possibilities and features, the only thing you have to explore and learn. If you find anything which we have missed, or like to add something more. Please do write your valuable suggestions in the comment section below.
Some Frequently Asked Questions
What are the user roles in WordPress?
By default, WordPress comes with six different user roles and capabilities.
1. Super Admin (available only for Multisite network)
How do I add a user role in WordPress?
If you are not into coding, it is highly recommended to use a WordPress user role plugin. There are plenty of them that are available Free to download from the WordPress directory.
To add a user role using a WordPress user role plugin, Follow these steps:
1. log in to your WordPress dashboard.
2. Look out for the Users menu on the Left-hand side of the dashboard.
3. Click on the user’s menu and select Add a user.
4. Enter the role title, add its capabilities
5. Click on Add role button and Save
How do I see user roles in WordPress?
To see WordPress user roles and their capabilities, just follow these simple steps:
1. log in to your Website’s Admin page.
2. Look out for the “Users” menu option on the left-hand side of the WordPress dashboard and click on the “All Users” option.
3. you can see how All users can be easily seen on a single page and their roles are mentioned just right of the User’s email.
Following the above simple steps, it will be easy for you to see user roles in WordPress.