How to Set WordPress User Roles and Why

wordpress roles

One of the essential features of WordPress is user roles. They determine user permissions and control user access to the website content. If you have writers or site developers other than yourself, understanding user roles helps maintain website security.

Perhaps you have contributors who write guest posts on your site. Maybe you have regular authors that you trust to publish articles. All of their access is controlled through the use of roles.

In this article, I’ll show you how to configure WordPress roles. I’ll also introduce a plugin that allows you to edit existing roles and create new ones. As a result, you’ll be able to govern who does what on your website precisely.

Understanding WordPress Roles and Permissions

User roles and permissions control who can do what on your website. Every user registration is potentially different. You want to be familiar with user roles so you can allow users sufficient access without making everyone an administrator.

User roles should include only the permissions necessary for the role, nothing more. You don’t want an author, whose only task is writing, to have administrator permissions. It’s unnecessary, confusing for the author, and potentially disruptive or destructive. Someone with too much access can be accidentally harmful; there doesn’t have to be any malicious intent.

Roles provide a way to restrict access to critical site tools. In most cases, only administrators need access to site configuration, plugins, and themes. Authors and other contributors don’t need access to site configuration tools or features. So make sure they don’t have it.

User roles can be changed or modified to grant or remove permissions. I’ll show you how it’s done in a minute.

The Default WordPress User Roles

When you install WordPress, several user roles are created by default.

Default WordPress User Roles

  • Subscriber: Has read access and minimal control of their own profile.
  • Contributor: Has read, delete, and edit permissions for their own posts, but not the ability to publish.
  • Author: Has full control of their own posts without the ability to create new categories.
  • Editor: Has full control of the content areas of the site, such as adding and deleting of posts.
  • Administrator: Has complete control of the WordPress system.

There is also a “Super Admin” role that you’ll see if you use the WordPress Multisite feature. In a single-site WordPress installation, Administrators have the same permissions as the Multisite “Super Admin.”

Installing plugins may create additional user roles. For example, eCommerce plugins might include roles such as “Shop Vendor” or “Shop Manager.”

How to Set WordPress Roles and Permissions

Changing the role of a user is a simple process.

In the left column navigation, mouse over the “Users” link and click the “All Users” link.

click the "All Users" link

The Users page shows a list of everyone registered on your website. To the right of each name, you’ll see their role in the “Role” column.

Mouse over the user you wish to change and click the “Edit” link.

click the "Edit" link

On the “Edit User” page, you’ll see several available options. You can remove the Visual Editor for the user, change the color scheme, etc. But we want to change the role, so go to the “Role” drop-down and choose the new role.

choose the new role
You cannot change your own role.

Scroll to the bottom of the page and click the “Update User” button.

click the "Update User" button

Certain plugins will install other features you may want to consider when setting permissions on your site. For instance, Yoast SEO will include the ability to disable a user from accessing the analysis part of the plugin in a post or page.

How to Create Custom User Roles in WordPress

The strength of WordPress lies in its ability to be customized to suit any site owner’s needs. Whether you want to add custom styles to the editor or fine-tune the website appearance, the possibilities seem endless.

So with that in mind, understand that you don’t have to settle for the default WordPress roles. Using the PublishPress Capabilities plugin gives you the ability to customize user controls.

Installing the PublishPress Capabilities Plugin

Log in to your WordPress admin panel.

In the left column navigation, mouse over the “Plugins” link and click the “Add New” link.

mouse over the "Plugins" link and click the "Add New" link

In the “Search plugins…” box, enter, “PublishPress Capabilities.”

search for the WordPress PublishPress Capabilities plugin

When you find the plugin, click the “Install Now” button.

click to install the WordPress PublishPress Capabilities plugin

Now the plugin is installed, but it has to be activated before you can use it.

Click the “Activate” button.

click to activate the WordPress PublishPress Capabilities plugin

That’s all there is to it. Now let’s put the plugin to work.

Configuring PublishPress Capabilities

In the left column navigation, mouse over the “Capabilities” link and click the “Capabilities” link.

click the "Capabilities" link

The two ways you’ll most likely use the plugin are to change existing roles and to create new roles.

Changing an Existing WordPress User Role

First, choose the role you want to edit from the “Select role to view/edit” drop-down.

choose the role you want to edit

Check the box for permissions you want to add, uncheck the box for permissions you want to remove.

check or uncheck boxes to add or delete permissions

When you have the role configured as you’d like, click the “Save Changes” button.

click the "Save Changes" button

Creating a New WordPress User Role

The coolest feature of the PublishPress Capabilities plugin is the ability to create new WordPress user roles.

You can’t edit permissions on a per-user basis, but by creating a new role just for a specific user, you can essentially do the same thing. Set customer permission for a single user (or group of users).

To create a new user role, go to the “Create New Role” section, and enter a name into the field. Whichever users you add to this role will see the name, so keep that in mind.

Click the “Create” ‘button.

enter role name click create

The new role is created, and you’re brought to the familiar “Role Capabilities” page. Check the box for each permission you want to grant to the new role.

check the box for each permission you want to grant

Click the “Save Changes” button to save the new user role configuration.

click the "Save Changes" button

Now you can edit any users that you want to have the new role (as we did in the “How to Set WordPress Roles and Permissions” section).

Now You Know More About WordPress User Roles

Taking a close look at user roles in WordPress will give you a sense of control, knowing who can do what. And knowing how to tailor those roles to individuals makes your life as a WordPress administrator much more manageable.

As I mentioned, incorrect permissions in the wrong hands can cause damage. The “wrong hands” are those of any user who doesn’t need to have the permission. Make sure only trusted users have administrative permissions.

If you inherited a site with multiple users, you might want to set everyone back to a role with low-level permissions and start over. Granting more advanced roles to the users who need them.

How many users do you have using your website? What tools would you give to those who register an account?

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.